Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rechner langsam, Tastatur und Maus reagieren verzögert (https://www.trojaner-board.de/167167-rechner-langsam-tastatur-maus-reagieren-verzoegert.html)

norxi 22.05.2015 07:28
Rechner langsam, Tastatur und Maus reagieren verzögert
 
Hallo, mein alter Lapi (Dell mit IBM-Festplatte, Windows 7, Schutz: 360 Total Security) ist seit ein paar Tagen langsam. Besonders lästig ist, dass meine Eingaben (Maus oder Tastatur) erst ca. 5 Sekunden später am Bildschirm sichtbar werden. Habe gemäß Anleitung erstellt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by w7 (administrator) on W7-PC on 21-05-2015 23:55:09
Running from C:\Users\w7\Desktop
Loaded Profiles: w7 (Available profiles: w7 & Administrator)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Microsoft Corporation) C:\Program Files\Office2k\OFFICE11\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1264248 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0901-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0903-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315542-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315549-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {79d78ce0-9a00-11e3-887b-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ab2559e0-8e51-11e3-90ad-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d1df3a90-382b-11e0-94b3-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d61d962c-a305-11df-96de-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d188e-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d1890-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_Win32.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1291470965134
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: hxxp://www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-07] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-04-04] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\searchplugins\avira-safesearch.xml [2015-02-27]
FF Extension: 20-20 3D Viewer - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\2020Player@2020Technologies.com [2010-09-15]
FF Extension: Avira Browser Safety - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\abs@avira.com [2015-04-28]
FF Extension: Avira SafeSearch - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\safesearch@avira.com [2015-04-28]
FF Extension: Bitdefender QuickScan - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Go Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\goParentFolder@alice.xpi [2014-12-01]
FF Extension: Show Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\showParentFolder@alice.xpi [2014-12-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-22]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2014-11-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [839792 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680448 2009-04-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2014-11-07] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-05-18] (360.cn)
S3 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-05-18] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2014-11-07] (360.cn)
S1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2014-11-07] (360安全中心)
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [77904 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23120 2009-04-22] (AMD)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470208 2005-12-29] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [169040 2015-03-09] (Qihu 360 Software Co., Ltd.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2014-11-07] (360安全中心)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-11-29] (Elaborate Bytes AG) [File not signed]
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-02-12] (Elaborate Bytes AG) [File not signed]
R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22528 2004-02-12] (Elaborate Bytes AG) [File not signed]
