| |
| |||||||
Log-Analyse und Auswertung: Win7 friert manchmal ein, oder hat Bluescreen beim StartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.03.2015, 14:56
| #1 |
 |  Win7 friert manchmal ein, oder hat Bluescreen beim Start Guten Tag liebe Fachleute. Also, wie vom Titel angedeutet friert mein Win7 gelegentlich ein oder bekommt einen Bluescreen beim Startprozess (nach dem Booten). Wie angeraten habe ich nun von FRST, GMER und MalewareByte Scans durchführen lassen und die log-files unten angefügt. Ich würde mich sehr freuen, wenn Ihr mir Rat geben könntet, was mit dem PC los ist. FRST-log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 Ran by Wolf (administrator) on WOLF-PC on 05-03-2015 12:10:32 Running from F:\ Loaded Profiles: Wolf (Available profiles: Wolf) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe () C:\Program Files\Allway Sync\Bin\SyncService.exe () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () C:\Program Files\MiserWare\Granola Personal\granola.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe () C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Kazubon) C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe (Crystal Dew World) D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe (Tracker Software Products Ltd.) C:\Program Files\PDF XView\PDF Viewer\PDFXCview.exe (Nurgo-Software) C:\Program Files\AquaSnap\AquaSnap.Daemon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft) HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft) HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [SkyDrive] => C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = hxxp://www.google.de/search?q={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default FF Homepage: hxxp://www.ighome.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File FF user.js: detected! => C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07] FF Extension: EPUBReader - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-21] FF Extension: WOT - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-07] FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07] FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07] FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07] FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07] FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07] FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07] FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07] FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07] FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07] FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07] FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07] FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-28] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-28] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-28] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-28] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-28] FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector Chrome: ======= CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - No Path Or update_url value CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis) S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis) R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed] R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] () S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.) S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed] R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation) S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed] R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-03-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-03-01] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.) R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.) R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.) R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-15] () [File not signed] S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc) S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH) U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-27] () [File not signed] R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation) U3 ap08fn0l; C:\Windows\system32\Drivers\ap08fn0l.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X] S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X] S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X] S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X] S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 12:10 - 2015-03-05 12:10 - 00000000 ____D () C:\FRST 2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt 2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk 2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar 2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL 2015-03-02 14:52 - 2015-03-03 17:18 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc 2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar 2015-03-02 12:27 - 2015-03-04 16:30 - 00154141 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar 2015-03-01 02:07 - 2015-03-01 02:07 - 00002177 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safe Money.lnk 2015-03-01 02:06 - 2015-03-03 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-02-28 23:56 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-28 23:56 - 2015-03-01 00:52 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-02-28 23:56 - 2015-03-01 00:52 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Windows\ELAMBKUP 2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2015-02-28 23:56 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe 2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat 2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL 2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat 2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log 2015-02-27 12:27 - 2015-02-27 12:27 - 00000020 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar 2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log 2015-02-27 11:51 - 2015-02-27 11:51 - 00137504 _____ () C:\Windows\Minidump\022715-18546-01.dmp 2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log 2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar 2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log 2015-02-26 03:21 - 2015-03-05 11:38 - 00000672 _____ () C:\Windows\setupact.log 2015-02-26 03:21 - 2015-02-26 03:21 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap 2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log 2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL 2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL 2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log 2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log 2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log 2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log 2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log 2015-02-18 16:02 - 2015-02-18 16:02 - 00000972 _____ () C:\Users\Wolf\Desktop\HD Tune Pro.lnk 2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt 2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log 2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log 2015-02-14 10:00 - 2015-02-14 10:00 - 00000197 _____ () C:\Windows\system32\2015-02-14-09-00-15.003-AvastVBoxSVC.exe-2748.log 2015-02-14 02:08 - 2015-02-14 02:09 - 00000197 _____ () C:\Windows\system32\2015-02-14-01-08-50.088-AvastVBoxSVC.exe-3188.log 2015-02-12 10:28 - 2015-02-12 10:29 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-28-25.096-AvastVBoxSVC.exe-2728.log 2015-02-12 03:23 - 2015-02-12 03:26 - 00000247 _____ () C:\Windows\system32\2015-02-12-02-23-09.056-aswFe.exe-1976.log 2015-02-12 03:15 - 2015-02-12 03:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-02-15-22.041-AvastVBoxSVC.exe-3412.log 2015-02-11 13:00 - 2015-02-11 13:00 - 00000197 _____ () C:\Windows\system32\2015-02-11-12-00-41.034-AvastVBoxSVC.exe-3616.log 2015-02-10 16:43 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Termin 3.3. 1830.txt 2015-02-10 11:32 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-32-25.088-aswFe.exe-668.log 2015-02-10 11:29 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-29-08.035-aswFe.exe-1044.log 2015-02-10 11:29 - 2015-02-10 11:29 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-29-03.003-AvastVBoxSVC.exe-3932.log 2015-02-10 11:24 - 2015-02-10 11:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-24-19.008-AvastVBoxSVC.exe-3336.log 2015-02-09 12:34 - 2015-03-02 23:13 - 06387323 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar 2015-02-09 12:34 - 2015-03-02 13:35 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar 2015-02-09 12:33 - 2015-03-04 23:45 - 07235267 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar 2015-02-09 08:37 - 2015-02-09 08:37 - 00000197 _____ () C:\Windows\system32\2015-02-09-07-37-19.030-AvastVBoxSVC.exe-2864.log 2015-02-08 21:27 - 2015-02-08 21:28 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-27-57.025-AvastVBoxSVC.exe-2172.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 12:09 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress 2015-03-05 11:55 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell 2015-03-05 11:45 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-05 11:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-05 09:36 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox 2015-03-05 01:11 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype 2015-03-04 23:45 - 2014-11-08 11:00 - 00001580 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini 2015-03-04 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries 2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla 2015-03-04 02:03 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese 2015-03-04 01:51 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf 2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar 2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner 2015-03-01 02:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public 2015-03-01 00:36 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps 2015-03-01 00:25 - 2014-09-29 09:12 - 00409334 _____ () C:\Windows\PFRO.log 2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-28 21:49 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-02-27 11:51 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump 2015-02-25 09:34 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-21 00:32 - 2014-09-11 23:49 - 00007852 _____ () C:\Windows\WindowsUpdate.log 2015-02-20 23:36 - 2010-10-28 21:46 - 00007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg 2015-02-19 01:22 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram 2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto 2015-02-09 19:53 - 2014-11-08 11:00 - 10514861 _____ () C:\Users\Wolf\Desktop\0 HERAKLIT.RAR 2015-02-09 08:34 - 2014-11-26 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-08 23:07 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe 2015-02-08 23:07 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-08 23:07 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2010-11-06 05:08 - 2011-07-09 16:29 - 6619136 _____ (© onlinetvrecorder.com) C:\Program Files\2009Decoder.exe 2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs 2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf 2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe 2013-09-01 11:34 - 2010-02-26 21:43 - 0293376 _____ (Gopal Adhikari) C:\Program Files\Context Menu Editor.exe 2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu 2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu 2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt 2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP 2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini 2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe 2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt 2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für Remoce Torrent.gms 2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe 2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP 2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe 2013-06-07 23:36 - 2013-06-07 23:35 - 0023092 _____ () C:\Program Files\Kill BoxCrypt und Dropbox.exe 2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe 2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat 2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe 2014-04-18 01:18 - 2014-04-18 01:11 - 0023079 _____ () C:\Program Files\Kill Onedrive, ehe. Skydrive.exe 2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat 2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt 2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt 2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt 2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe 2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe 2010-10-20 13:25 - 2010-10-20 13:25 - 3887480 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp1204.exe 2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg 2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe 2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt 2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL 2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini 2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak 2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk! 2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko 2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini 2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache 2014-11-12 18:09 - 2014-11-12 18:17 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini 2010-10-28 21:46 - 2015-02-20 23:36 - 0007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg 2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db 2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log 2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Wolf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwzngio.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-25 17:47 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net[/B]
Rootkit scan 2015-03-05 13:41:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000524AS rev.JC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wolf\AppData\Local\Temp\kwtdqpob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8AB0E0A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8AB0E020]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8AB0E030]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8AB0E050]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8AB0E000]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8AB0E410]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8AB0E100]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8AB0E040]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8AB0E140]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8AB0E1E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8AB0E170]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8AB0E150]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8AB0E180]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8AB0E080]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8AB0E070]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8AB0E090]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8AB0E0C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8AB0E470]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8AB0E120]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8AB0E1D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8AB0E490]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8AB0E1A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8AB0E060]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8AB0E110]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8AB0E0B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8AB0E010]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8AB0E160]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8AB0E1C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8AB0E1B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8AB0E130]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8AB0E0D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8AB0E0E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8AB0E190]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8AB0E0F0]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830789C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139F 8309F75C 4 Bytes [A0, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8309F784 4 Bytes [20, E0, B0, 8A] {AND AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 8309F7C8 4 Bytes [30, E0, B0, 8A] {XOR AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 145B 8309F818 4 Bytes [50, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309F87C 4 Bytes [00, E0, B0, 8A] {ADD AL, AH; MOV AL, 0x8a}
.text ...
? System32\Drivers\spnp.sys Das System kann den angegebenen Pfad nicht finden. !
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 858941F8
AttachedDevice \FileSystem\Ntfs \Ntfs cbfs4.sys
Device \Driver\volmgr \Device\VolMgrControl 858901F8
Device \Driver\usbuhci \Device\USBPDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8695F1F8
Device \Driver\usbehci \Device\USBPDO-2 86930500
Device \Driver\usbuhci \Device\USBPDO-3 8695F1F8
Device \Driver\PCI_PNP3664 \Device\00000060 spnp.sys
Device \Driver\usbuhci \Device\USBPDO-4 8695F1F8
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
Device \Driver\usbuhci \Device\USBPDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-6 8695F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 858901F8
Device \Driver\usbehci \Device\USBPDO-7 86930500
Device \Driver\volmgr \Device\HarddiskVolume2 858901F8
Device \Driver\atapi \Device\Ide\IdePort0 858921F8
Device \Driver\atapi \Device\Ide\IdePort1 858921F8
Device \Driver\atapi \Device\Ide\IdePort2 858921F8
Device \Driver\atapi \Device\Ide\IdePort3 858921F8
Device \Driver\atapi \Device\Ide\IdePort4 858921F8
Device \Driver\atapi \Device\Ide\IdePort5 858921F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 858921F8
Device \Driver\volmgr \Device\HarddiskVolume3 858901F8
Device \Driver\volmgr \Device\HarddiskVolume4 858901F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 868531F8
Device \Driver\sptd \Device\2050136112 spnp.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device \Driver\usbuhci \Device\USBFDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8695F1F8
Device \Driver\usbehci \Device\USBFDO-2 86930500
Device \Driver\usbuhci \Device\USBFDO-3 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8695F1F8
Device \Driver\usbehci \Device\USBFDO-7 86930500
Device \Driver\ap08fn0l \Device\Scsi\ap08fn0l1 86A5F500
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys halacpi.dll ACPI.sys >>UNKNOWN [0x858921f8]<< 858921f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713518] 86713518
Trace 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x86712478] 86712478
Trace 5 vidsflt.sys[8a59f130] -> nt!IofCallDriver -> [0x86643918] 86643918
Trace 7 ACPI.sys[8a5443d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0x86650030] 86650030
Trace \Driver\atapi[0x8661a030] -> IRP_MJ_CREATE -> 0x858921f8 858921f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 5.03.15 Suchlauf-Zeit: 14:03:37 Logdatei: Malwarebytes log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.05.02 Rootkit Datenbank: v2015.02.25.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Wolf Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309434 Verstrichene Zeit: 9 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Conduit.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ngnjhfpfhadncgafgbneeljaginimmmk, , [2d7c0a18fb8f2313c29badfe59aace32], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Riskware.HideExec, C:\Program Files\Hidden Start\hstart.exe, , [1495839ff1993df9c2c492a49c64619f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
05.03.2015, 15:31
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 friert manchmal ein, oder hat Bluescreen beim Start Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.03.2015, 16:54
| #3 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Ok danke, habe ich unten eingefügt,
__________________1. die log-file von FRST Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Wolf at 2015-03-05 12:11:35
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acronis True Image 2014 (HKLM\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
AquaSnap 1.12.1 (HKLM\...\{60CECC09-6E7B-4392-AA49-A6CBE1E2786C}) (Version: 1.12.1 - hxxp://www.nurgo-software.com?utm_source=AquaSnap&utm_medium=application&utm_campaign=continuous)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)
BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)
Boxcryptor 2.0 (HKLM\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
CrystalDiskInfo 6.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
Desktopsymbole ausblenden 0.1 (HKLM\...\{C2424372-6F72-4364-9DDE-D0D28113F5D1}_is1) (Version: - XProfan.Com)
Digitale Bibliothek (HKLM\...\Digitale Bibliothek) (Version: - )
DirComp (HKLM\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
GhostMouse 2.0 (HKLM\...\GhostMouse 2.0) (Version: - )
Granola (HKLM\...\{9B0E7CB3-A6A8-4E2C-80E3-2188B8B035CB}) (Version: 5.0.1 - MiserWare, Inc.)
HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Regenerator (HKLM\...\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}) (Version: 20.11.0011 - Abstradrome)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
ISO Workshop 5.5 (HKLM\...\ISO Workshop_is1) (Version: - Glorylogic)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Kaspersky Anti-Virus (Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version: - )
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Encarta 99 Enzyklopädie (HKLM\...\Encarta99D) (Version: 99D - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Moo0 RightClicker 1.47 (HKLM\...\Moo0 RightClicker) (Version: - )
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Volumouse (HKLM\...\Volumouse) (Version: - )
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.198.198.0 - Tracker Software Products Ltd)
PhraseExpress v10.5.35 (HKLM\...\PhraseExpress_is1) (Version: 10.5.35 - Bartels Media GmbH)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Right Click Enhancer 4.3.1 (HKLM\...\Right Click Enhancer) (Version: 4.3.1 - RBSoft, Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version: - Punk Software)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StrokeIt (Deutsch) (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt (Deutsch)) (Version: - )
StrokeIt (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 3.0.0 (HKLM\...\System Explorer_is1) (Version: - Mister Group)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-08-08 16:42 - 00000778 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activation.acronis.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2C27D465-CCA1-4A13-A582-89AA57A2399F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {2CCD60D3-8578-4A89-9173-B99978307D7C} - System32\Tasks\AcronisDienst Stop => C:\Windows\system32\net.exe [2009-07-14] (Microsoft Corporation)
Task: {3E209D04-EA76-4D87-9F6D-260E407AA064} - System32\Tasks\Acronis Scheduler Dienst starten => C:\Windows\system32\Net.exe [2009-07-14] (Microsoft Corporation)
Task: {4A25F076-266E-4ACA-A2F8-39D30B66CEC6} - System32\Tasks\OneDrive => C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2014-09-25] (Microsoft Corporation)
Task: {5E177179-7564-4584-AA37-B54FCE1DFFC6} - System32\Tasks\KILL DropBox => C:\Program Files\Kill BoxCrypt und Dropbox.exe [2013-06-07] ()
Task: {97CB342F-49F1-4D7D-AB86-4BA87F83B3D6} - System32\Tasks\Termin => C:\Users\Wolf\Desktop\Termin.txt
Task: {9FF061A7-6D8B-403A-826F-DD6ACB57DCA5} - System32\Tasks\AquaSnap => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [2015-02-23] (Nurgo-Software)
Task: {A8B2D5EA-021D-4688-830A-EDD3C127DFB7} - System32\Tasks\kill boxscrip => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {ACBA7AE2-0C7A-439B-9193-8484E1E11A41} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B675FB0B-C15F-4240-B8CA-2C5103AF92D4} - System32\Tasks\DropBox => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-02-11] (Dropbox, Inc.)