S0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [58440 2015-03-09] (360安全中心)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl6feaab75; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DCF08ED-1B2F-4928-995C-66264E3E1B51}\MpKsl6feaab75.sys [39464 2015-05-21] (Microsoft Corporation)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [257352 2014-11-07] (360.cn)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2014-11-07] (360.cn)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-04-22] (Conexant Systems, Inc.)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-04-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 23:55 - 2015-05-21 23:55 - 00012679 _____ () C:\Users\w7\Desktop\FRST.txt
2015-05-21 23:50 - 2015-05-21 23:50 - 00000466 _____ () C:\Users\w7\Desktop\defogger_disable.log
2015-05-21 23:50 - 2015-05-21 23:50 - 00000000 _____ () C:\Users\w7\defogger_reenable
2015-05-21 23:49 - 2015-05-21 23:49 - 00050477 _____ () C:\Users\w7\Desktop\Defogger.exe
2015-05-21 23:28 - 2015-05-21 23:55 - 00000000 ____D () C:\FRST
2015-05-21 23:27 - 2015-05-21 23:27 - 01147392 _____ (Farbar) C:\Users\w7\Desktop\FRST.exe
2015-05-21 22:45 - 2015-05-21 22:45 - 00000000 ____D () C:\Program Files\Common Files\AV
2015-05-21 22:33 - 2015-05-21 22:33 - 00080080 _____ () C:\Users\w7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-21 22:31 - 2015-05-21 22:31 - 00358488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-21 21:55 - 2015-05-21 21:55 - 02347384 _____ (ESET) C:\Users\w7\Desktop\esetsmartinstaller_deu.exe
2015-05-21 20:35 - 2015-05-21 20:35 - 01187496 _____ (Uniblue Systems Limited ) C:\Users\w7\Desktop\pcmechanicpm.exe
2015-05-17 08:10 - 2015-05-17 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-04 18:13 - 2015-05-04 18:13 - 21258466 _____ () C:\Users\w7\Desktop\Garage-Sockel-links.tif
2015-05-04 18:12 - 2015-05-04 18:12 - 21252322 _____ () C:\Users\w7\Desktop\Garagentor.tif
2015-05-03 08:01 - 2015-05-03 08:01 - 00000000 ____D () C:\84bc2ca00468d711748d3b0f9e
2015-04-26 21:21 - 2015-04-26 21:21 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 23:50 - 2009-08-15 20:34 - 00000000 ____D () C:\Users\w7
2015-05-21 23:38 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 23:38 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:45 - 2015-04-10 18:00 - 00001111 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-05-21 22:45 - 2014-11-11 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-05-21 22:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-05-21 22:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\$360Section
2015-05-21 22:36 - 2009-08-15 12:37 - 02078444 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 22:33 - 2009-04-22 10:27 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 22:32 - 2015-02-09 10:16 - 00008904 _____ () C:\Windows\setupact.log
2015-05-21 22:31 - 2015-02-09 10:14 - 00021636 _____ () C:\Windows\PFRO.log
2015-05-21 22:29 - 2013-11-23 14:14 - 00000000 ____D () C:\AdwCleaner
2015-05-21 21:52 - 2015-04-10 18:01 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-05-21 18:10 - 2014-11-11 22:33 - 00000000 ____D () C:\ProgramData\360safe
2015-05-18 12:20 - 2014-11-11 22:34 - 00065608 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-05-18 12:20 - 2014-11-11 22:32 - 00202312 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2015-05-17 22:20 - 2012-09-24 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-10-11 09:13 - 2014-10-11 09:03 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av_41834845_cpmtce9iomm1crdat73b_wd.exe
2014-10-11 09:13 - 2014-10-11 08:53 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av___ws.exe
2013-06-26 20:04 - 2013-11-10 23:03 - 0003725 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-11-21 13:52 - 2013-11-21 15:18 - 0000004 _____ () C:\Users\w7\AppData\Roaming\Other.ico
2013-11-19 13:12 - 2013-11-22 15:59 - 0099147 _____ () C:\Users\w7\AppData\Local\ars.cache
2013-11-19 13:13 - 2013-11-22 15:59 - 0255589 _____ () C:\Users\w7\AppData\Local\census.cache
2013-11-19 12:29 - 2013-11-19 12:29 - 0000036 _____ () C:\Users\w7\AppData\Local\housecall.guid.cache
2012-09-24 23:59 - 2013-11-13 10:25 - 0007605 _____ () C:\Users\w7\AppData\Local\resmon.resmoncfg
2013-06-17 12:49 - 2013-06-17 12:51 - 0000352 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\w7\360TS_Setup.exe
C:\Users\w7\AdbeRdr933_de_DE.exe
C:\Users\w7\jxpiinstall.exe


Some files in TEMP:
====================
C:\Users\w7\AppData\Local\Temp\Quarantine.exe
C:\Users\w7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 01:15

==================== End of log ============================
und:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by w7 at 2015-05-21 23:55:58
Running from C:\Users\w7\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3062942232-3235879386-1935734408-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3062942232-3235879386-1935734408-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3062942232-3235879386-1935734408-1001 - Limited - Enabled)
w7 (S-1-5-21-3062942232-3235879386-1935734408-1002 - Administrator - Enabled) => C:\Users\w7

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM\...\360TotalSecurity) (Version: 6.6.1.1024 - 360 Security Center)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connect (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-05-2015 20:37:18 Uniblue PC Mechanic installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-04-22 07:57 - 2013-12-10 00:41 - 00000957 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      activate.adobe.com
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CEEB8E1-873D-4C99-B514-49D5DBBAE46F} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {E9099E84-84A6-496E-A477-D12B98AE2FDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-07] (Adobe Systems Incorporated)
Task: {F7F9B6E2-E0C1-4548-9EE6-E7C0E358A837} - System32\Tasks\{A60FA2E0-134B-4182-AA2D-9B9F8DB5F48F} => pcalua.exe -a "C:\Program Files\Firefox\uninstall\helper.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2014-11-11 22:32 - 2015-05-18 12:20 - 00426608 _____ () C:\Program Files\360\Total Security\MenuEx.dll
2013-11-29 11:29 - 2013-11-29 11:29 - 00026520 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00082840 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 11:28 - 2013-11-29 11:28 - 00344984 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{60A07316-1A8F-4B3C-8310-8671A9FB7A47}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{1D0276B9-28EA-4B45-8F27-3E2C2F8B4AA4}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{7AB283EC-4359-47B2-894D-E7117806DFFC}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{07E2FCBC-9EFB-4C1D-8D43-FFD987B4A4E1}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{AF1E36FE-CBEC-4C19-A946-DECDE2D5DA72}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{5704526F-251F-4217-838F-2C115ABEC786}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{901E69F2-C983-453C-B68F-94B1EF9DFB3B}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{E727E364-071A-4CB4-AC1D-B3B5C29DFE3B}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{BB4EAEBD-1967-47A9-BD0C-6F3161582EB6}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{EE5F3F34-8ACD-484E-9A02-95396C423146}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{CF4FF1CE-E599-4B44-971F-ABE2C948551A}] => (Allow) C:\Users\w7\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A6B57B8C-F68A-46D1-8D6F-FFCEE526C922}] => (Allow) C:\Users\w7\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1F78329D-7EF9-4B2B-8A65-3B9794BDCA28}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{42A05C3E-C7B3-4F7E-B9E6-587703C7C0C4}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{6BD3E505-AFF3-4661-9CC4-0CA61E8DB271}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0DED27D8-FA8A-4698-85A5-4DECCEE7CECE}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{2B85DA0D-5398-4083-94E8-53682DA015EC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C88C74BC-3383-4911-8D0B-C8806BD1157C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9C7C747D-9406-42A0-A031-026595CEDE32}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{FAED6547-0F2B-4B01-9C9B-30FBCD6D8DDA}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{55AE9443-78B2-4495-9899-16BB81A99D48}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D1588230-6760-4ABB-B78D-A55078E91323}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{7B764421-302E-4802-A86E-0112941D0E8B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F435F49-193E-48CE-BA23-7197866763A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{73F252FF-2614-4CF6-9D90-E67F9A70DC67}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CC2F5724-1D44-4C7C-A67A-F8058E8A15F2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C84F0863-D065-4048-8D5D-5A548E0D5F16}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{40AD7DF4-5D05-426F-B4FC-465D95ED3FD1}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============

Name: Videocontroller
Description: Videocontroller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2015 10:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xb04
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/21/2015 09:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7100.0, Zeitstempel: 0x49ee918d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7100.0, Zeitstempel: 0x49eea66e
Ausnahmecode: 0xc0000024
Fehleroffset: 0x00080eb6
ID des fehlerhaften Prozesses: 0xdb8
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/21/2015 08:37:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {5e88fd51-575c-4585-93fc-d7d619ec6031}

Error: (05/21/2015 08:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7100.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a50

Startzeit: 01d093f41fae1f9e

Endzeit: 152

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 6c15b4e9-ffe7-11e4-990a-00123fedf47b

Error: (05/21/2015 02:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 10:40:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/15/2015 11:28:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/14/2015 08:04:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/12/2015 07:30:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/11/2015 11:19:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 11.0.8350.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 458

Startzeit: 01d08ba655f8c5ff

Endzeit: 531

Anwendungspfad: C:\Programme\Office2k\OFFICE11\WINWORD.EXE

Berichts-ID:


System errors:
=============
Error: (05/21/2015 11:52:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "qutmipc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (05/21/2015 10:47:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "qutmipc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (05/21/2015 10:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "qutmipc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (05/21/2015 10:45:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HookPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%50

Error: (05/21/2015 10:33:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
360SelfProtection
BTHidMgr
HookPort
qutmipc

Error: (05/21/2015 10:29:37 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/21/2015 10:29:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 10:28:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 10:28:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/21/2015 10:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1b0401d093fb59a9d505C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll03792e35-fff8-11e4-990a-00123fedf47b

Error: (05/21/2015 09:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7100.049ee918dntdll.dll6.1.7100.049eea66ec000002400080eb6db801d093f434210ceaC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll514262a5-fff3-11e4-990a-00123fedf47b

Error: (05/21/2015 08:37:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {5e88fd51-575c-4585-93fc-d7d619ec6031}

Error: (05/21/2015 08:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7100.0a5001d093f41fae1f9e152C:\Windows\explorer.exe6c15b4e9-ffe7-11e4-990a-00123fedf47b

Error: (05/21/2015 02:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\360\total security\CleanPlus64.exe

Error: (05/18/2015 10:40:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\360\total security\CleanPlus64.exe

Error: (05/15/2015 11:28:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\360\total security\CleanPlus64.exe

Error: (05/14/2015 08:04:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\360\total security\CleanPlus64.exe

Error: (05/12/2015 07:30:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\360\total security\CleanPlus64.exe

Error: (05/11/2015 11:19:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE11.0.8350.045801d08ba655f8c5ff531C:\Programme\Office2k\OFFICE11\WINWORD.EXE


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) M processor 2.00GHz
Percentage of memory in use: 83%
Total physical RAM: 1015.43 MB
Available physical RAM: 163.19 MB
Total Pagefile: 2039.43 MB
Available Pagefile: 1127.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:41.27 GB) NTFS
Drive i: (NORBERT) (Removable) (Total:0.48 GB) (Free:0.13 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 8C5B4B86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 489.2 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=489 MB) - (Type=01)