Task: {DA1A7303-ACCB-448D-8A40-0D48C3B9F5F4} - System32\Tasks\BoxCryptor 2-x, NEU => C:\Program Files\NEW Boxcryptor\Boxcryptor.exe [2014-04-08] (Secomba GmbH)
Task: {E4C7F24C-E31F-4E1B-9486-DE81B8D20D99} - System32\Tasks\Kill Boxcrypt NEU => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()
Task: {E7C11865-CF8D-4952-B3C4-BA8575442A83} - System32\Tasks\Kill OneDrive => C:\Program Files\Kill Onedrive, ehe. Skydrive.exe [2014-04-18] ()
Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION
Task: {EEC1AEF6-BF1C-4341-A6DD-A6A15D6FD349} - System32\Tasks\KDE Mover => C:\Program Files\KDE Mover-Sizer for Windows\KDE Mover-Sizer.exe [2009-10-12] ()
Task: {EFD7ABDE-CAD3-4BE8-8DB5-7BAF310AF5FF} - System32\Tasks\Uhr auf Desk => C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE [2004-09-26] ()
Task: {F5122D97-40CD-4954-98C4-179A782DCBED} - System32\Tasks\BoxCryptor => C:\Program Files\BoxCryptor\BoxCryptor.exe [2012-06-07] (Secomba GmbH)
Task: {F59D9840-21B6-4D4A-B607-74E74F77D052} - System32\Tasks\PhrasenProgramm => C:\Program Files\PhraseExpress\phraseexpress.exe [2014-10-23] (Bartels Media GmbH)
Task: {F7EC8DEF-0A23-4B1F-B9F7-BE086564B326} - System32\Tasks\Kill unsecapp.exe => C:\Program Files\Kill unsecapp.bat [2014-07-30] ()
Task: {FC488C27-8609-4CBE-B97E-F4E20B316AFC} - System32\Tasks\Uhr im Tray => C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe [2004-09-07] (Kazubon)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2011-06-25 03:54 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2014-11-16 02:13 - 2014-06-24 12:04 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe
2012-02-21 09:12 - 2012-02-21 09:12 - 00449264 _____ () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
2015-02-23 18:33 - 2015-02-23 18:33 - 00487936 _____ () C:\Program Files\AquaSnap\AquaSnap.Hook.dll
2014-09-25 10:37 - 2014-09-25 10:37 - 00081056 _____ () C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2013-10-01 09:32 - 2013-10-01 09:32 - 02634920 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
1996-12-14 00:00 - 1996-12-14 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll
2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
2012-02-21 09:13 - 2012-02-21 09:13 - 00887016 _____ () C:\Program Files\MiserWare\Granola Personal\granola.exe
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Program Files\MiserWare\Granola Personal\python\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Program Files\MiserWare\Granola Personal\python\lib\_ssl.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Program Files\MiserWare\Granola Personal\python\lib\_hashlib.pyd
2014-12-25 12:00 - 2014-11-28 01:09 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-25 12:00 - 2014-11-28 01:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-25 12:00 - 2014-11-28 01:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-04-20 01:42 - 2015-03-01 00:48 - 00642344 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2010-10-15 22:00 - 2004-09-26 11:59 - 00473600 _____ () C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE
2015-02-27 15:21 - 2015-02-27 15:21 - 00140568 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02628888 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00551192 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00039192 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00037144 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00083736 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00075544 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02155800 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00111384 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00240920 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00086808 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00053016 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00069400 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00591128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00768792 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00128792 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020760 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00137496 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01563928 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00330008 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01261336 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00066840 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00045848 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00236824 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00106264 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 11994904 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00093976 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00088856 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00029464 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00082200 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00027416 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00032024 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00958744 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00134424 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021272 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01300760 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00339224 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00718104 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00028952 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00023320 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00026904 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00043800 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00085784 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00258328 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00301848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01288472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00751896 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00341784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00448792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00033048 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00154904 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01546520 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00353560 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00028952 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00360728 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00119064 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 13153048 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01501976 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:2BE9FEFC
AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A
AlternateDataStreams: C:\ProgramData\TEMP:A5A1816B
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AHDDC2 => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDDHealth => 2
MSCONFIG\Services: HDDlife HDD Access service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SearchAnonymizer => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: UxTuneUp => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Allway Sync => "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Granola => "C:\Program Files\MiserWare\Granola Personal\granola.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2588859782-1139336777-623044890-500 - Administrator - Disabled)
Gast (S-1-5-21-2588859782-1139336777-623044890-501 - Limited - Disabled)
Wolf (S-1-5-21-2588859782-1139336777-623044890-1001 - Administrator - Enabled) => C:\Users\Wolf
==================== Faulty Device Manager Devices =============
Name: MpKsl71523a7c
Description: MpKsl71523a7c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl71523a7c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: MpKslc317aad9
Description: MpKslc317aad9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslc317aad9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: MpKslec0276e2
Description: MpKslec0276e2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslec0276e2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: MpKsl2b051bfa
Description: MpKsl2b051bfa
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl2b051bfa
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2015 10:48:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm soffice.bin, Version 3.2.9476.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9c8
Startzeit: 01d056603ea576f0
Endzeit: 150
Anwendungspfad: D:\DVD\z Portable\OpenOffice Portable\App\openoffice\program\soffice.bin
Berichts-ID: 96221591-c253-11e4-ba90-00218503c947
Error: (03/03/2015 01:06:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/01/2015 09:01:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/01/2015 00:36:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TNODUP-Portable.exe, Version: 1.4.2.3, Zeitstempel: 0x51d1bbd0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c380b
ID des fehlerhaften Prozesses: 0x90
Startzeit der fehlerhaften Anwendung: 0xTNODUP-Portable.exe0
Pfad der fehlerhaften Anwendung: TNODUP-Portable.exe1
Pfad des fehlerhaften Moduls: TNODUP-Portable.exe2
Berichtskennung: TNODUP-Portable.exe3
Error: (03/01/2015 00:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1229.918, Zeitstempel: 0x541bbc82
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932, Zeitstempel: 0x503275ba
Ausnahmecode: 0x80000003
Fehleroffset: 0x000348be
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Error: (02/28/2015 09:47:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/28/2015 06:17:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/25/2015 11:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinRAR.exe, Version 5.10.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 83c
Startzeit: 01d0514b59239cf0
Endzeit: 14
Anwendungspfad: C:\Program Files\WinRAR\WinRAR.exe
Berichts-ID: b5e4d151-bd3e-11e4-8d97-00218503c947
Error: (02/25/2015 11:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinRAR.exe, Version 5.10.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f1c
Startzeit: 01d0514b1500bc80
Endzeit: 56
Anwendungspfad: C:\Program Files\WinRAR\WinRAR.exe
Berichts-ID: 6dcce201-bd3e-11e4-8d97-00218503c947
Error: (02/25/2015 10:25:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (03/05/2015 11:38:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Error: (03/05/2015 11:38:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.03.2015 um 11:37:10 unerwartet heruntergefahren.
Error: (03/05/2015 08:56:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Error: (03/04/2015 06:07:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/04/2015 00:05:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlueStacks Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/04/2015 08:53:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Error: (03/03/2015 09:26:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Error: (03/02/2015 10:56:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Error: (03/01/2015 10:10:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BotkindSyncService erreicht.
Error: (03/01/2015 11:11:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool
cdrom
Microsoft Office Sessions:
=========================
Error: (03/04/2015 10:48:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: soffice.bin3.2.9476.5009c801d056603ea576f0150D:\DVD\z Portable\OpenOffice Portable\App\openoffice\program\soffice.bin96221591-c253-11e4-ba90-00218503c947
Error: (03/03/2015 01:06:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\AquaSnap\AquaSnap.Daemon.x64.exe
Error: (03/01/2015 09:01:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\AquaSnap\AquaSnap.Daemon.x64.exe
Error: (03/01/2015 00:36:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TNODUP-Portable.exe1.4.2.351d1bbd0ntdll.dll6.1.7601.177254ec49b60c0000374000c380b9001d053af3905ebe0F:\Neuer Ordner\TNODUP-Portable.exeC:\Windows\SYSTEM32\ntdll.dlla25d0450-bfa2-11e4-bb62-00218503c947
Error: (03/01/2015 00:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1229.918541bbc82KERNELBASE.dll6.1.7601.17932503275ba80000003000348bea5c01d053add66effe0C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\system32\KERNELBASE.dll7d324e10-bfa1-11e4-bb62-00218503c947
Error: (02/28/2015 09:47:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\AquaSnap\AquaSnap.Daemon.x64.exe
Error: (02/28/2015 06:17:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Hidden Start\hstart64.exe
Error: (02/25/2015 11:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinRAR.exe5.10.0.083c01d0514b59239cf014C:\Program Files\WinRAR\WinRAR.exeb5e4d151-bd3e-11e4-8d97-00218503c947
Error: (02/25/2015 11:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinRAR.exe5.10.0.0f1c01d0514b1500bc8056C:\Program Files\WinRAR\WinRAR.exe6dcce201-bd3e-11e4-8d97-00218503c947
Error: (02/25/2015 10:25:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\AquaSnap\AquaSnap.Daemon.x64.exe
CodeIntegrity Errors:
===================================
Date: 2015-03-03 13:07:04.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 13:07:04.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 13:07:04.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 13:07:04.593
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 13:07:04.593
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 13:07:04.593
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-01 21:02:11.718
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-01 21:02:11.708
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-01 21:02:11.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-01 21:02:11.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2047.3 MB
Available physical RAM: 832.05 MB
Total Pagefile: 5117.3 MB
Available Pagefile: 3637.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.66 MB
==================== Drives ================================
Drive c: (Win7) (Fixed) (Total:29.3 GB) (Free:11.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Arch) (Fixed) (Total:68.36 GB) (Free:55.82 GB) NTFS
Drive e: (Back) (Fixed) (Total:175.78 GB) (Free:35.06 GB) NTFS
Drive f: (Dow) (Fixed) (Total:658.07 GB) (Free:528.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F0E5415B)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=658.1 GB) - (Type=05)
==================== End Of Log ============================
2. log-file von GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-05 13:41:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000524AS rev.JC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wolf\AppData\Local\Temp\kwtdqpob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8AB0E0A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8AB0E020]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8AB0E030]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8AB0E050]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8AB0E000]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8AB0E410]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8AB0E100]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8AB0E040]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8AB0E140]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8AB0E1E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8AB0E170]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8AB0E150]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8AB0E180]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8AB0E080]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8AB0E070]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8AB0E090]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8AB0E0C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8AB0E470]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8AB0E120]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8AB0E1D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8AB0E490]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8AB0E1A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8AB0E060]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8AB0E110]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8AB0E0B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8AB0E010]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8AB0E160]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8AB0E1C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8AB0E1B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8AB0E130]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8AB0E0D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8AB0E0E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8AB0E190]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8AB0E0F0]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830789C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139F 8309F75C 4 Bytes [A0, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8309F784 4 Bytes [20, E0, B0, 8A] {AND AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 8309F7C8 4 Bytes [30, E0, B0, 8A] {XOR AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 145B 8309F818 4 Bytes [50, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309F87C 4 Bytes [00, E0, B0, 8A] {ADD AL, AH; MOV AL, 0x8a}
.text ...
? System32\Drivers\spnp.sys Das System kann den angegebenen Pfad nicht finden. !
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 858941F8
AttachedDevice \FileSystem\Ntfs \Ntfs cbfs4.sys
Device \Driver\volmgr \Device\VolMgrControl 858901F8
Device \Driver\usbuhci \Device\USBPDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8695F1F8
Device \Driver\usbehci \Device\USBPDO-2 86930500
Device \Driver\usbuhci \Device\USBPDO-3 8695F1F8
Device \Driver\PCI_PNP3664 \Device\00000060 spnp.sys
Device \Driver\usbuhci \Device\USBPDO-4 8695F1F8
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
Device \Driver\usbuhci \Device\USBPDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-6 8695F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 858901F8
Device \Driver\usbehci \Device\USBPDO-7 86930500
Device \Driver\volmgr \Device\HarddiskVolume2 858901F8
Device \Driver\atapi \Device\Ide\IdePort0 858921F8
Device \Driver\atapi \Device\Ide\IdePort1 858921F8
Device \Driver\atapi \Device\Ide\IdePort2 858921F8
Device \Driver\atapi \Device\Ide\IdePort3 858921F8
Device \Driver\atapi \Device\Ide\IdePort4 858921F8
Device \Driver\atapi \Device\Ide\IdePort5 858921F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 858921F8
Device \Driver\volmgr \Device\HarddiskVolume3 858901F8
Device \Driver\volmgr \Device\HarddiskVolume4 858901F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 868531F8
Device \Driver\sptd \Device\2050136112 spnp.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device \Driver\usbuhci \Device\USBFDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8695F1F8
Device \Driver\usbehci \Device\USBFDO-2 86930500
Device \Driver\usbuhci \Device\USBFDO-3 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8695F1F8
Device \Driver\usbehci \Device\USBFDO-7 86930500
Device \Driver\ap08fn0l \Device\Scsi\ap08fn0l1 86A5F500
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys halacpi.dll ACPI.sys >>UNKNOWN [0x858921f8]<< 858921f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713518] 86713518
Trace 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x86712478] 86712478
Trace 5 vidsflt.sys[8a59f130] -> nt!IofCallDriver -> [0x86643918] 86643918
Trace 7 ACPI.sys[8a5443d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0x86650030] 86650030
Trace \Driver\atapi[0x8661a030] -> IRP_MJ_CREATE -> 0x858921f8 858921f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
3. logfile von Malewarebyte Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 5.03.15 Suchlauf-Zeit: 14:03:37 Logdatei: Malwarebytes log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.05.02 Rootkit Datenbank: v2015.02.25.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Wolf Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309434 Verstrichene Zeit: 9 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Conduit.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ngnjhfpfhadncgafgbneeljaginimmmk, , [2d7c0a18fb8f2313c29badfe59aace32], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Riskware.HideExec, C:\Program Files\Hidden Start\hstart.exe, , [1495839ff1993df9c2c492a49c64619f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
06.03.2015, 10:13
| #4 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.03.2015, 12:56
| #5 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Hallo Schrauber, vorweg erstmal meinen herzlichen Dank dafür, dass Du Dich meiner annimmst! Hier drunter dann der Inhalt der beiden angeforderten log-files. Beide Tools haben wie's scheint keine Rootkits gefunden. Teil 1 / 2 Code:
ATTFilter 12:08:46.0261 0x059c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:08:58.0621 0x059c ============================================================
12:08:58.0621 0x059c Current date / time: 2015/03/06 12:08:58.0621
12:08:58.0621 0x059c SystemInfo:
12:08:58.0621 0x059c
12:08:58.0621 0x059c OS Version: 6.1.7601 ServicePack: 1.0
12:08:58.0621 0x059c Product type: Workstation
12:08:58.0621 0x059c ComputerName: WOLF-PC
12:08:58.0621 0x059c UserName: Wolf
12:08:58.0621 0x059c Windows directory: C:\Windows
12:08:58.0621 0x059c System windows directory: C:\Windows
12:08:58.0621 0x059c Processor architecture: Intel x86
12:08:58.0621 0x059c Number of processors: 2
12:08:58.0621 0x059c Page size: 0x1000
12:08:58.0621 0x059c Boot type: Normal boot
12:08:58.0621 0x059c ============================================================
12:09:01.0636 0x059c KLMD registered as C:\Windows\system32\drivers\57465265.sys
12:09:01.0839 0x059c System UUID: {F45B0DDB-D644-D327-28F1-632C4A7A139A}
12:09:02.0417 0x059c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:09:02.0433 0x059c ============================================================
12:09:02.0433 0x059c \Device\Harddisk0\DR0:
12:09:02.0433 0x059c MBR partitions:
12:09:02.0433 0x059c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A97800
12:09:02.0433 0x059c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A98000, BlocksNum 0x88B8000
12:09:02.0433 0x059c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x15F90000
12:09:02.0449 0x059c \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x222E0800, BlocksNum 0x52426000
12:09:02.0449 0x059c ============================================================
12:09:02.0496 0x059c C: <-> \Device\Harddisk0\DR0\Partition1
12:09:02.0621 0x059c D: <-> \Device\Harddisk0\DR0\Partition2
12:09:02.0699 0x059c E: <-> \Device\Harddisk0\DR0\Partition3
12:09:02.0746 0x059c F: <-> \Device\Harddisk0\DR0\Partition4
12:09:02.0761 0x059c ============================================================
12:09:02.0761 0x059c Initialize success
12:09:02.0761 0x059c ============================================================
12:11:06.0152 0x0ed8 ============================================================
12:11:06.0152 0x0ed8 Scan started
12:11:06.0152 0x0ed8 Mode: Manual; SigCheck; TDLFS;
12:11:06.0152 0x0ed8 ============================================================
12:11:06.0152 0x0ed8 KSN ping started
12:11:08.0871 0x0ed8 KSN ping finished: true
12:11:10.0542 0x0ed8 ================ Scan system memory ========================
12:11:10.0542 0x0ed8 System memory - ok
12:11:10.0542 0x0ed8 ================ Scan services =============================
12:11:10.0667 0x0ed8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:11:10.0824 0x0ed8 1394ohci - ok
12:11:10.0917 0x0ed8 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:11:10.0933 0x0ed8 ACDaemon - ok
12:11:10.0964 0x0ed8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:11:10.0980 0x0ed8 ACPI - ok
12:11:10.0996 0x0ed8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:11:11.0058 0x0ed8 AcpiPmi - ok
12:11:11.0136 0x0ed8 [ B1118FFFD0DC1A30FB72649F4328A8AB, 5FD6119817ABDE9CC19EA4459D0AD487A370A63E6A4E943A5115BE78CAEFF794 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:11:11.0167 0x0ed8 AcrSch2Svc - ok
12:11:11.0277 0x0ed8 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:11:11.0308 0x0ed8 AdobeFlashPlayerUpdateSvc - ok
12:11:11.0339 0x0ed8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:11:11.0371 0x0ed8 adp94xx - ok
12:11:11.0402 0x0ed8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:11:11.0417 0x0ed8 adpahci - ok
12:11:11.0433 0x0ed8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:11:11.0449 0x0ed8 adpu320 - ok
12:11:11.0480 0x0ed8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:11:11.0683 0x0ed8 AeLookupSvc - ok
12:11:11.0714 0x0ed8 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc C:\Windows\system32\drivers\Afc.sys
12:11:11.0730 0x0ed8 Afc - ok
12:11:11.0761 0x0ed8 [ DF139E5866C19E0B3217EF210198D875, 746BC21FF091C5E666DBFD5BCF93498F52ECA1EAA07FA75990D8B8DBB42043E0 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
12:11:11.0792 0x0ed8 afcdp - ok
12:11:11.0917 0x0ed8 [ 3B1C11CB7006495F799F8A2AB8B2D530, B7B0C4922A1843BBF8104CDC705C4FEA1F1A760C1CC2BD6BC5E4213A0E4ED9FD ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
12:11:12.0074 0x0ed8 afcdpsrv - ok
12:11:12.0105 0x0ed8 [ 9EBBBA55060F786F0FCAA3893BFA2806, 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90 ] AFD C:\Windows\system32\drivers\afd.sys
12:11:12.0152 0x0ed8 AFD - ok
12:11:12.0183 0x0ed8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:11:12.0199 0x0ed8 agp440 - ok
12:11:12.0214 0x0ed8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:11:12.0230 0x0ed8 aic78xx - ok
12:11:12.0261 0x0ed8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
12:11:12.0292 0x0ed8 ALG - ok
12:11:12.0308 0x0ed8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
12:11:12.0324 0x0ed8 aliide - ok
12:11:12.0339 0x0ed8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:11:12.0355 0x0ed8 amdagp - ok
12:11:12.0371 0x0ed8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
12:11:12.0371 0x0ed8 amdide - ok
12:11:12.0402 0x0ed8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:11:12.0417 0x0ed8 AmdK8 - ok
12:11:12.0449 0x0ed8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:11:12.0480 0x0ed8 AmdPPM - ok
12:11:12.0496 0x0ed8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:11:12.0511 0x0ed8 amdsata - ok
12:11:12.0527 0x0ed8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:11:12.0542 0x0ed8 amdsbs - ok
12:11:12.0558 0x0ed8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:11:12.0574 0x0ed8 amdxata - ok
12:11:12.0605 0x0ed8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
12:11:12.0636 0x0ed8 AppID - ok
12:11:12.0652 0x0ed8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:11:12.0683 0x0ed8 AppIDSvc - ok
12:11:12.0699 0x0ed8 [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo C:\Windows\System32\appinfo.dll
12:11:12.0746 0x0ed8 Appinfo - ok
12:11:12.0761 0x0ed8 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:11:12.0808 0x0ed8 AppMgmt - ok
12:11:12.0824 0x0ed8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:11:12.0839 0x0ed8 arc - ok
12:11:12.0855 0x0ed8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:11:12.0871 0x0ed8 arcsas - ok
12:11:12.0933 0x0ed8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:11:12.0949 0x0ed8 aspnet_state - ok
12:11:12.0964 0x0ed8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:11:13.0027 0x0ed8 AsyncMac - ok
12:11:13.0058 0x0ed8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
12:11:13.0074 0x0ed8 atapi - ok
12:11:13.0121 0x0ed8 [ 0E4BB35C5305099AC82053AC992E3E0E, 51621C0E64B4FF576ED57143306F4E4A9D283815975CA6BA41452D2FFC6C313A ] ATITool C:\Windows\system32\DRIVERS\ATITool.sys
12:11:13.0121 0x0ed8 ATITool - detected UnsignedFile.Multi.Generic ( 1 )
12:11:15.0886 0x0ed8 Detect skipped due to KSN trusted
12:11:15.0886 0x0ed8 ATITool - ok
12:11:15.0917 0x0ed8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:11:15.0980 0x0ed8 AudioEndpointBuilder - ok
12:11:15.0996 0x0ed8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:11:16.0027 0x0ed8 Audiosrv - ok
12:11:16.0183 0x0ed8 [ 058734C95991F6BEBF3D3075B8776234, D94A0E5893723C0F30D8215F001039AE9D903BF8EC3782D9583DEFD9B304B0CA ] AVP15.0.0 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
12:11:16.0199 0x0ed8 AVP15.0.0 - ok
12:11:16.0214 0x0ed8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:11:16.0292 0x0ed8 AxInstSV - ok
12:11:16.0324 0x0ed8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:11:16.0386 0x0ed8 b06bdrv - ok
12:11:16.0417 0x0ed8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:11:16.0433 0x0ed8 b57nd60x - ok
12:11:16.0449 0x0ed8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
12:11:16.0511 0x0ed8 BDESVC - ok
12:11:16.0527 0x0ed8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
12:11:16.0558 0x0ed8 Beep - ok
12:11:16.0589 0x0ed8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
12:11:16.0636 0x0ed8 BFE - ok
12:11:16.0683 0x0ed8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
12:11:16.0777 0x0ed8 BITS - ok
12:11:16.0792 0x0ed8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:11:16.0808 0x0ed8 blbdrive - ok
12:11:16.0855 0x0ed8 BotkindSyncService - ok
12:11:16.0871 0x0ed8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:11:16.0917 0x0ed8 bowser - ok
12:11:16.0917 0x0ed8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:11:16.0933 0x0ed8 BrFiltLo - ok
12:11:16.0949 0x0ed8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:11:16.0980 0x0ed8 BrFiltUp - ok
12:11:16.0996 0x0ed8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
12:11:17.0058 0x0ed8 Browser - ok
12:11:17.0074 0x0ed8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:11:17.0136 0x0ed8 Brserid - ok
12:11:17.0152 0x0ed8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:11:17.0167 0x0ed8 BrSerWdm - ok
12:11:17.0183 0x0ed8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:11:17.0199 0x0ed8 BrUsbMdm - ok
12:11:17.0214 0x0ed8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:11:17.0230 0x0ed8 BrUsbSer - ok
12:11:17.0246 0x0ed8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:11:17.0261 0x0ed8 BTHMODEM - ok
12:11:17.0277 0x0ed8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
12:11:17.0308 0x0ed8 bthserv - ok
12:11:17.0339 0x0ed8 [ 67CB8425447166AA88287A9E48213783, CD804BABDA36C3BCB262C99BFAF114D890C2030FD417272258578ADA010E5C0A ] cbfs3 C:\Windows\system32\drivers\cbfs3.sys
12:11:17.0355 0x0ed8 cbfs3 - ok
12:11:17.0402 0x0ed8 [ 57520C8D55C085EC6D6B35892E5FF4B7, 3497837141DE830F0E11DBA2003B445E26A150E1FD510C089D588B36FA6C6F5F ] cbfs4 C:\Windows\system32\drivers\cbfs4.sys
12:11:17.0433 0x0ed8 cbfs4 - ok
12:11:17.0433 0x0ed8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:11:17.0464 0x0ed8 cdfs - ok
12:11:17.0496 0x0ed8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:11:17.0527 0x0ed8 cdrom - ok
12:11:17.0542 0x0ed8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
12:11:17.0574 0x0ed8 CertPropSvc - ok
12:11:17.0589 0x0ed8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:11:17.0605 0x0ed8 circlass - ok
12:11:17.0636 0x0ed8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
12:11:17.0652 0x0ed8 CLFS - ok
12:11:17.0683 0x0ed8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:11:17.0699 0x0ed8 clr_optimization_v2.0.50727_32 - ok
12:11:17.0714 0x0ed8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:17.0761 0x0ed8 clr_optimization_v4.0.30319_32 - ok
12:11:17.0777 0x0ed8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:11:17.0808 0x0ed8 CmBatt - ok
12:11:17.0824 0x0ed8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:11:17.0839 0x0ed8 cmdide - ok
12:11:17.0871 0x0ed8 [ 42F158036BD4C2FF3122BF142E60E6FD, BE7671C6FCE488A625DBA4F4F507664A12A31CF5CA564CC38E4C05FD8A86FB5D ] CNG C:\Windows\system32\Drivers\cng.sys
12:11:17.0902 0x0ed8 CNG - ok
12:11:17.0917 0x0ed8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:11:17.0933 0x0ed8 Compbatt - ok
12:11:17.0964 0x0ed8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:11:17.0996 0x0ed8 CompositeBus - ok
12:11:17.0996 0x0ed8 COMSysApp - ok
12:11:18.0011 0x0ed8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:11:18.0027 0x0ed8 crcdisk - ok
12:11:18.0042 0x0ed8 [ 96C0E38905CFD788313BE8E11DAE3F2F, C6497C68942D8DC542A9C7D003ED14BDFBD74C33CD8240628CEF74E81D122D2B ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:11:18.0089 0x0ed8 CryptSvc - ok
12:11:18.0121 0x0ed8 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
12:11:18.0183 0x0ed8 CSC - ok
12:11:18.0214 0x0ed8 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
12:11:18.0261 0x0ed8 CscService - ok
12:11:18.0292 0x0ed8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
12:11:18.0339 0x0ed8 DcomLaunch - ok
12:11:18.0371 0x0ed8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
12:11:18.0417 0x0ed8 defragsvc - ok
12:11:18.0433 0x0ed8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:11:18.0480 0x0ed8 DfsC - ok
12:11:18.0496 0x0ed8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:11:18.0542 0x0ed8 Dhcp - ok
12:11:18.0558 0x0ed8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
12:11:18.0589 0x0ed8 discache - ok
12:11:18.0621 0x0ed8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:11:18.0636 0x0ed8 Disk - ok
12:11:18.0652 0x0ed8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:11:18.0683 0x0ed8 Dnscache - ok
12:11:18.0714 0x0ed8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
12:11:18.0761 0x0ed8 dot3svc - ok
12:11:18.0761 0x0ed8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
12:11:18.0808 0x0ed8 DPS - ok
12:11:18.0839 0x0ed8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:11:18.0855 0x0ed8 drmkaud - ok
12:11:18.0871 0x0ed8 [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
12:11:18.0886 0x0ed8 DrvAgent32 - detected UnsignedFile.Multi.Generic ( 1 )
12:11:21.0589 0x0ed8 Detect skipped due to KSN trusted
12:11:21.0589 0x0ed8 DrvAgent32 - ok
12:11:21.0636 0x0ed8 [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:11:21.0667 0x0ed8 DXGKrnl - ok
12:11:21.0683 0x0ed8 [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:11:21.0714 0x0ed8 E1G60 - ok
12:11:21.0730 0x0ed8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