==================== End of log ============================
und:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-22 07:42:33
Windows 6.1.7100  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHT2080AH rev.846C 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\w7\AppData\Local\Temp\pxldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13B1                                                                  82E7B549 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82E9B6B2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                          qutmdrv.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                        fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                        qutmdrv.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011679feeb6                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011679feeb6 (not active ControlSet) 

---- EOF - GMER 2.1 ----
Bitte um Hilfe!
norxi

schrauber 22.05.2015 07:38
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

norxi 22.05.2015 20:24
Hi Schrauber,
habe deine Anweisungen befolgt:
Beim ersten mbar-scan wurde 1 malware-file gefunden:
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.21.04
  rootkit: v2015.05.16.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7100.0
w7 :: W7-PC [administrator]

22.05.2015 08:49:28
mbar-log-2015-05-22 (08-49-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 350002
Time elapsed: 26 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\CW.eXe (Hacktool.ChewWGA) -> Delete on reboot. [52f6692d25659b9b70ff156bda2602fe]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Beim erneuten Scan wurde nichts mehr gefunden:
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.22.03
  rootkit: v2015.05.16.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7100.0
w7 :: W7-PC [administrator]

22.05.2015 19:24:24
mbar-log-2015-05-22 (19-24-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 349744
Time elapsed: 31 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Der TDSSKiller hat nichts gefunden:
Code:
20:53:21.0144 0x0844  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:55:13.0519 0x0844  ============================================================
20:55:13.0519 0x0844  Current date / time: 2015/05/22 20:55:13.0519
20:55:13.0519 0x0844  SystemInfo:
20:55:13.0519 0x0844 
20:55:13.0519 0x0844  OS Version: 6.1.7100 ServicePack: 0.0
20:55:13.0519 0x0844  Product type: Workstation
20:55:13.0519 0x0844  ComputerName: W7-PC
20:55:13.0519 0x0844  UserName: w7
20:55:13.0519 0x0844  Windows directory: C:\Windows
20:55:13.0519 0x0844  System windows directory: C:\Windows
20:55:13.0519 0x0844  Processor architecture: Intel x86
20:55:13.0519 0x0844  Number of processors: 1
20:55:13.0519 0x0844  Page size: 0x1000
20:55:13.0519 0x0844  Boot type: Normal boot
20:55:13.0519 0x0844  ============================================================
20:55:16.0769 0x0844  KLMD registered as C:\Windows\system32\drivers\53040798.sys
20:55:17.0566 0x0844  System UUID: {21246C19-B843-5F35-ADC6-19A682827B3C}
20:55:18.0675 0x0844  !crdlk
20:55:18.0816 0x0844  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
20:55:18.0910 0x0844  Drive \Device\Harddisk1\DR1 - Size: 0x1E93C000 ( 0.48 Gb ), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:55:18.0910 0x0844  ============================================================
20:55:18.0910 0x0844  \Device\Harddisk0\DR0:
20:55:18.0925 0x0844  MBR partitions:
20:55:18.0925 0x0844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:55:18.0925 0x0844  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