12:11:21.0761 0x0ed8 EapHost - ok
12:11:21.0871 0x0ed8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:11:22.0011 0x0ed8 ebdrv - ok
12:11:22.0042 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
12:11:22.0089 0x0ed8 EFS - ok
12:11:22.0105 0x0ed8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:11:22.0136 0x0ed8 elxstor - ok
12:11:22.0152 0x0ed8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:11:22.0167 0x0ed8 ErrDev - ok
12:11:22.0214 0x0ed8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
12:11:22.0246 0x0ed8 EventSystem - ok
12:11:22.0261 0x0ed8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
12:11:22.0308 0x0ed8 exfat - ok
12:11:22.0339 0x0ed8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:11:22.0371 0x0ed8 fastfat - ok
12:11:22.0402 0x0ed8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
12:11:22.0464 0x0ed8 Fax - ok
12:11:22.0480 0x0ed8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:11:22.0511 0x0ed8 fdc - ok
12:11:22.0511 0x0ed8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
12:11:22.0558 0x0ed8 fdPHost - ok
12:11:22.0574 0x0ed8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
12:11:22.0621 0x0ed8 FDResPub - ok
12:11:22.0636 0x0ed8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:11:22.0652 0x0ed8 FileInfo - ok
12:11:22.0667 0x0ed8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:11:22.0699 0x0ed8 Filetrace - ok
12:11:22.0699 0x0ed8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:11:22.0714 0x0ed8 flpydisk - ok
12:11:22.0730 0x0ed8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:11:22.0761 0x0ed8 FltMgr - ok
12:11:22.0777 0x0ed8 [ 25A6A4FE918BE28B75C5CD3F32A46B3C, B9DAC7FD860CA67F5E10709EF6607D0F3CC5D6D05F8065A37E9D996FF7C83B93 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
12:11:22.0792 0x0ed8 fltsrv - ok
12:11:22.0839 0x0ed8 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074, BD0DB5D6B6DB46AD33028304D8A75C4C400637C7827D8BBA5A1534CAA8A45690 ] FontCache C:\Windows\system32\FntCache.dll
12:11:22.0871 0x0ed8 FontCache - ok
12:11:22.0917 0x0ed8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:11:22.0933 0x0ed8 FontCache3.0.0.0 - ok
12:11:22.0933 0x0ed8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:11:22.0949 0x0ed8 FsDepends - ok
12:11:22.0980 0x0ed8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:11:22.0996 0x0ed8 Fs_Rec - ok
12:11:23.0011 0x0ed8 [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:11:23.0027 0x0ed8 fvevol - ok
12:11:23.0042 0x0ed8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:11:23.0058 0x0ed8 gagp30kx - ok
12:11:23.0089 0x0ed8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
12:11:23.0152 0x0ed8 gpsvc - ok
12:11:23.0230 0x0ed8 [ ECDBA857A2BCE33EEA2D14758A4BAAE2, E1688ECB05DFA6F5FBF5A6D56DB141B4DF07BBE2ABEA19C99156B69CF3B81FAC ] Granola PM Manager C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
12:11:23.0261 0x0ed8 Granola PM Manager - ok
12:11:23.0261 0x0ed8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:11:23.0324 0x0ed8 hcw85cir - ok
12:11:23.0355 0x0ed8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:11:23.0386 0x0ed8 HdAudAddService - ok
12:11:23.0417 0x0ed8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:11:23.0449 0x0ed8 HDAudBus - ok
12:11:23.0496 0x0ed8 [ DCE43F051D80820A28307D527BD4E947, 4C67A369537B3CBC899EA8EABBBB493C8240CCDCABB1FE71CF9771642B4A75D9 ] HDDlife HDD Access service C:\Program Files\Common Files\BinarySense\hldasvc.exe
12:11:23.0542 0x0ed8 HDDlife HDD Access service - ok
12:11:23.0558 0x0ed8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:11:23.0589 0x0ed8 HidBatt - ok
12:11:23.0605 0x0ed8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:11:23.0636 0x0ed8 HidBth - ok
12:11:23.0652 0x0ed8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:11:23.0667 0x0ed8 HidIr - ok
12:11:23.0699 0x0ed8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
12:11:23.0730 0x0ed8 hidserv - ok
12:11:23.0746 0x0ed8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:11:23.0761 0x0ed8 HidUsb - ok
12:11:23.0792 0x0ed8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
12:11:23.0839 0x0ed8 hkmsvc - ok
12:11:23.0871 0x0ed8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:11:23.0917 0x0ed8 HomeGroupListener - ok
12:11:23.0933 0x0ed8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:11:23.0964 0x0ed8 HomeGroupProvider - ok
12:11:23.0980 0x0ed8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:11:23.0996 0x0ed8 HpSAMD - ok
12:11:24.0027 0x0ed8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:11:24.0074 0x0ed8 HTTP - ok
12:11:24.0105 0x0ed8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:11:24.0121 0x0ed8 hwpolicy - ok
12:11:24.0121 0x0ed8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:11:24.0152 0x0ed8 i8042prt - ok
12:11:24.0183 0x0ed8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:11:24.0214 0x0ed8 iaStorV - ok
12:11:24.0261 0x0ed8 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:11:24.0292 0x0ed8 idsvc - ok
12:11:24.0324 0x0ed8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:11:24.0339 0x0ed8 iirsp - ok
12:11:24.0371 0x0ed8 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
12:11:24.0417 0x0ed8 IKEEXT - ok
12:11:24.0433 0x0ed8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
12:11:24.0449 0x0ed8 intelide - ok
12:11:24.0464 0x0ed8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:11:24.0480 0x0ed8 intelppm - ok
12:11:24.0511 0x0ed8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:11:24.0542 0x0ed8 IPBusEnum - ok
12:11:24.0558 0x0ed8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:11:24.0605 0x0ed8 IpFilterDriver - ok
12:11:24.0636 0x0ed8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:11:24.0714 0x0ed8 iphlpsvc - ok
12:11:24.0730 0x0ed8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:11:24.0761 0x0ed8 IPMIDRV - ok
12:11:24.0777 0x0ed8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:11:24.0808 0x0ed8 IPNAT - ok
12:11:24.0839 0x0ed8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:11:24.0855 0x0ed8 IRENUM - ok
12:11:24.0871 0x0ed8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:11:24.0886 0x0ed8 isapnp - ok
12:11:24.0902 0x0ed8 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:11:24.0917 0x0ed8 iScsiPrt - ok
12:11:24.0933 0x0ed8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:11:24.0949 0x0ed8 kbdclass - ok
12:11:24.0949 0x0ed8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:11:24.0980 0x0ed8 kbdhid - ok
12:11:24.0996 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
12:11:25.0011 0x0ed8 KeyIso - ok
12:11:25.0058 0x0ed8 [ 6022F174CEB149650DCB5BE445A0E72A, D5BD12A5220311A60BEFBE34D9F324EE845AFBBC2630F97AA27E1C1CF0189978 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
12:11:25.0074 0x0ed8 kl1 - ok
12:11:25.0105 0x0ed8 [ 3EAA179537FF9A3C9071E868C07275FA, 4412D57E2BECA9871B8BE6EC4EB7EACB33761D999BC69D85B8E84959BA6D4795 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
12:11:25.0121 0x0ed8 klflt - ok
12:11:25.0167 0x0ed8 [ C02EC9EEE4E3CFEF82478B9C345F94FE, C86CD0AAE4C9B5AD53FE3CAA60CC957BBBBA8F67A073C1B74A89A93EF2596B85 ] klhk C:\Windows\system32\DRIVERS\klhk.sys
12:11:25.0167 0x0ed8 klhk - ok
12:11:25.0199 0x0ed8 [ 894A09BF826E79C1971ADE0121F2B607, E88E87D75E6EB2DBB48DFD50F6B9191F9279E39DD503EF926DE5497D14B44D20 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:11:25.0246 0x0ed8 KLIF - ok
12:11:25.0261 0x0ed8 [ D1FC14342F8CAD20A0764305AD62483D, FC3010AAD57C7CEB987AE930C1B7A7C1AD9291B98F92F5C9448D56C92270C9F1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:11:25.0261 0x0ed8 KLIM6 - ok
12:11:25.0324 0x0ed8 [ 9C7132A2E609E0BACF2A54AC13C9BDCB, E7E3949C6FA35CC06A1B010DA04462824BC7F3EE6A498F64CB2457C901F999F7 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
12:11:25.0324 0x0ed8 klkbdflt - ok
12:11:25.0355 0x0ed8 [ 035724BA6D5676B76FD3AFB66AB4F1E3, 81B30112B96DD3E7250420EEFF2ACECD424A2BE155E83C44434321CEA7DBE117 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:11:25.0371 0x0ed8 klmouflt - ok
12:11:25.0402 0x0ed8 [ EB0D72D2844C57F5F146D7A15B04FBF9, 3DFEDA024AD5D54EEAF7D4411153CFA8AD95FCF217E09F2B7AFD2D91EE623BF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
12:11:25.0417 0x0ed8 klpd - ok
12:11:25.0433 0x0ed8 [ 3EA7D183499C7C5824AA13DA1A7CDA26, E47B6B1A4050D135CE3CD3EC1076A221E4995798B21B1534A3CDB7E050FB0F65 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
12:11:25.0449 0x0ed8 kltdi - ok
12:11:25.0480 0x0ed8 [ E111A2947A4D26CC4A30D2BF2E7A8D69, DF63FF0AB60C9894EF1302A2155EBAF25177811069A9CEFF1504D10C28A48380 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
12:11:25.0496 0x0ed8 kneps - ok
12:11:25.0511 0x0ed8 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:11:25.0527 0x0ed8 KSecDD - ok
12:11:25.0542 0x0ed8 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35, CD50885B37F66EFEAE82158EC78AE1D0B58D1F6901E16A1B27D061DE266A09EF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:11:25.0558 0x0ed8 KSecPkg - ok
12:11:25.0589 0x0ed8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:11:25.0636 0x0ed8 KtmRm - ok
12:11:25.0667 0x0ed8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:11:25.0714 0x0ed8 LanmanServer - ok
12:11:25.0730 0x0ed8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:11:25.0777 0x0ed8 LanmanWorkstation - ok
12:11:25.0792 0x0ed8 [ 7F9C7B28CF1C859E1C42619EEA946DC8, 098082174C549D67B4B2259702018989A39A8641339EE7CB1E7651F9F508A4B9 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:11:25.0808 0x0ed8 LHidFilt - ok
12:11:25.0824 0x0ed8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:11:25.0871 0x0ed8 lltdio - ok
12:11:25.0902 0x0ed8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:11:25.0949 0x0ed8 lltdsvc - ok
12:11:25.0964 0x0ed8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:11:25.0996 0x0ed8 lmhosts - ok
12:11:25.0996 0x0ed8 [ AB33792A87285344F43B5CE23421BAB0, 79E327764350A6F3F0E25F3295D0C70620EFD5252C0C765446210B67C62568FF ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:11:26.0011 0x0ed8 LMouFilt - ok
12:11:26.0027 0x0ed8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:11:26.0042 0x0ed8 LSI_FC - ok
12:11:26.0042 0x0ed8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:11:26.0058 0x0ed8 LSI_SAS - ok
12:11:26.0074 0x0ed8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:11:26.0089 0x0ed8 LSI_SAS2 - ok
12:11:26.0105 0x0ed8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:11:26.0121 0x0ed8 LSI_SCSI - ok
12:11:26.0136 0x0ed8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
12:11:26.0167 0x0ed8 luafv - ok
12:11:26.0183 0x0ed8 [ 77030525CD86A93F1AF34FA9B96D33CE, 6EF46B127B0BD0C10E9FAB24EE3D53483124C97BD5BDD322C217BB9255715A0E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
12:11:26.0183 0x0ed8 LUsbFilt - ok
12:11:26.0199 0x0ed8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:11:26.0214 0x0ed8 megasas - ok
12:11:26.0230 0x0ed8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:11:26.0261 0x0ed8 MegaSR - ok
12:11:26.0261 0x0ed8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
12:11:26.0292 0x0ed8 MMCSS - ok
12:11:26.0308 0x0ed8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
12:11:26.0355 0x0ed8 Modem - ok
12:11:26.0371 0x0ed8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:11:26.0402 0x0ed8 monitor - ok
12:11:26.0402 0x0ed8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:11:26.0417 0x0ed8 mouclass - ok
12:11:26.0433 0x0ed8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:11:26.0449 0x0ed8 mouhid - ok
12:11:26.0480 0x0ed8 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:11:26.0496 0x0ed8 mountmgr - ok
12:11:26.0527 0x0ed8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
12:11:26.0542 0x0ed8 mpio - ok
12:11:26.0574 0x0ed8 MpKsl2b051bfa - ok
12:11:26.0589 0x0ed8 MpKsl71523a7c - ok
12:11:26.0589 0x0ed8 MpKslc317aad9 - ok
12:11:26.0589 0x0ed8 MpKslec0276e2 - ok
12:11:26.0605 0x0ed8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:11:26.0652 0x0ed8 mpsdrv - ok
12:11:26.0683 0x0ed8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:11:26.0730 0x0ed8 MpsSvc - ok
12:11:26.0761 0x0ed8 [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:11:26.0792 0x0ed8 MRxDAV - ok
12:11:26.0824 0x0ed8 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:11:26.0855 0x0ed8 mrxsmb - ok
12:11:26.0886 0x0ed8 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:11:26.0949 0x0ed8 mrxsmb10 - ok
12:11:26.0964 0x0ed8 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:11:26.0980 0x0ed8 mrxsmb20 - ok
12:11:26.0996 0x0ed8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
12:11:27.0011 0x0ed8 msahci - ok
12:11:27.0027 0x0ed8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:11:27.0042 0x0ed8 msdsm - ok
12:11:27.0074 0x0ed8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
12:11:27.0105 0x0ed8 MSDTC - ok
12:11:27.0121 0x0ed8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:11:27.0136 0x0ed8 Msfs - ok
12:11:27.0152 0x0ed8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:11:27.0183 0x0ed8 mshidkmdf - ok
12:11:27.0183 0x0ed8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:11:27.0199 0x0ed8 msisadrv - ok
12:11:27.0230 0x0ed8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:11:27.0261 0x0ed8 MSiSCSI - ok
12:11:27.0261 0x0ed8 msiserver - ok
12:11:27.0277 0x0ed8 MSI_MSIBIOS_010507 - ok
12:11:27.0277 0x0ed8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:11:27.0324 0x0ed8 MSKSSRV - ok
12:11:27.0339 0x0ed8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:11:27.0371 0x0ed8 MSPCLOCK - ok
12:11:27.0386 0x0ed8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:11:27.0433 0x0ed8 MSPQM - ok
12:11:27.0449 0x0ed8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:11:27.0464 0x0ed8 MsRPC - ok
12:11:27.0480 0x0ed8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:11:27.0496 0x0ed8 mssmbios - ok
Teil 2/ 2 Code:
ATTFilter 12:11:27.0511 0x0ed8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:11:27.0527 0x0ed8 MSTEE - ok
12:11:27.0542 0x0ed8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:11:27.0558 0x0ed8 MTConfig - ok
12:11:27.0574 0x0ed8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
12:11:27.0589 0x0ed8 Mup - ok
12:11:27.0636 0x0ed8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
12:11:27.0683 0x0ed8 napagent - ok
12:11:27.0730 0x0ed8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:11:27.0746 0x0ed8 NativeWifiP - ok
12:11:27.0792 0x0ed8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:11:27.0824 0x0ed8 NDIS - ok
12:11:27.0855 0x0ed8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:11:27.0886 0x0ed8 NdisCap - ok
12:11:27.0886 0x0ed8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:11:27.0933 0x0ed8 NdisTapi - ok
12:11:27.0964 0x0ed8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:11:28.0011 0x0ed8 Ndisuio - ok
12:11:28.0027 0x0ed8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:11:28.0074 0x0ed8 NdisWan - ok
12:11:28.0089 0x0ed8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:11:28.0121 0x0ed8 NDProxy - ok
12:11:28.0136 0x0ed8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:11:28.0183 0x0ed8 NetBIOS - ok
12:11:28.0199 0x0ed8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:11:28.0230 0x0ed8 NetBT - ok
12:11:28.0230 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
12:11:28.0246 0x0ed8 Netlogon - ok
12:11:28.0277 0x0ed8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
12:11:28.0324 0x0ed8 Netman - ok
12:11:28.0386 0x0ed8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:28.0402 0x0ed8 NetMsmqActivator - ok
12:11:28.0417 0x0ed8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:28.0433 0x0ed8 NetPipeActivator - ok
12:11:28.0464 0x0ed8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
12:11:28.0496 0x0ed8 netprofm - ok
12:11:28.0511 0x0ed8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:28.0527 0x0ed8 NetTcpActivator - ok
12:11:28.0527 0x0ed8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:28.0542 0x0ed8 NetTcpPortSharing - ok
12:11:28.0558 0x0ed8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:11:28.0574 0x0ed8 nfrd960 - ok
12:11:28.0605 0x0ed8 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:11:28.0652 0x0ed8 NlaSvc - ok
12:11:28.0667 0x0ed8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:11:28.0699 0x0ed8 Npfs - ok
12:11:28.0699 0x0ed8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
12:11:28.0730 0x0ed8 nsi - ok
12:11:28.0746 0x0ed8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:11:28.0792 0x0ed8 nsiproxy - ok
12:11:28.0839 0x0ed8 [ 0D87503986BB3DFED58E343FE39DDE13, D7AECC693F418904C663C948854E0AB9B379D152EEC1FC565E095CCB6A4B6692 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:11:28.0902 0x0ed8 Ntfs - ok
12:11:28.0902 0x0ed8 NTIOLib_1_0_4 - ok
12:11:28.0917 0x0ed8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