20:55:18.0925 0x0844  \Device\Harddisk1\DR1:
20:55:18.0925 0x0844  MBR partitions:
20:55:18.0925 0x0844  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x1, StartLBA 0x3F, BlocksNum 0xF499F
20:55:18.0925 0x0844  ============================================================
20:55:18.0988 0x0844  C: <-> \Device\Harddisk0\DR0\Partition2
20:55:19.0128 0x0844  ============================================================
20:55:19.0128 0x0844  Initialize success
20:55:19.0128 0x0844  ============================================================
20:55:28.0894 0x06dc  ============================================================
20:55:28.0894 0x06dc  Scan started
20:55:28.0894 0x06dc  Mode: Manual;
20:55:28.0894 0x06dc  ============================================================
20:55:28.0894 0x06dc  KSN ping started
20:55:38.0550 0x06dc  KSN ping finished: true
20:55:40.0316 0x06dc  ================ Scan system memory ========================
20:55:40.0316 0x06dc  System memory - ok
20:55:40.0316 0x06dc  ================ Scan services =============================
20:55:40.0519 0x06dc  [ F1E3188DFA3028AAB68B9FD2DD3AFE17, A69C7127248621CA8E335E9C903C9880D9141908B9EC48A46982BDFAF06DCF49 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:55:40.0535 0x06dc  1394ohci - ok
20:55:40.0613 0x06dc  [ 52595955F119578E4ED54B5DD528E589, 1D9CA5F4ACC33ACFFB91C26205D0FE6CCF65B8B95ABC6EB313A6335C1E6E1653 ] 360AntiHacker  C:\Windows\system32\Drivers\360AntiHacker.sys
20:55:40.0660 0x06dc  360AntiHacker - ok
20:55:40.0738 0x06dc  [ D8DEE0F3BD03F49CCC30B761E42EE96F, 8176CEC53609427859287563432388DE3D2A74DF5DF771B513F97D5925A3A1F8 ] 360AvFlt        C:\Windows\system32\DRIVERS\360AvFlt.sys
20:55:40.0738 0x06dc  360AvFlt - ok
20:55:40.0847 0x06dc  [ ECFED10D908AAD82BEBC1581C185473E, 473466F8B54700C31872A2D544799A52376C486AFE1CC4A5889460A9817D8D29 ] 360Box          C:\Windows\system32\DRIVERS\360Box.sys
20:55:40.0957 0x06dc  360Box - ok
20:55:41.0003 0x06dc  [ 2255330A69644F179D0438666EEF1861, 29D10CBD372001332B49CD6248F7DFEDB7A707C8281AFFFFEE6F971D679A4973 ] 360Camera      C:\Windows\system32\Drivers\360Camera.sys
20:55:41.0050 0x06dc  360Camera - ok
20:55:41.0144 0x06dc  [ 0BBDAC6662A660776C126109296F2043, 909A4F6D2A04BE7CDF8254E03EA1E0344940FFEADD5C95BF93D3487B019CA996 ] 360SelfProtection C:\Windows\system32\drivers\360SelfProtection.sys
20:55:41.0269 0x06dc  360SelfProtection - ok
20:55:41.0332 0x06dc  [ 2E435A481093246930D113762FD40F52, 8149C90D8E515EBD973D7BC322FB754A4A7C186A2D56F3CAE341B1CB9ADBBCA0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
20:55:41.0347 0x06dc  ACPI - ok
20:55:41.0410 0x06dc  [ A301411D228DCD07A24ECC62D48F5AE2, 86B49FBB677370E36FF3B13F2915391202436CECDA9E3CBA8C2E480F87061FFC ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
20:55:41.0410 0x06dc  AcpiPmi - ok
20:55:41.0597 0x06dc  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:55:41.0597 0x06dc  AdobeARMservice - ok
20:55:41.0707 0x06dc  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:55:41.0722 0x06dc  AdobeFlashPlayerUpdateSvc - ok
20:55:41.0800 0x06dc  [ CB9719B72278864DCA271E214168B1E5, C305C70F05755BEF5D276EF3769CAC4B265C9509CEF8B8C365D43DDEC73B39F5 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
20:55:41.0832 0x06dc  adp94xx - ok
20:55:41.0878 0x06dc  [ A1A4F6FC13234C74FBB35F1B7866BDF6, 44538FEAAB8AF2820035420E6493C9F4002DC8C81329E2072169310F8FE1BDFD ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
20:55:41.0910 0x06dc  adpahci - ok
20:55:41.0941 0x06dc  [ 92CDAABFDA2C936A87C2823CE4A249DA, 28A8DD7E5A9C4F4BED6E5AFF95AC89CAFCC7B11DEE271D8CCCC9314DD1033E01 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
20:55:41.0957 0x06dc  adpu320 - ok
20:55:42.0003 0x06dc  [ 7C1011FCFFC748EBFD18FF7499B9CD40, 84C67E0B642CDCBFD611CF9BCF821D6CC1428F27CA1DE73E21C630F86C785447 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:55:42.0003 0x06dc  AeLookupSvc - ok
20:55:42.0066 0x06dc  [ 183C34872F51D34A41C0EDD3BA05C973, 5C9A302247479BBA2328F871E7E1ECEE9604B4C81664FE4CE188A24CAB12B4A2 ] AFD            C:\Windows\system32\drivers\afd.sys
20:55:42.0097 0x06dc  AFD - ok
20:55:42.0160 0x06dc  [ 7DFFC1CD425BCD998D9FDA0192383A19, 3008704B3B813F055B20FCF50B4BF9ACFEBA3A43E0D238B55F8A34160FCF719A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
20:55:42.0175 0x06dc  agp440 - ok
20:55:42.0222 0x06dc  [ C2D5D96A3FFAA4D5106A693743BDDFF6, 55E6388A9793C5A1AD79185AF460EE005CC67D6AD7B714F699BC7F897463AE29 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
20:55:42.0222 0x06dc  aic78xx - ok
20:55:42.0269 0x06dc  [ 2C0D11F1D059ECAB4C51E060F9111B98, 268BA8161ABCC7BB7B60F840BB793527CE715FE9185D6CF90CED2AECB9C07E92 ] ALG            C:\Windows\System32\alg.exe
20:55:42.0285 0x06dc  ALG - ok
20:55:42.0332 0x06dc  [ EA9072AD99811A397605D3FC78F4B095, 5B3401E427ECF8CFC2F73458C4B1DA4D055E71E7FDA0521D8F61B630A9CF3D54 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
20:55:42.0332 0x06dc  aliide - ok
20:55:42.0347 0x06dc  [ DBB1161C836883611BB551AE69355BA2, C85C3A14366819E7D379A2FCB8A4436E07D529A9E92F93A4E2645F6A5E5EDE4F ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
20:55:42.0347 0x06dc  amdagp - ok
20:55:42.0378 0x06dc  [ 05B53F2048C57423D6AB0EA1B9940452, 435CF9796E1052F779F676F4C5DB897395C0A2455FE5CC98D9CDCE6AE20325A7 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
20:55:42.0378 0x06dc  amdide - ok
20:55:42.0410 0x06dc  [ C395B78A0E601D4FAAA86DD6F24C3F96, 4ED1D8F15789283A2F5D908AF468F658DA036CB2553ECCB78B8659C411EA492F ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
20:55:42.0425 0x06dc  AmdK8 - ok
20:55:42.0441 0x06dc  [ F0EDFFE3545EB8604DD8F113E095CF5C, F23ACE2F30954D00ADF2761459D0DC3508AB382B2AE36E637EA1B6468FC4AC38 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:55:42.0441 0x06dc  AmdPPM - ok
20:55:42.0488 0x06dc  [ A1EFDF25677AABC65A1F69F4ADB5CE70, 978D81B48AF78FE4B639AC9E9593095F822B57C25A3FC33BB8164387939ECDE4 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
20:55:42.0503 0x06dc  amdsata - ok
20:55:42.0535 0x06dc  [ E6641B59279513BF828B85281011057F, 7D27222F236F85AF5DFA03DE71C75156903B9C40441704A0F41FEB9DF8C95F3C ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:55:42.0566 0x06dc  amdsbs - ok
20:55:42.0597 0x06dc  [ 6524374D1080863ED2894AB58C4E7DDA, 9E8D4A349BA91BDB12438344C6D5DD7C47CACBEFB8F603E20CD603FC9DF8F743 ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
20:55:42.0597 0x06dc  amdxata - ok
20:55:42.0628 0x06dc  [ 66EF8D5232C5CF341885D0977854FBAC, 004411610DEA794F8A8A1695FB63F180BC3256C0E3A1EB7BD55B87A2E36DB75B ] AppID          C:\Windows\system32\drivers\appid.sys
20:55:42.0628 0x06dc  AppID - ok
20:55:42.0660 0x06dc  [ 4E448B86863E4FE1F800CC06CA980CB2, 4A5B1B237A439A2A1BC8AEEBC62140FAF0CB5832DB11BA4CEA2B0F0FD76F59C8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:55:42.0675 0x06dc  AppIDSvc - ok
20:55:42.0707 0x06dc  [ E52B2BC18D32D0FC3507E80C1B14A386, 30F2640112D4F6860AA0EFA1AE2B5C2B506BD9842E73E44DDF1BB68EB92C6F38 ] Appinfo        C:\Windows\System32\appinfo.dll
20:55:42.0707 0x06dc  Appinfo - ok
20:55:42.0769 0x06dc  [ 9F9F206E4C9B525F0CC73F3B7417E62C, 297871945209AAE7796D4AEBBD9CCD2A10D9D5365EF026ADF4F2A530FB3C229A ] AppMgmt        C:\Windows\System32\appmgmts.dll