12:11:28.0949 0x0ed8 Null - ok
12:11:29.0261 0x0ed8 [ B0881DDA5A8160422561FFAB7F0008B1, 0D89792394CF44119CCBE9B1E8C0F5563ED41141C17C6B2D32B1D1C458BAC359 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:11:29.0667 0x0ed8 nvlddmkm - ok
12:11:29.0699 0x0ed8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:11:29.0714 0x0ed8 nvraid - ok
12:11:29.0730 0x0ed8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:11:29.0746 0x0ed8 nvstor - ok
12:11:29.0777 0x0ed8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:11:29.0792 0x0ed8 nv_agp - ok
12:11:29.0792 0x0ed8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:11:29.0824 0x0ed8 ohci1394 - ok
12:11:29.0855 0x0ed8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:11:29.0917 0x0ed8 p2pimsvc - ok
12:11:29.0949 0x0ed8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
12:11:29.0980 0x0ed8 p2psvc - ok
12:11:29.0996 0x0ed8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:11:30.0027 0x0ed8 Parport - ok
12:11:30.0058 0x0ed8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:11:30.0074 0x0ed8 partmgr - ok
12:11:30.0074 0x0ed8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:11:30.0105 0x0ed8 Parvdm - ok
12:11:30.0121 0x0ed8 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:11:30.0152 0x0ed8 PcaSvc - ok
12:11:30.0167 0x0ed8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
12:11:30.0183 0x0ed8 pci - ok
12:11:30.0183 0x0ed8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
12:11:30.0199 0x0ed8 pciide - ok
12:11:30.0230 0x0ed8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:11:30.0246 0x0ed8 pcmcia - ok
12:11:30.0261 0x0ed8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
12:11:30.0277 0x0ed8 pcw - ok
12:11:30.0308 0x0ed8 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:11:30.0355 0x0ed8 PEAUTH - ok
12:11:30.0386 0x0ed8 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:11:30.0464 0x0ed8 PeerDistSvc - ok
12:11:30.0527 0x0ed8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
12:11:30.0621 0x0ed8 pla - ok
12:11:30.0652 0x0ed8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:11:30.0714 0x0ed8 PlugPlay - ok
12:11:30.0746 0x0ed8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:11:30.0761 0x0ed8 PNRPAutoReg - ok
12:11:30.0777 0x0ed8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:11:30.0808 0x0ed8 PNRPsvc - ok
12:11:30.0824 0x0ed8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:11:30.0871 0x0ed8 PolicyAgent - ok
12:11:30.0902 0x0ed8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
12:11:30.0933 0x0ed8 Power - ok
12:11:30.0949 0x0ed8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:11:30.0980 0x0ed8 PptpMiniport - ok
12:11:30.0996 0x0ed8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:11:31.0027 0x0ed8 Processor - ok
12:11:31.0042 0x0ed8 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:11:31.0105 0x0ed8 ProfSvc - ok
12:11:31.0121 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
12:11:31.0136 0x0ed8 ProtectedStorage - ok
12:11:31.0152 0x0ed8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:11:31.0183 0x0ed8 Psched - ok
12:11:31.0230 0x0ed8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:11:31.0292 0x0ed8 ql2300 - ok
12:11:31.0308 0x0ed8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:11:31.0324 0x0ed8 ql40xx - ok
12:11:31.0355 0x0ed8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
12:11:31.0402 0x0ed8 QWAVE - ok
12:11:31.0417 0x0ed8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:11:31.0433 0x0ed8 QWAVEdrv - ok
12:11:31.0464 0x0ed8 [ 8F97D374AD1857E1EED85A79F29A1D3D, 4B2D1DBB60C0890E3CB497F534D8DE74952AF8774579B62B0F4ED14912CA583C ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:11:31.0480 0x0ed8 RapiMgr - ok
12:11:31.0480 0x0ed8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:11:31.0527 0x0ed8 RasAcd - ok
12:11:31.0558 0x0ed8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:11:31.0605 0x0ed8 RasAgileVpn - ok
12:11:31.0621 0x0ed8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
12:11:31.0652 0x0ed8 RasAuto - ok
12:11:31.0667 0x0ed8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:11:31.0714 0x0ed8 Rasl2tp - ok
12:11:31.0746 0x0ed8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
12:11:31.0792 0x0ed8 RasMan - ok
12:11:31.0808 0x0ed8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:11:31.0855 0x0ed8 RasPppoe - ok
12:11:31.0855 0x0ed8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:11:31.0886 0x0ed8 RasSstp - ok
12:11:31.0902 0x0ed8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:11:31.0949 0x0ed8 rdbss - ok
12:11:31.0949 0x0ed8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:11:31.0980 0x0ed8 rdpbus - ok
12:11:31.0996 0x0ed8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:11:32.0027 0x0ed8 RDPCDD - ok
12:11:32.0042 0x0ed8 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:11:32.0089 0x0ed8 RDPDR - ok
12:11:32.0105 0x0ed8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:11:32.0136 0x0ed8 RDPENCDD - ok
12:11:32.0136 0x0ed8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:11:32.0167 0x0ed8 RDPREFMP - ok
12:11:32.0199 0x0ed8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:11:32.0246 0x0ed8 RdpVideoMiniport - ok
12:11:32.0261 0x0ed8 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:11:32.0292 0x0ed8 RDPWD - ok
12:11:32.0308 0x0ed8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:11:32.0339 0x0ed8 rdyboost - ok
12:11:32.0371 0x0ed8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:11:32.0402 0x0ed8 RemoteAccess - ok
12:11:32.0433 0x0ed8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:11:32.0480 0x0ed8 RemoteRegistry - ok
12:11:32.0496 0x0ed8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:11:32.0589 0x0ed8 RpcEptMapper - ok
12:11:32.0667 0x0ed8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
12:11:32.0683 0x0ed8 RpcLocator - ok
12:11:32.0714 0x0ed8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
12:11:32.0761 0x0ed8 RpcSs - ok
12:11:32.0777 0x0ed8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:11:32.0824 0x0ed8 rspndr - ok
12:11:32.0871 0x0ed8 [ 87FBE0AA5B7DFD003D4BC6B625A2B180, 353B2BB9D6DFFF1A75616DEE7FDAD5301448646D9EEFC9CF196D1433AC3BE52F ] RTL2832UBDA C:\Windows\system32\drivers\RTL2832UBDA.sys
12:11:32.0886 0x0ed8 RTL2832UBDA - ok
12:11:32.0902 0x0ed8 [ 1E4462CEA673A4F58A2ADABB19344B93, F36D7EA8E28124666E26196E0D06E36C90E16B8EDF755B90861D299712163216 ] RTL2832UUSB C:\Windows\system32\Drivers\RTL2832UUSB.sys
12:11:32.0902 0x0ed8 RTL2832UUSB - ok
12:11:32.0917 0x0ed8 [ 636F046EFD77B22F7C95716895D172E2, B02981226E4549B30C28C3971EC795D1112E86F07B04DE44771C7827127C12B8 ] RTL2832U_IRHID C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
12:11:32.0949 0x0ed8 RTL2832U_IRHID - ok
12:11:32.0980 0x0ed8 [ BCB84B430A92AE31940870DF304AE659, 19851270FCB35F958ACE00FA835B44BF31BFE52E0AF8EACC161B217756B6B769 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:11:33.0011 0x0ed8 RTL8167 - ok
12:11:33.0027 0x0ed8 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:11:33.0074 0x0ed8 s3cap - ok
12:11:33.0074 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
12:11:33.0089 0x0ed8 SamSs - ok
12:11:33.0152 0x0ed8 SANDRA - ok
12:11:33.0167 0x0ed8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:11:33.0183 0x0ed8 sbp2port - ok
12:11:33.0199 0x0ed8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:11:33.0246 0x0ed8 SCardSvr - ok
12:11:33.0277 0x0ed8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:11:33.0308 0x0ed8 scfilter - ok
12:11:33.0355 0x0ed8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
12:11:33.0417 0x0ed8 Schedule - ok
12:11:33.0433 0x0ed8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:11:33.0464 0x0ed8 SCPolicySvc - ok
12:11:33.0496 0x0ed8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:11:33.0542 0x0ed8 SDRSVC - ok
12:11:33.0574 0x0ed8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:11:33.0605 0x0ed8 secdrv - ok
12:11:33.0605 0x0ed8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
12:11:33.0652 0x0ed8 seclogon - ok
12:11:33.0667 0x0ed8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
12:11:33.0699 0x0ed8 SENS - ok
12:11:33.0714 0x0ed8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:11:33.0746 0x0ed8 SensrSvc - ok
12:11:33.0761 0x0ed8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:11:33.0777 0x0ed8 Serenum - ok
12:11:33.0777 0x0ed8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:11:33.0824 0x0ed8 Serial - ok
12:11:33.0855 0x0ed8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:11:33.0871 0x0ed8 sermouse - ok
12:11:33.0886 0x0ed8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
12:11:33.0933 0x0ed8 SessionEnv - ok
12:11:33.0964 0x0ed8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:11:33.0996 0x0ed8 sffdisk - ok
12:11:34.0011 0x0ed8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:11:34.0027 0x0ed8 sffp_mmc - ok
12:11:34.0027 0x0ed8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:11:34.0042 0x0ed8 sffp_sd - ok
12:11:34.0058 0x0ed8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:11:34.0089 0x0ed8 sfloppy - ok
12:11:34.0121 0x0ed8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:11:34.0167 0x0ed8 SharedAccess - ok
12:11:34.0183 0x0ed8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:11:34.0230 0x0ed8 ShellHWDetection - ok
12:11:34.0261 0x0ed8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:11:34.0277 0x0ed8 sisagp - ok
12:11:34.0292 0x0ed8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:11:34.0292 0x0ed8 SiSRaid2 - ok
12:11:34.0324 0x0ed8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:11:34.0339 0x0ed8 SiSRaid4 - ok
12:11:34.0402 0x0ed8 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:11:34.0433 0x0ed8 SkypeUpdate - ok
12:11:34.0433 0x0ed8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:11:34.0464 0x0ed8 Smb - ok
12:11:34.0511 0x0ed8 [ AF0C80CBC0A2C29462F84FBF74BE59BD, 22741C103F8E85F1A4D3F17008048D22413E71941EFC78174DEC8445CA0A5F63 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
12:11:34.0527 0x0ed8 snapman - ok
12:11:34.0542 0x0ed8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:11:34.0574 0x0ed8 SNMPTRAP - ok
12:11:34.0589 0x0ed8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
12:11:34.0605 0x0ed8 spldr - ok
12:11:34.0636 0x0ed8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
12:11:34.0683 0x0ed8 Spooler - ok
12:11:34.0808 0x0ed8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
12:11:34.0964 0x0ed8 sppsvc - ok
12:11:35.0011 0x0ed8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:11:35.0042 0x0ed8 sppuinotify - ok
12:11:35.0089 0x0ed8 [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\Windows\System32\Drivers\sptd.sys
12:11:35.0121 0x0ed8 sptd - ok
12:11:35.0167 0x0ed8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:11:35.0214 0x0ed8 srv - ok
12:11:35.0230 0x0ed8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:11:35.0261 0x0ed8 srv2 - ok
12:11:35.0277 0x0ed8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:11:35.0308 0x0ed8 srvnet - ok
12:11:35.0324 0x0ed8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:11:35.0355 0x0ed8 SSDPSRV - ok
12:11:35.0371 0x0ed8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:11:35.0417 0x0ed8 SstpSvc - ok
12:11:35.0433 0x0ed8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:11:35.0449 0x0ed8 stexstor - ok
12:11:35.0480 0x0ed8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
12:11:35.0511 0x0ed8 StiSvc - ok
12:11:35.0542 0x0ed8 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:11:35.0558 0x0ed8 storflt - ok
12:11:35.0574 0x0ed8 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:11:35.0589 0x0ed8 storvsc - ok
12:11:35.0605 0x0ed8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
12:11:35.0605 0x0ed8 swenum - ok
12:11:35.0652 0x0ed8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
12:11:35.0699 0x0ed8 swprv - ok
12:11:35.0964 0x0ed8 [ 0FE29D81F372CA2DCE9E49736A3BD3E6, 10ED93BEE7ECBD2AF5E7AB0197CC82A5424FD63A2ED90F0417B266AD06E5F32C ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
12:11:36.0230 0x0ed8 syncagentsrv - ok
12:11:36.0261 0x0ed8 Synth3dVsc - ok
12:11:36.0308 0x0ed8 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
12:11:36.0386 0x0ed8 SysMain - ok
12:11:36.0402 0x0ed8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:11:36.0417 0x0ed8 TabletInputService - ok
12:11:36.0433 0x0ed8 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719, AEB6D9616BC7083BEF1D199CC7E0307DDF9A63541E60380697749F7B6497E847 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
12:11:36.0449 0x0ed8 taphss - ok
12:11:36.0480 0x0ed8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
12:11:36.0511 0x0ed8 TapiSrv - ok
12:11:36.0527 0x0ed8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
12:11:36.0574 0x0ed8 TBS - ok
12:11:36.0652 0x0ed8 [ E23A56F843E2AEBBB209D0ACCA73C640, 41675C69EBB5A975EA6AFCD07D4BF1EB261FEF47EF2FA20AB4FE929165F7C611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:11:36.0714 0x0ed8 Tcpip - ok
12:11:36.0761 0x0ed8 [ E23A56F843E2AEBBB209D0ACCA73C640, 41675C69EBB5A975EA6AFCD07D4BF1EB261FEF47EF2FA20AB4FE929165F7C611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:11:36.0808 0x0ed8 TCPIP6 - ok
12:11:36.0824 0x0ed8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:11:36.0855 0x0ed8 tcpipreg - ok
12:11:36.0871 0x0ed8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:11:36.0917 0x0ed8 TDPIPE - ok
12:11:36.0964 0x0ed8 [ D6755D59F40B082AD04109F34C909E04, 4D0236133C3227D79161549082EE3C5DB763285A4E8B47F1EFB2A9A94547DE6E ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
12:11:37.0011 0x0ed8 tdrpman - ok
12:11:37.0042 0x0ed8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:11:37.0058 0x0ed8 TDTCP - ok
12:11:37.0074 0x0ed8 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:11:37.0105 0x0ed8 tdx - ok
12:11:37.0105 0x0ed8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:11:37.0121 0x0ed8 TermDD - ok
12:11:37.0152 0x0ed8 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
12:11:37.0214 0x0ed8 TermService - ok
12:11:37.0230 0x0ed8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
12:11:37.0261 0x0ed8 Themes - ok
12:11:37.0277 0x0ed8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
12:11:37.0308 0x0ed8 THREADORDER - ok
12:11:37.0371 0x0ed8 [ D8101E21C746F8234B3DB6AACC3A55BB, 24D1EAF7B7625A41FE4B0CF667D2A1CD3DA84A4E8EE1CAC36276D48703416E9D ] tib C:\Windows\system32\DRIVERS\tib.sys
12:11:37.0402 0x0ed8 tib - ok
12:11:37.0417 0x0ed8 [ 02CF2A181BC2DEF83166CFF678575185, 3FEFF0C32E9890E0B69EBDA4CEECC64D7C7D4AF05EE9CBD18837E6C37955299C ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
12:11:37.0433 0x0ed8 tib_mounter - ok
12:11:37.0449 0x0ed8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
12:11:37.0511 0x0ed8 TrkWks - ok
12:11:37.0558 0x0ed8 [ 91B6DFBA0FD7D0F4836FB711D1B5D81C, 5EC7D7FC05306927B025DE557F104A511470FAFC6359783C27246530966A100A ] TrueSight C:\Windows\system32\TrueSight.sys
12:11:37.0574 0x0ed8 TrueSight - detected UnsignedFile.Multi.Generic ( 1 )
12:11:40.0324 0x0ed8 Detect skipped due to KSN trusted
12:11:40.0324 0x0ed8 TrueSight - ok
12:11:40.0371 0x0ed8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:11:40.0417 0x0ed8 TrustedInstaller - ok
12:11:40.0433 0x0ed8 [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:11:40.0464 0x0ed8 tssecsrv - ok
12:11:40.0480 0x0ed8 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:11:40.0511 0x0ed8 TsUsbFlt - ok
12:11:40.0527 0x0ed8 tsusbhub - ok
12:11:40.0558 0x0ed8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:11:40.0605 0x0ed8 tunnel - ok
12:11:40.0621 0x0ed8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:11:40.0652 0x0ed8 uagp35 - ok
12:11:40.0667 0x0ed8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:11:40.0714 0x0ed8 udfs - ok
12:11:40.0730 0x0ed8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:11:40.0746 0x0ed8 UI0Detect - ok
12:11:40.0761 0x0ed8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:11:40.0777 0x0ed8 uliagpkx - ok
12:11:40.0808 0x0ed8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:11:40.0824 0x0ed8 umbus - ok
12:11:40.0824 0x0ed8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:11:40.0839 0x0ed8 UmPass - ok
12:11:40.0871 0x0ed8 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
12:11:40.0886 0x0ed8 UmRdpService - ok
12:11:40.0933 0x0ed8 [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:11:40.0933 0x0ed8 UnlockerDriver5 - detected UnsignedFile.Multi.Generic ( 1 )
12:11:43.0855 0x0ed8 Detect skipped due to KSN trusted
12:11:43.0855 0x0ed8 UnlockerDriver5 - ok
12:11:43.0871 0x0ed8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
12:11:43.0917 0x0ed8 upnphost - ok
12:11:43.0933 0x0ed8 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:11:43.0980 0x0ed8 usbccgp - ok