20:55:42.0785 0x06dc  AppMgmt - ok
20:55:42.0878 0x06dc  [ 1B778EFE22771E827EE24B334084A1F5, FC06337C38EC89EC784BF8C0AB0F6BFBCF0C7C9D9C1B2816215C60EA2DFD8696 ] AR5211          C:\Windows\system32\DRIVERS\ar5211.sys
20:55:42.0925 0x06dc  AR5211 - ok
20:55:42.0957 0x06dc  [ 70E35AA73967E87BEC99D637969CA372, 6BF496C406C8575151719518EF7E96EEA68A3E739D71CB15127805358315DCCF ] arc            C:\Windows\system32\DRIVERS\arc.sys
20:55:42.0957 0x06dc  arc - ok
20:55:43.0003 0x06dc  [ 7BEEC1527A46459FCA2099031F91FFDD, 1414D685D3C9D4BD8B583391EC30FA1E9294E4B4E89D0875A68C58ACE7CFB3C3 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:55:43.0003 0x06dc  arcsas - ok
20:55:43.0035 0x06dc  [ 20E5BEFF143ED1834279D63B695C03B3, 7B018C1FF44B8EE99F19C1D9EAEFEE2C30B896C109CCABF56CFD43E1E199376D ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:55:43.0035 0x06dc  AsyncMac - ok
20:55:43.0082 0x06dc  [ 80C40F7FDFC376E4C5FEEC28B41C119E, 5FB9BD9DA10A62E54B975049EF25306ECBDAC78EE3A1F3EE9BF3F3CDA621EA97 ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
20:55:43.0082 0x06dc  atapi - ok
20:55:43.0175 0x06dc  [ 2039E24FE00639A9123DCD6F22D42D74, 39B069EEE84FB5300674773CC14ABF8DDC081DF6D3049FDE7775A886CC05684B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:55:43.0222 0x06dc  Ati External Event Utility - ok
20:55:43.0519 0x06dc  [ D2E9ACB68FA61C911CC21E07F87705BF, FF4E2D8DF7DC014CF92046CA0F320CAA20D0C41B3EEF15FDDE45DAF0AEA046B2 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:55:43.0785 0x06dc  atikmdag - ok
20:55:43.0894 0x06dc  [ 8239783A264761720050C23A3C7B058F, 0406F5ABBB2F1FF724642F5AD4D6DF386D6B3C7E7D7959F12BAF4EFADD9FEA31 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:55:43.0925 0x06dc  AudioEndpointBuilder - ok
20:55:43.0972 0x06dc  [ 8239783A264761720050C23A3C7B058F, 0406F5ABBB2F1FF724642F5AD4D6DF386D6B3C7E7D7959F12BAF4EFADD9FEA31 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:55:43.0988 0x06dc  Audiosrv - ok
20:55:44.0050 0x06dc  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp          C:\Windows\system32\drivers\avgtpx86.sys
20:55:44.0050 0x06dc  avgtp - ok
20:55:44.0097 0x06dc  [ 8A9BCD8C94CEB32099291D83FF692A60, FEF5E92B98DC76FF032C4029D5C8D19FAE576EB62372F7897E4F5949EDDA4279 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:55:44.0097 0x06dc  AxInstSV - ok
20:55:44.0175 0x06dc  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
20:55:44.0207 0x06dc  b06bdrv - ok
20:55:44.0269 0x06dc  [ E1659F303F2602E0D393269970A09E35, 17634217A3BD0E1D3D47B4A5CF72DADE34B4F1EBCDA62FF5B68710C3A862F7EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:55:44.0285 0x06dc  b57nd60x - ok
20:55:44.0394 0x06dc  [ 626F61CD7A1599DF4C10B880CBBE0A22, EB58332566E2DA508ABBF28FBC3F4901EE7E43E5E75901660BC89D2179A7DFB7 ] BAPIDRV        C:\Windows\system32\DRIVERS\BAPIDRV.sys
20:55:44.0503 0x06dc  BAPIDRV - ok
20:55:44.0550 0x06dc  [ 60F1F92E2AA5F54D3317513C413B39AE, CFBA787A8CC6881BE1F1740D1A33E57430557A2997B9E489F6E8911514BFDDCA ] BDESVC          C:\Windows\System32\bdesvc.dll
20:55:44.0566 0x06dc  BDESVC - ok
20:55:44.0582 0x06dc  [ DB8585EB2B657917D41B773392A3F6F9, DA9959ED5121372D6BBB0F63E49501906202D6CC0868A814B9168FEA4B0FB32C ] Beep            C:\Windows\system32\drivers\Beep.sys
20:55:44.0582 0x06dc  Beep - ok
20:55:44.0644 0x06dc  [ F52F01B7010D916E90C97EEBF4B35082, 0A982AF7813316208AA287FA1039A25858A0F268C2823C73B36A55A866A1DF33 ] BFE            C:\Windows\System32\bfe.dll
20:55:44.0691 0x06dc  BFE - ok
20:55:44.0769 0x06dc  [ 3FDDF12B48AA2C44EA742EA6C7398F32, E4F09A6A59B2ABC47A2F0761117438E2C5BB1B83E56F47FD7FCD3EA0C283C403 ] BITS            C:\Windows\System32\qmgr.dll