12:11:43.0996 0x0ed8 [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:11:44.0027 0x0ed8 usbcir - ok
12:11:44.0058 0x0ed8 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:11:44.0074 0x0ed8 usbehci - ok
12:11:44.0105 0x0ed8 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:11:44.0136 0x0ed8 usbhub - ok
12:11:44.0152 0x0ed8 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:11:44.0183 0x0ed8 usbohci - ok
12:11:44.0199 0x0ed8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:11:44.0214 0x0ed8 usbprint - ok
12:11:44.0246 0x0ed8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:11:44.0277 0x0ed8 USBSTOR - ok
12:11:44.0308 0x0ed8 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:11:44.0324 0x0ed8 usbuhci - ok
12:11:44.0355 0x0ed8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
12:11:44.0386 0x0ed8 UxSms - ok
12:11:44.0417 0x0ed8 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
12:11:44.0433 0x0ed8 VaultSvc - ok
12:11:44.0449 0x0ed8 [ 2424BFFEDD3CF282802891D286582BAB, EDABAB692352128787272F0411B8286E8904A797A220E39442A21ABD58533B2F ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:11:44.0480 0x0ed8 VBoxNetAdp - ok
12:11:44.0511 0x0ed8 VBoxNetFlt - ok
12:11:44.0527 0x0ed8 [ D11E6BA88BCCB871ADE6E06136BDD8AA, 563083ED7A9C54EB0300B98FB46A4E14DC4D33BB21AA1308D8147E4D7F1F7659 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
12:11:44.0542 0x0ed8 VBoxUSB - ok
12:11:44.0558 0x0ed8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:11:44.0574 0x0ed8 vdrvroot - ok
12:11:44.0605 0x0ed8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
12:11:44.0652 0x0ed8 vds - ok
12:11:44.0667 0x0ed8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:11:44.0699 0x0ed8 vga - ok
12:11:44.0714 0x0ed8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:11:44.0761 0x0ed8 VgaSave - ok
12:11:44.0761 0x0ed8 VGPU - ok
12:11:44.0777 0x0ed8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:11:44.0808 0x0ed8 vhdmp - ok
12:11:44.0808 0x0ed8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:11:44.0824 0x0ed8 viaagp - ok
12:11:44.0839 0x0ed8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:11:44.0871 0x0ed8 ViaC7 - ok
12:11:44.0886 0x0ed8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
12:11:44.0902 0x0ed8 viaide - ok
12:11:44.0949 0x0ed8 [ 32CE9263994A4C714FBA8AA5408741CD, BD99A51116A4A356EC8D1B95617E21DAD7EB1E0F76E639B0336EA61A215DCA88 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
12:11:44.0964 0x0ed8 vididr - ok
12:11:45.0027 0x0ed8 [ 1DD53BB11BDAB317E065FFE429831751, F384B7BEDA1EC4E4C801A41A1C9279F352F1BFEE2EA1AD1C3EE42F213B5970B3 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
12:11:45.0042 0x0ed8 vidsflt - ok
12:11:45.0058 0x0ed8 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:11:45.0074 0x0ed8 vmbus - ok
12:11:45.0089 0x0ed8 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:11:45.0105 0x0ed8 VMBusHID - ok
12:11:45.0121 0x0ed8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:11:45.0136 0x0ed8 volmgr - ok
12:11:45.0152 0x0ed8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:11:45.0167 0x0ed8 volmgrx - ok
12:11:45.0199 0x0ed8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:11:45.0214 0x0ed8 volsnap - ok
12:11:45.0246 0x0ed8 [ 5DC2749B64670EB850BF283FA43479E2, 9178DF892AB6978CC4520C2C299EE98F65624E09B1F338E9BACAAA1BF008469B ] vpnpbus C:\Windows\system32\DRIVERS\vpnpbus.sys
12:11:45.0261 0x0ed8 vpnpbus - ok
12:11:45.0261 0x0ed8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:11:45.0292 0x0ed8 vsmraid - ok
12:11:45.0339 0x0ed8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
12:11:45.0402 0x0ed8 VSS - ok
12:11:45.0417 0x0ed8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:11:45.0433 0x0ed8 vwifibus - ok
12:11:45.0480 0x0ed8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
12:11:45.0527 0x0ed8 W32Time - ok
12:11:45.0542 0x0ed8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:11:45.0574 0x0ed8 WacomPen - ok
12:11:45.0589 0x0ed8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:11:45.0621 0x0ed8 WANARP - ok
12:11:45.0636 0x0ed8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:11:45.0667 0x0ed8 Wanarpv6 - ok
12:11:45.0699 0x0ed8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
12:11:45.0824 0x0ed8 wbengine - ok
12:11:45.0839 0x0ed8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:11:45.0886 0x0ed8 WbioSrvc - ok
12:11:45.0917 0x0ed8 [ 59E19BD13C3BDB857646B9E436BA27F7, CC84C607E15F5F29D93510387D5486BAF320BDAF79026A0BECE0D242F7B1DF3E ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:11:45.0933 0x0ed8 WcesComm - ok
12:11:45.0964 0x0ed8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:11:46.0011 0x0ed8 wcncsvc - ok
12:11:46.0027 0x0ed8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:11:46.0074 0x0ed8 WcsPlugInService - ok
12:11:46.0089 0x0ed8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:11:46.0105 0x0ed8 Wd - ok
12:11:46.0121 0x0ed8 [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:11:46.0152 0x0ed8 Wdf01000 - ok
12:11:46.0167 0x0ed8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:11:46.0214 0x0ed8 WdiServiceHost - ok
12:11:46.0230 0x0ed8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:11:46.0246 0x0ed8 WdiSystemHost - ok
12:11:46.0261 0x0ed8 [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient C:\Windows\System32\webclnt.dll
12:11:46.0308 0x0ed8 WebClient - ok
12:11:46.0324 0x0ed8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:11:46.0371 0x0ed8 Wecsvc - ok
12:11:46.0386 0x0ed8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:11:46.0417 0x0ed8 wercplsupport - ok
12:11:46.0433 0x0ed8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
12:11:46.0480 0x0ed8 WerSvc - ok
12:11:46.0496 0x0ed8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:11:46.0527 0x0ed8 WfpLwf - ok
12:11:46.0542 0x0ed8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:11:46.0558 0x0ed8 WIMMount - ok
12:11:46.0621 0x0ed8 [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:11:46.0667 0x0ed8 WinDefend - ok
12:11:46.0683 0x0ed8 WinHttpAutoProxySvc - ok
12:11:46.0730 0x0ed8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:11:46.0761 0x0ed8 Winmgmt - ok
12:11:46.0808 0x0ed8 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
12:11:46.0902 0x0ed8 WinRM - ok
12:11:46.0933 0x0ed8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
12:11:46.0949 0x0ed8 WINUSB - ok
12:11:46.0996 0x0ed8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:11:47.0042 0x0ed8 Wlansvc - ok
12:11:47.0058 0x0ed8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:11:47.0074 0x0ed8 WmiAcpi - ok
12:11:47.0089 0x0ed8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:11:47.0121 0x0ed8 wmiApSrv - ok
12:11:47.0183 0x0ed8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:11:47.0292 0x0ed8 WMPNetworkSvc - ok
12:11:47.0308 0x0ed8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:11:47.0339 0x0ed8 WPCSvc - ok
12:11:47.0355 0x0ed8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:11:47.0417 0x0ed8 WPDBusEnum - ok
12:11:47.0433 0x0ed8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:11:47.0464 0x0ed8 ws2ifsl - ok
12:11:47.0480 0x0ed8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
12:11:47.0527 0x0ed8 wscsvc - ok
12:11:47.0527 0x0ed8 WSearch - ok
12:11:47.0605 0x0ed8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
12:11:47.0699 0x0ed8 wuauserv - ok
12:11:47.0714 0x0ed8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:11:47.0746 0x0ed8 WudfPf - ok
12:11:47.0761 0x0ed8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:11:47.0777 0x0ed8 WUDFRd - ok
12:11:47.0792 0x0ed8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:11:47.0824 0x0ed8 wudfsvc - ok
12:11:47.0839 0x0ed8 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:11:47.0886 0x0ed8 WwanSvc - ok
12:11:47.0902 0x0ed8 ================ Scan global ===============================
12:11:47.0949 0x0ed8 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:11:47.0964 0x0ed8 [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
12:11:47.0980 0x0ed8 [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
12:11:48.0011 0x0ed8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:11:48.0027 0x0ed8 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:11:48.0042 0x0ed8 [ Global ] - ok
12:11:48.0042 0x0ed8 ================ Scan MBR ==================================
12:11:48.0042 0x0ed8 [ DFCE044E32F5A7D6C4B6385C23FB455A ] \Device\Harddisk0\DR0
12:11:48.0527 0x0ed8 \Device\Harddisk0\DR0 - ok
12:11:48.0527 0x0ed8 ================ Scan VBR ==================================
12:11:48.0527 0x0ed8 [ 8E9F86E28083DA70CCDD8555ED1292A8 ] \Device\Harddisk0\DR0\Partition1
12:11:48.0574 0x0ed8 \Device\Harddisk0\DR0\Partition1 - ok
12:11:48.0574 0x0ed8 [ 38729F99B233113D54705ACB3444BDE6 ] \Device\Harddisk0\DR0\Partition2
12:11:48.0621 0x0ed8 \Device\Harddisk0\DR0\Partition2 - ok
12:11:48.0621 0x0ed8 [ 425E2A964C3EE70D3C9B7B30712BF14B ] \Device\Harddisk0\DR0\Partition3
12:11:48.0683 0x0ed8 \Device\Harddisk0\DR0\Partition3 - ok
12:11:48.0714 0x0ed8 [ E2EF4788026AB52E35351F74B245A715 ] \Device\Harddisk0\DR0\Partition4
12:11:48.0730 0x0ed8 \Device\Harddisk0\DR0\Partition4 - ok
12:11:48.0730 0x0ed8 ================ Scan generic autorun ======================
12:11:48.0792 0x0ed8 [ 45B6ED23AD7155C196F809BEE1D7CB5D, 2C07BE02448308CF6A21CBEAA841783C2A9C89647ECFCD81C2543BD0BE9B343C ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
12:11:48.0808 0x0ed8 Classic Start Menu - ok
12:11:48.0839 0x0ed8 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:11:48.0871 0x0ed8 mctadmin - ok
12:11:48.0871 0x0ed8 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:11:48.0886 0x0ed8 mctadmin - ok
12:11:48.0917 0x0ed8 [ 10DEE4E0B7EBEA129A33611EFDDD047A, 67056CDB56BF9C6784F8A3FA4D15CA09ED52747A2AD2B57D87041DF159D379E9 ] C:\Program Files\NirSoft\Volumouse\volumouse.exe
12:11:48.0933 0x0ed8 $Volumouse$ - detected UnsignedFile.Multi.Generic ( 1 )
12:11:51.0621 0x0ed8 Detect skipped due to KSN trusted
12:11:51.0621 0x0ed8 $Volumouse$ - ok
12:11:51.0667 0x0ed8 [ C4A36D730F3EB0A13CE3C4F08A834B4E, 219835A3868D70CBDD654380ECCB500F90E419A93956467C6E2ADC7F0EFE1B4F ] C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
12:11:51.0683 0x0ed8 StrokeIt - ok
12:11:51.0746 0x0ed8 [ DFCCAAB88D38EFC69352CC48049138B1, 10F2DA61248CA0425FF0CC93AFE55EED357CA43E29ECB2200823CE9D764D222C ] C:\Program Files\MiserWare\Granola Personal\granola.exe
12:11:51.0777 0x0ed8 Granola - ok
12:11:51.0824 0x0ed8 [ 6A5492F39F72AED0930C0DAC0D0D29BA, FAD7B206963D192E3816C8AF6F728EDE1215D37F51C206FBFCC41EAD1C7B8E19 ] C:\Program Files\Allway Sync\Bin\syncappw.exe
12:11:51.0839 0x0ed8 Allway Sync - ok
12:11:51.0886 0x0ed8 [ 71F60476D78730F34B7E4B7E64D2DDAB, 617BBEBFB46042F00A9B61E6F6E2B77AD018C29AC46D7A15C587EC3EB2913E8B ] C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe
12:11:51.0902 0x0ed8 OneDrive - ok
12:11:51.0902 0x0ed8 Waiting for KSN requests completion. In queue: 74
12:11:52.0902 0x0ed8 Waiting for KSN requests completion. In queue: 74
12:11:53.0902 0x0ed8 Waiting for KSN requests completion. In queue: 4
12:11:55.0011 0x0ed8 AV detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\wmiav.exe ( 15.0.0.463 ), 0x41000 ( enabled : updated )
12:11:55.0042 0x0ed8 FW detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\wmifw.exe ( 15.0.0.463 ), 0x41010 ( enabled )
12:11:57.0730 0x0ed8 ============================================================
12:11:57.0730 0x0ed8 Scan finished
12:11:57.0730 0x0ed8 ============================================================
12:11:57.0730 0x0f74 Detected object count: 0
12:11:57.0730 0x0f74 Actual detected object count: 0
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.06.03
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Wolf :: WOLF-PC [administrator]
6.03.15 12:21:01
mbar-log-2015-03-06 (12-21-01).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 304668
Time elapsed: 10 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
06.03.2015, 16:35
| #6 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start hi, Scan mit Combofix
__________________ --> Win7 friert manchmal ein, oder hat Bluescreen beim Start |
|
06.03.2015, 18:35
| #7 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Hi Schrauber. Hab vor Start der Scanversuche alles beendet/deaktiviert, auch die Routinen in der Aufgabenplanung. Als 30 Minuten nach Start des 2. Scans erneut keine Reaktion erfolgte, stellte ich wiederum fest, dass sich der PC aufgehängt hatte. Hab das jetzt zwei Mal wiederholt, gäbe es weitere Vorsichtsmaßnahmen zu treffen? |
|
07.03.2015, 13:01
| #8 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start Bitte mal einen Bericht mit Bluescreenview erstellen: Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 14:58
| #9 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Moin, Schrauber. Gab nur ein Minidump-file vom 27.2. 2015, wohl weil ich praktischerweise vorher 'Frühjahrsputz' gemacht hatte. Die Aktion mit Combofix nicht weiter verfolgen? Hatte vorhin an einen Versuch im Abgesicherten Modus gedacht, wollte aber Deinen Rat abwarten. |
|
08.03.2015, 08:25
| #10 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix erst mal nicht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 09:58
| #11 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Sorry, war mir entschwunden. Code:
ATTFilter ==================================================
Filename : ACPI.sys
Address In Stack :
From Address : 0x89b55000
To Address : 0x89b9d000
Size : 0x00048000
Time Stamp : 0x4ce788e0
Time String : 20.11.10 09:37:52
Product Name : Betriebssystem Microsoft® Windows®
File Description : ACPI-Treiber für NT
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ACPI.sys
==================================================
==================================================
Filename : afd.sys
Address In Stack :
From Address : 0x8a6ac000
To Address : 0x8a706000
Size : 0x0005a000
Time Stamp : 0x4db4d9d8
Time String : 25.04.11 03:18:00
Product Name : Betriebssystem Microsoft® Windows®
File Description : Ancillary Function Driver for WinSock
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\afd.sys
==================================================
==================================================
Filename : amdxata.sys
Address In Stack :
From Address : 0x89d03000
To Address : 0x89d0c000
Size : 0x00009000
Time Stamp : 0x4ba3a3f5
Time String : 19.03.10 17:19:01
Product Name : Storage Filter Driver
File Description : Storage Filter Driver
File Version : 1.1.2.5 (NT.091202-1711)
Company : Advanced Micro Devices
Full Path : C:\Windows\system32\drivers\amdxata.sys
==================================================
==================================================
Filename : aswRdr2.sys
Address In Stack :
From Address : 0x8a706000
To Address : 0x8a71f000
Size : 0x00019000
Time Stamp : 0x545b6f51
Time String : 6.11.14 13:53:37
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswRvrt.sys
Address In Stack :
From Address : 0x8a48c000
To Address : 0x8a495d00
Size : 0x00009d00
Time Stamp : 0x545b6f3d
Time String : 6.11.14 13:53:17
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswSnx.sys
Address In Stack :
From Address : 0x8a4e7000
To Address : 0x8a5ab000
Size : 0x000c4000
Time Stamp : 0x546f1f0d
Time String : 21.11.14 12:16:29
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswSP.sys
Address In Stack :
From Address : 0x8a5ab000
To Address : 0x8a60f880
Size : 0x00064880
Time Stamp : 0x546b0c1c
Time String : 18.11.14 10:06:36
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswVmm.sys
Address In Stack :
From Address : 0x8a45c000
To Address : 0x8a48bc00
Size : 0x0002fc00
Time Stamp : 0x545b6f42
Time String : 6.11.14 13:53:22
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : atapi.sys
Address In Stack :
From Address : 0x89cd7000
To Address : 0x89ce0000
Size : 0x00009000
Time Stamp : 0x4a5bbf13
Time String : 14.07.09 00:11:15
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI IDE Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\atapi.sys
==================================================
==================================================
Filename : ataport.SYS
Address In Stack :
From Address : 0x89ce0000
To Address : 0x89d03000
Size : 0x00023000
Time Stamp : 0x4ce788e8
Time String : 20.11.10 09:38:00
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ataport.SYS
==================================================
==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : 0x89bf1000
To Address : 0x89bfc000
Size : 0x0000b000
Time Stamp : 0x4a5bc0f3
Time String : 14.07.09 00:19:15
Product Name : Microsoft® Windows® Operating System
File Description : Battery Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\BATTC.SYS
==================================================
==================================================
Filename : Beep.SYS
Address In Stack :
From Address : 0x8a617000
To Address : 0x8a61e000
Size : 0x00007000
Time Stamp : 0x4a5bc6fc
Time String : 14.07.09 00:45:00
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Beep.SYS
==================================================
==================================================
Filename : blbdrive.sys
Address In Stack :
From Address : 0x90d1b000
To Address : 0x90d29000
Size : 0x0000e000
Time Stamp : 0x4a5bc1d8
Time String : 14.07.09 00:23:04
Product Name : Microsoft® Windows® Operating System
File Description : BLB Drive Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\blbdrive.sys
==================================================
==================================================
Filename : BOOTVID.dll
Address In Stack :
From Address : 0x898af000
To Address : 0x898b7000
Size : 0x00008000
Time Stamp : 0x4a5bd9a2
Time String : 14.07.09 02:04:34
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\BOOTVID.dll
==================================================
==================================================
Filename : cbfs3.sys
Address In Stack :
From Address : 0x90cd3000
To Address : 0x90d1a200
Size : 0x00047200
Time Stamp : 0x4fd063c4
Time String : 7.06.12 09:18:12
Product Name : Callback File System (TM)
File Description : Callback File System Driver
File Version : 3, 2, 110, 277
Company : EldoS Corporation
Full Path : C:\Windows\system32\drivers\cbfs3.sys
==================================================
==================================================
Filename : cbfs4.sys
Address In Stack :
From Address : 0x90c85000
To Address : 0x90cd2080
Size : 0x0004d080
Time Stamp : 0x52861532
Time String : 15.11.13 13:36:02
Product Name : Callback File System (TM)
File Description : Callback File System Driver
File Version : 4, 0, 139, 32
Company : EldoS Corporation
Full Path : C:\Windows\system32\drivers\cbfs4.sys
==================================================
==================================================
Filename : CI.dll
Address In Stack :
From Address : 0x898f9000
To Address : 0x899a4000
Size : 0x000ab000
Time Stamp : 0x4ce7b97d
Time String : 20.11.10 13:05:17
Product Name : Betriebssystem Microsoft® Windows®
File Description : Codeintegritätsmodul
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CI.dll
==================================================
==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : 0x8a437000
To Address : 0x8a45c000
Size : 0x00025000
Time Stamp : 0x4a5bbf18
Time String : 14.07.09 00:11:20
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================
==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : 0x898b7000
To Address : 0x898f9000
Size : 0x00042000
Time Stamp : 0x4a5bbf0e
Time String : 14.07.09 00:11:10
Product Name : Microsoft® Windows® Operating System
File Description : Common Log File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CLFS.SYS
==================================================
==================================================
Filename : cng.sys
Address In Stack :
From Address : 0x89ebe000
To Address : 0x89f1b000
Size : 0x0005d000
Time Stamp : 0x503799a1
Time String : 24.08.12 16:11:29
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Cryptography, Next Generation
File Version : 6.1.7601.17940 (win7sp1_gdr.120824-0334)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cng.sys
==================================================
==================================================
Filename : compbatt.sys
Address In Stack :
From Address : 0x89811000
To Address : 0x89819000
Size : 0x00008000
Time Stamp : 0x4a5bc0f6
Time String : 14.07.09 00:19:18
Product Name : Microsoft® Windows® Operating System
File Description : Composite Battery Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\compbatt.sys
==================================================
==================================================
Filename : crashdmp.sys
Address In Stack :
From Address : 0x8a496000
To Address : 0x8a4a3000
Size : 0x0000d000
Time Stamp : 0x4a5bc72e
Time String : 14.07.09 00:45:50
Product Name : Microsoft® Windows® Operating System
File Description : Crash Dump Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crashdmp.sys
==================================================
==================================================
Filename : dfsc.sys
Address In Stack :
From Address : 0x90c6d000
To Address : 0x90c85000
Size : 0x00018000
Time Stamp : 0x4ce789f8
Time String : 20.11.10 09:42:32
Product Name : Microsoft® Windows® Operating System
File Description : DFS Namespace Client Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dfsc.sys
==================================================
==================================================
Filename : discache.sys
Address In Stack :
From Address : 0x90c61000
To Address : 0x90c6d000
Size : 0x0000c000
Time Stamp : 0x4a5bc214
Time String : 14.07.09 00:24:04
Product Name : Microsoft® Windows® Operating System
File Description : System Indexer/Cache Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\discache.sys
==================================================
==================================================
Filename : disk.sys
Address In Stack :
From Address : 0x8a000000
To Address : 0x8a011000
Size : 0x00011000
Time Stamp : 0x4a5bbf20
Time String : 14.07.09 00:11:28
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\disk.sys
==================================================
==================================================
Filename : dump_atapi.sys
Address In Stack :
From Address : 0x8a4ae000
To Address : 0x8a4b7000
Size : 0x00009000
Time Stamp : 0x4a5bbf13
Time String : 14.07.09 00:11:15
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dump_dumpata.sys
Address In Stack :
From Address : 0x8a4a3000
To Address : 0x8a4ae000
Size : 0x0000b000
Time Stamp : 0x4a5bbf14
Time String : 14.07.09 00:11:16
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dump_dumpfve.sys
Address In Stack :
From Address : 0x8a4b7000
To Address : 0x8a4c8000
Size : 0x00011000
Time Stamp : 0x4a5bbf6f
Time String : 14.07.09 00:12:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : 0x89d40000
To Address : 0x89d51000
Size : 0x00011000
Time Stamp : 0x4a5bc18f
Time String : 14.07.09 00:21:51
Product Name : Microsoft® Windows® Operating System
File Description : FileInfo Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fileinfo.sys
==================================================
==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : 0x89d0c000
To Address : 0x89d40000
Size : 0x00034000
Time Stamp : 0x4a5bbf11
Time String : 14.07.09 00:11:13
Product Name : Betriebssystem Microsoft® Windows®
File Description : Microsoft Dateisystem-Filter-Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fltmgr.sys
==================================================
==================================================
Filename : fltsrv.sys
Address In Stack :
From Address : 0x8a3ac000
To Address : 0x8a3c3000
Size : 0x00017000
Time Stamp : 0x5190b52e
Time String : 13.05.13 10:41:02
Product Name : Acronis Storage Filter Management
File Description : Acronis Storage Filter Management Driver
File Version : 1.3.0.2133
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\fltsrv.sys
==================================================
==================================================
Filename : Fs_Rec.sys
Address In Stack :
From Address : 0x89f29000
To Address : 0x89f32000
Size : 0x00009000
Time Stamp : 0x4f4eeb36
Time String : 1.03.12 04:21:26
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 6.1.7601.17787 (win7sp1_gdr.120229-1502)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Fs_Rec.sys
==================================================
==================================================
Filename : fvevol.sys
Address In Stack :
From Address : 0x8a3c3000
To Address : 0x8a3f5000
Size : 0x00032000
Time Stamp : 0x4ce78976
Time String : 20.11.10 09:40:22
Product Name : Microsoft® Windows® Operating System
File Description : BitLocker Drive Encryption Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fvevol.sys
==================================================
==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : 0x8a1c1000
To Address : 0x8a1f2000
Size : 0x00031000
Time Stamp : 0x5034f1ca
Time String : 22.08.12 15:50:50
Product Name : Microsoft® Windows® Operating System
File Description : FWP/IPsec Kernel-Mode API
File Version : 6.1.7601.17939 (win7sp1_gdr.120822-0331)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================
==================================================
Filename : halacpi.dll
Address In Stack :
From Address : 0x8340f000
To Address : 0x83437000
Size : 0x00028000
Time Stamp : 0x4ce788d2
Time String : 20.11.10 09:37:38
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\halacpi.dll
==================================================
==================================================
Filename : hwpolicy.sys
Address In Stack :
From Address : 0x8a3a4000
To Address : 0x8a3ac000
Size : 0x00008000
Time Stamp : 0x4ce788cf
Time String : 20.11.10 09:37:35
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Policy Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hwpolicy.sys
==================================================
==================================================
Filename : kdcom.dll
Address In Stack :
From Address : 0x80ba1000
To Address : 0x80ba9000
Size : 0x00008000
Time Stamp : 0x4a5bdaaa
Time String : 14.07.09 02:08:58
Product Name : Microsoft® Windows® Operating System
File Description : Serial Kernel Debugger
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\kdcom.dll
==================================================
==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : 0x89eab000
To Address : 0x89ebe000
Size : 0x00013000
Time Stamp : 0x4fc9799f
Time String : 2.06.12 03:25:35
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 6.1.7601.17856 (win7sp1_gdr.120601-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecdd.sys
==================================================
==================================================
Filename : ksecpkg.sys
Address In Stack :
From Address : 0x8a04f000
To Address : 0x8a075000
Size : 0x00026000
Time Stamp : 0x503799d9
Time String : 24.08.12 16:12:25
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface Packages
File Version : 6.1.7601.17940 (win7sp1_gdr.120824-0334)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecpkg.sys
==================================================
==================================================
Filename : mcupdate_GenuineIntel.dll
Address In Stack :
From Address : 0x89819000
To Address : 0x8989e000
Size : 0x00085000
Time Stamp : 0x4ce7b876
Time String : 20.11.10 13:00:54
Product Name : Microsoft® Windows® Operating System
File Description : Intel Microcode Update Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\mcupdate_GenuineIntel.dll
==================================================
==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : 0x89c85000
To Address : 0x89c9b000
Size : 0x00016000
Time Stamp : 0x4ce788f1
Time String : 20.11.10 09:38:09
Product Name : Betriebssystem Microsoft® Windows®
File Description : Bereitstellungspunkt-Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mountmgr.sys
==================================================
==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : 0x8a670000
To Address : 0x8a67b000
Size : 0x0000b000
Time Stamp : 0x4a5bbf1e
Time String : 14.07.09 00:11:26
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Msfs.SYS
==================================================
==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : 0x89b9d000
To Address : 0x89ba5000
Size : 0x00008000
Time Stamp : 0x4a5bbf0d
Time String : 14.07.09 00:11:09
Product Name : Microsoft® Windows® Operating System
File Description : ISA Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msisadrv.sys
==================================================
==================================================
Filename : msrpc.sys
Address In Stack :
From Address : 0x89e80000
To Address : 0x89eab000
Size : 0x0002b000
Time Stamp : 0x4a5bbf3f
Time String : 14.07.09 00:11:59
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Remote Procedure Call Provider
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msrpc.sys
==================================================
==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : 0x90c57000
To Address : 0x90c61000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fd
Time String : 14.07.09 00:19:25
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mssmbios.sys
==================================================
==================================================
Filename : mup.sys
Address In Stack :
From Address : 0x8a394000
To Address : 0x8a3a4000
Size : 0x00010000
Time Stamp : 0x4a5bbfc6
Time String : 14.07.09 00:14:14
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mup.sys
==================================================
==================================================
Filename : ndis.sys
Address In Stack :
From Address : 0x89f32000
To Address : 0x89fe9000
Size : 0x000b7000
Time Stamp : 0x5034f1da
Time String : 22.08.12 15:51:06
Product Name : Betriebssystem Microsoft® Windows®
File Description : NDIS 6.20-Treiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndis.sys
==================================================
==================================================
Filename : netbios.sys
Address In Stack :
From Address : 0x8a777000
To Address : 0x8a785000
Size : 0x0000e000
Time Stamp : 0x4a5bc912
Time String : 14.07.09 00:53:54
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbios.sys
==================================================
==================================================
Filename : netbt.sys
Address In Stack :
From Address : 0x8a71f000
To Address : 0x8a751000
Size : 0x00032000
Time Stamp : 0x4ce7893a
Time String : 20.11.10 09:39:22
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbt.sys
==================================================
==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : 0x8a011000
To Address : 0x8a04f000
Size : 0x0003e000
Time Stamp : 0x5034f1ea
Time String : 22.08.12 15:51:22
Product Name : Microsoft® Windows® Operating System
File Description : Network I/O Subsystem
File Version : 6.1.7601.17939 (win7sp1_gdr.120822-0331)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NETIO.SYS
==================================================
==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : 0x8a67b000
To Address : 0x8a689000
Size : 0x0000e000
Time Stamp : 0x4a5bbf23
Time String : 14.07.09 00:11:31
Product Name : Microsoft® Windows® Operating System
File Description : NPFS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Npfs.SYS
==================================================
==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : 0x90c4d000
To Address : 0x90c57000
Size : 0x0000a000
Time Stamp : 0x4a5bbf48
Time String : 14.07.09 00:12:08
Product Name : Microsoft® Windows® Operating System
File Description : NSI Proxy
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nsiproxy.sys
==================================================
==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : 0x89d51000
To Address : 0x89e80000
Size : 0x0012f000
Time Stamp : 0x5040cf60
Time String : 31.08.12 15:51:12
Product Name : Betriebssystem Microsoft® Windows®
File Description : NT-Dateisystemtreiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Ntfs.sys
==================================================
==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+38c5b
From Address : 0x8300c000
To Address : 0x8340f000
Size : 0x00403000
Time Stamp : 0x503f7f30
Time String : 30.08.12 15:56:48
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================
==================================================
Filename : Null.SYS
Address In Stack :
From Address : 0x8a610000
To Address : 0x8a617000
Size : 0x00007000
Time Stamp : 0x4a5bbf10
Time String : 14.07.09 00:11:12
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Null.SYS
==================================================
==================================================
Filename : pacer.sys
Address In Stack :
From Address : 0x8a758000
To Address : 0x8a777000
Size : 0x0001f000
Time Stamp : 0x4a5bc916
Time String : 14.07.09 00:53:58
Product Name : Betriebssystem Microsoft® Windows®
File Description : QoS-Paketplaner
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pacer.sys
==================================================
==================================================
Filename : partmgr.sys
Address In Stack :
From Address : 0x89800000
To Address : 0x89811000
Size : 0x00011000
Time Stamp : 0x4f641b0c
Time String : 17.03.12 06:03:08
Product Name : Microsoft® Windows® Operating System
File Description : Partition Management Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\partmgr.sys
==================================================
==================================================
Filename : pci.sys
Address In Stack :
From Address : 0x89bc7000
To Address : 0x89bf1000
Size : 0x0002a000
Time Stamp : 0x4ce788e5
Time String : 20.11.10 09:37:57
Product Name : Betriebssystem Microsoft® Windows®
File Description : NT-Plug & Play PCI-Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pci.sys
==================================================
==================================================
Filename : pciide.sys
Address In Stack :
From Address : 0x89c70000
To Address : 0x89c77000
Size : 0x00007000
Time Stamp : 0x4a5bbf17
Time String : 14.07.09 00:11:19
Product Name : Microsoft® Windows® Operating System
File Description : Generic PCI IDE Bus Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pciide.sys
==================================================
==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : 0x89c77000
To Address : 0x89c85000
Size : 0x0000e000
Time Stamp : 0x4a5bbf13
Time String : 14.07.09 00:11:15
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
==================================================
==================================================
Filename : pcw.sys
Address In Stack :
From Address : 0x89f1b000
To Address : 0x89f29000
Size : 0x0000e000
Time Stamp : 0x4a5bbf0e
Time String : 14.07.09 00:11:10
Product Name : Microsoft® Windows® Operating System
File Description : Performance Counters for Windows Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pcw.sys
==================================================
==================================================
Filename : PSHED.dll
Address In Stack :
From Address : 0x8989e000
To Address : 0x898af000
Size : 0x00011000
Time Stamp : 0x4a5bdad0
Time String : 14.07.09 02:09:36
Product Name : Betriebssystem Microsoft® Windows®
File Description : Plattformspezifischer Hardwarefehlertreiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================
==================================================
Filename : rdbss.sys
Address In Stack :
From Address : 0x90c0c000
To Address : 0x90c4d000
Size : 0x00041000
Time Stamp : 0x4ce78a04
Time String : 20.11.10 09:42:44
Product Name : Betriebssystem Microsoft® Windows®
File Description : Subsystemtreiber für Pufferung des umgeleiteten Laufwerks
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdbss.sys
==================================================
==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : 0x8a658000
To Address : 0x8a660000
Size : 0x00008000
Time Stamp : 0x4ce7a15b
Time String : 20.11.10 11:22:19
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPCDD.sys
==================================================
==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : 0x8a660000
To Address : 0x8a668000
Size : 0x00008000
Time Stamp : 0x4a5bcae3
Time String : 14.07.09 01:01:39
Product Name : Microsoft® Windows® Operating System
File Description : RDP Encoder Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpencdd.sys
==================================================
==================================================
Filename : rdprefmp.sys
Address In Stack :
From Address : 0x8a668000
To Address : 0x8a670000
Size : 0x00008000
Time Stamp : 0x4a5bcae5
Time String : 14.07.09 01:01:41
Product Name : Microsoft® Windows® Operating System
File Description : RDP Reflector Driver Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdprefmp.sys
==================================================
==================================================
Filename : rdyboost.sys
Address In Stack : rdyboost.sys+1492a
From Address : 0x8a367000
To Address : 0x8a394000
Size : 0x0002d000
Time Stamp : 0x4ce78e17
Time String : 20.11.10 10:00:07
Product Name : Microsoft® Windows® Operating System
File Description : ReadyBoost Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdyboost.sys
==================================================
==================================================
Filename : SCSIPORT.SYS
Address In Stack :
From Address : 0x89b2f000
To Address : 0x89b55000
Size : 0x00026000
Time Stamp : 0x4ce799ff
Time String : 20.11.10 10:50:55
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\SCSIPORT.SYS
==================================================
==================================================
Filename : serial.sys
Address In Stack :
From Address : 0x8a785000
To Address : 0x8a79f000
Size : 0x0001a000
Time Stamp : 0x4a5bc71d
Time String : 14.07.09 00:45:33
Product Name : Betriebssystem Microsoft® Windows®
File Description : Serieller Gerätetreiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\serial.sys
==================================================
==================================================
Filename : snapman.sys
Address In Stack :
From Address : 0x8a338000
To Address : 0x8a367000
Size : 0x0002f000
Time Stamp : 0x520b7580
Time String : 14.08.13 13:18:08
Product Name : Acronis Snapshot API
File Description : Acronis Snapshot API
File Version : 4.5.0.2231
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\snapman.sys
==================================================
==================================================
Filename : spldr.sys
Address In Stack :
From Address : 0x8a330000
To Address : 0x8a338000
Size : 0x00008000
Time Stamp : 0x4a084ebb
Time String : 11.05.09 17:13:47
Product Name : Microsoft® Windows® Operating System
File Description : loader for security processor
File Version : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spldr.sys
==================================================
==================================================
Filename : sptd.sys
Address In Stack :
From Address : 0x89a33000
To Address : 0x89b26000
Size : 0x000f3000
Time Stamp : 0x4ad245ea
Time String : 11.10.09 21:54:02
Product Name : SCSI Pass Through Direct
File Description : SCSI Pass Through Direct Host
File Version : 1.62.0.0 built by: WinDDK
Company : Duplex Secure Ltd.
Full Path : C:\Windows\system32\drivers\sptd.sys
==================================================
==================================================
Filename : tcpip.sys
Address In Stack :
From Address : 0x8a075000
To Address : 0x8a1c1000
Size : 0x0014c000
Time Stamp : 0x506c4ddf
Time String : 3.10.12 15:38:23
Product Name : Betriebssystem Microsoft® Windows®
File Description : TCP/IP-Treiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpip.sys
==================================================
==================================================
Filename : TDI.SYS
Address In Stack :
From Address : 0x8a6a0000
To Address : 0x8a6ac000
Size : 0x0000c000
Time Stamp : 0x4ce78936
Time String : 20.11.10 09:39:18
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\TDI.SYS
==================================================
==================================================
Filename : tdx.sys
Address In Stack :
From Address : 0x8a689000
To Address : 0x8a6a0000
Size : 0x00017000
Time Stamp : 0x4ce78935
Time String : 20.11.10 09:39:17
Product Name : Microsoft® Windows® Operating System
File Description : TDI Translation Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdx.sys
==================================================
==================================================
Filename : termdd.sys
Address In Stack :
From Address : 0x8a7b2000
To Address : 0x8a7c3000
Size : 0x00011000
Time Stamp : 0x4ce7a116
Time String : 20.11.10 11:21:10
Product Name : Microsoft® Windows® Operating System
File Description : Remote Desktop Server Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\termdd.sys
==================================================
==================================================
Filename : tib.sys
Address In Stack :
From Address : 0x8a27e000
To Address : 0x8a32f8a0
Size : 0x000b18a0
Time Stamp : 0x51497a7d
Time String : 20.03.13 09:59:41
Product Name : Acronis TIB Explorer
File Description : Acronis Backup Archive Explorer
File Version : 1,0,0,1029
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\tib.sys
==================================================
==================================================
Filename : tib_mounter.sys
Address In Stack :
From Address : 0x8a210000
To Address : 0x8a236000
Size : 0x00026000
Time Stamp : 0x52497715
Time String : 30.09.13 14:05:25
Product Name : Acronis TIB Mounter
File Description : Acronis TIB Mounter Driver
File Version : 4.3.0.2138
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\tib_mounter.sys
==================================================
==================================================
Filename : vdrvroot.sys
Address In Stack :
From Address : 0x89ba5000
To Address : 0x89bb0000
Size : 0x0000b000
Time Stamp : 0x4a5bc74b
Time String : 14.07.09 00:46:19
Product Name : Betriebssystem Microsoft® Windows®
File Description : Stammenumerator für virtuelles Laufwerk
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vdrvroot.sys
==================================================
==================================================
Filename : vga.sys
Address In Stack :
From Address : 0x8a61e000
To Address : 0x8a62a000
Size : 0x0000c000
Time Stamp : 0x4a5bc27e
Time String : 14.07.09 00:25:50
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vga.sys
==================================================
==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : 0x8a62a000
To Address : 0x8a64b000
Size : 0x00021000
Time Stamp : 0x4a5bc27d
Time String : 14.07.09 00:25:49
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================
==================================================
Filename : vididr.sys
Address In Stack :
From Address : 0x8a1f2000
To Address : 0x8a210000
Size : 0x0001e000
Time Stamp : 0x511c88af
Time String : 14.02.13 07:48:15
Product Name : Acronis Virtual Disk
File Description : Acronis Virtual Disk Driver
File Version : 1.1.0.2105
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\vididr.sys
==================================================
==================================================
Filename : vidsflt.sys
Address In Stack :
From Address : 0x89bb0000
To Address : 0x89bc7000
Size : 0x00017000
Time Stamp : 0x511c8cab
Time String : 14.02.13 08:05:15
Product Name : Acronis Virtual Disk
File Description : Acronis Virtual Disk Storage Filter
File Version : 1.1.0.2105
Company : Acronis International GmbH
Full Path : C:\Windows\system32\drivers\vidsflt.sys
==================================================
==================================================
Filename : vmbus.sys
Address In Stack :
From Address : 0x89c9b000
To Address : 0x89cc4180
Size : 0x00029180
Time Stamp : 0x4ce79192
Time String : 20.11.10 10:14:58
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Machine Bus
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmbus.sys
==================================================
==================================================
Filename : vmstorfl.sys
Address In Stack :
From Address : 0x8a236000
To Address : 0x8a23e380
Size : 0x00008380
Time Stamp : 0x4ce7917d
Time String : 20.11.10 10:14:37
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Storage Filter Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmstorfl.sys
==================================================
==================================================
Filename : volmgr.sys
Address In Stack :
From Address : 0x89c15000
To Address : 0x89c25000
Size : 0x00010000
Time Stamp : 0x4ce788ee
Time String : 20.11.10 09:38:06
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgr.sys
==================================================
==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : 0x89c25000
To Address : 0x89c70000
Size : 0x0004b000
Time Stamp : 0x4a5bbf2d
Time String : 14.07.09 00:11:41
Product Name : Betriebssystem Microsoft® Windows®
File Description : Treiber für Erweiterung des Volume-Managers
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgrx.sys
==================================================
==================================================
Filename : volsnap.sys
Address In Stack :
From Address : 0x8a23f000
To Address : 0x8a27e000
Size : 0x0003f000
Time Stamp : 0x4ce788f5
Time String : 20.11.10 09:38:13
Product Name : Betriebssystem Microsoft® Windows®
File Description : Volumeschattenkopie-Treiber
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volsnap.sys
==================================================
==================================================
Filename : wanarp.sys
Address In Stack :
From Address : 0x8a79f000
To Address : 0x8a7b2000
Size : 0x00013000
Time Stamp : 0x4ce79df1
Time String : 20.11.10 11:07:45
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wanarp.sys
==================================================
==================================================
Filename : watchdog.sys
Address In Stack :
From Address : 0x8a64b000
To Address : 0x8a658000
Size : 0x0000d000
Time Stamp : 0x4a5bc21a
Time String : 14.07.09 00:24:10
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\watchdog.sys
==================================================
==================================================
Filename : Wdf01000.sys
Address In Stack :
From Address : 0x899a4000
To Address : 0x89a25000
Size : 0x00081000
Time Stamp : 0x5010ac41
Time String : 26.07.12 03:32:33
Product Name : Betriebssystem Microsoft® Windows®
File Description : Kernelmodustreiber-Frameworklaufzeit
File Version : 1.11.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Wdf01000.sys
==================================================
==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : 0x89a25000
To Address : 0x89a33000
Size : 0x0000e000
Time Stamp : 0x5010ad36
Time String : 26.07.12 03:36:38
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Loader
File Version : 1.11.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================
==================================================
Filename : wfplwf.sys
Address In Stack :
From Address : 0x8a751000
To Address : 0x8a758000
Size : 0x00007000
Time Stamp : 0x4a5bc90f
Time String : 14.07.09 00:53:51
Product Name : Microsoft® Windows® Operating System
File Description : WFP NDIS 6.20 Lightweight Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wfplwf.sys
==================================================
==================================================
Filename : winhv.sys
Address In Stack :
From Address : 0x89cc5000
To Address : 0x89cd7000
Size : 0x00012000
Time Stamp : 0x4ce788f7
Time String : 20.11.10 09:38:15
Product Name : Microsoft® Windows® Operating System
File Description : Windows Hypervisor Interface Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\winhv.sys
==================================================
==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : 0x89b26000
To Address : 0x89b2f000
Size : 0x00009000
Time Stamp : 0x4a5bbf1a
Time String : 14.07.09 00:11:22
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WMILIB.SYS
==================================================
|
|
08.03.2015, 15:57
| #12 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 20:14
| #13 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Also, bei der chkdsk selbst, d.h. im Ablauf des Fensters, wurden nirgends Fehler gemeldet. Wenn ich desweiteren in der Ereignisanzeige unter Windows-Protokolle -> Anwendungen einen Filter erstelle (nach der Quelle “winlogon” + "Alle Ereingnisebenen" + "Letzte Stunde" + "alle Ereignisse" ) , dann bekomme ich zwar 3 Ereignisse angezeigt, jedoch keines mit der ID 1001. Heisst das, dass von chkdsk keine Protokolldatei angelegt wurde? Oder mach ich was falsch beim Versuch, sie zu finden? ... Mir fällt gerade auf: Unter einer der angezeigten Ereignis-ID's (6000) findet sich folgende Eigenschaft: "Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten." Könnte das etwas mit dem Fehlen einer chkdsk-Protokolldatei zu tun haben? |
|
09.03.2015, 12:52
| #14 |
| /// the machine /// TB-Ausbilder | Win7 friert manchmal ein, oder hat Bluescreen beim Start Könnte. Mach jetzt mal bitte mit Combofix weiter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 17:31
| #15 |
| | Win7 friert manchmal ein, oder hat Bluescreen beim Start Ok. Macht es Sinn, dafür den Abgesicherten Modus von Windows zu verwenden? Die vorherigen Versuche im normalen Modus endeten jedes mal mit kompletten Systemsaufhängern. Hab jetzt mal auf eigene Faust im abgesicherten Modos probiert, leider mit dem gleichem Ergebnis wie im normalen. |
|
| Themen zu Win7 friert manchmal ein, oder hat Bluescreen beim Start |
| askbar, betriebs, bluescreen, crystaldiskinfo, defender, ebanking, fehlercode 0x80000003, fehlercode 0xc0000374, fehlercode 24, flash player, homepage, kaspersky, onedrive, pup.optional.conduit.a, pup.riskware.hideexec, registry, services.exe, software, svchost.exe, tracker |
Linear-Darstellung