20:55:44.0816 0x06dc  BITS - ok
20:55:44.0847 0x06dc  [ 4A7A4276724D6BBC48A754BFDA426C43, C583F709543F615BC739B036369E3D2C79F654BDA83DDAC1EE61059B64A7DA31 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:55:44.0847 0x06dc  blbdrive - ok
20:55:44.0878 0x06dc  BlueletAudio - ok
20:55:44.0910 0x06dc  BlueletSCOAudio - ok
20:55:44.0941 0x06dc  [ F9FEFEB12BA41B54E11F60449BEC68E2, B1F81D8887E7E2C5D5CB10B749AEBBDEAEE2A826148D92B4AAD2D7CA86DAFF81 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:55:44.0957 0x06dc  bowser - ok
20:55:44.0988 0x06dc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:55:44.0988 0x06dc  BrFiltLo - ok
20:55:45.0019 0x06dc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:55:45.0019 0x06dc  BrFiltUp - ok
20:55:45.0050 0x06dc  [ B508545A476F08D1421DFDD7DB0C6108, F4F4CD42ADACBE90A3FE242AE37924077F9F903D9B349AED9104B36991579D68 ] Browser        C:\Windows\System32\browser.dll
20:55:45.0050 0x06dc  Browser - ok
20:55:45.0097 0x06dc  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
20:55:45.0113 0x06dc  Brserid - ok
20:55:45.0144 0x06dc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:55:45.0144 0x06dc  BrSerWdm - ok
20:55:45.0175 0x06dc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:55:45.0175 0x06dc  BrUsbMdm - ok
20:55:45.0207 0x06dc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:55:45.0207 0x06dc  BrUsbSer - ok
20:55:45.0222 0x06dc  BT - ok
20:55:45.0238 0x06dc  Btcsrusb - ok
20:55:45.0316 0x06dc  [ E53897EEEEE1171A0023D329CF6CBC3F, B2E70CDC241AE872DB5ABA00035884C09D58B3FF053F2AA70BAEFE42B9DD6C3B ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
20:55:45.0363 0x06dc  BthEnum - ok
20:55:45.0363 0x06dc  BTHidEnum - ok
20:55:45.0394 0x06dc  BTHidMgr - ok
20:55:45.0425 0x06dc  [ E1195E078A01135C818D523710DECF88, D74D525E0B09126656F3FC7BF0DF80D91B12578AA928432185DBA40B94DBC8D6 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:55:45.0425 0x06dc  BTHMODEM - ok
20:55:45.0503 0x06dc  [ 3A5E6AC96590C543DBFD30B629A03558, 9B4BE1CC266B42F78E035E63C1F8657DE9724B594FD52D72ECBFF03D0AA570DE ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:55:45.0550 0x06dc  BthPan - ok
20:55:45.0628 0x06dc  [ D3AC03B301664430958548F023CE1C28, 436E267CF1C9C9AC21CDB244B6CFC1D764A8A44DCDB1608EB057D38A2BDABCC0 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
20:55:45.0707 0x06dc  BTHPORT - ok
20:55:45.0753 0x06dc  [ F6DDC89540EE6B7DCB81FD7A9619EE60, 2C3A950E161BAE99F858DE05AD1DE49CDC0309F67AEEEE1216928809D7E172BC ] bthserv        C:\Windows\system32\bthserv.dll
20:55:45.0753 0x06dc  bthserv - ok
20:55:45.0785 0x06dc  [ 60A0321E12B4B807590523E33A77C818, 641F39F4F2B3075CB81FFCE565918FFCE901F12A21CD3D74E8BF4C786063F9E6 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
20:55:45.0863 0x06dc  BTHUSB - ok
20:55:45.0910 0x06dc  [ 970852ED1893CAAAB6C090AEE57F2AC5, 2AB8E3DC91D14392C97ABB29263DC6070E31BE23426B5227ED284E420472E628 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:55:45.0910 0x06dc  cdfs - ok
20:55:45.0972 0x06dc  [ EDF617E3CE277E60B8DDC2B6E99B1D54, 0913F7BBEE97711E72C6F8A503DF56D012A23401CB1BE3A4A5C867BB28B1614E ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:55:45.0972 0x06dc  cdrom - ok
20:55:46.0019 0x06dc  [ CC208724CC5F2CB4CC95791BD5A01E24, 15634FFD69A7813920B032A6B91DA97CE68F92BF599CDE61D277FC3D9A3232B3 ] CertPropSvc    C:\Windows\System32\certprop.dll
20:55:46.0019 0x06dc  CertPropSvc - ok
20:55:46.0050 0x06dc  [ C681994524F48147471AA20C1CA6873F, A5D64ABAB121165DE7FDCFD7002A4585DB8506BA7E58E1D2901726A934694F05 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:55:46.0050 0x06dc  circlass - ok
20:55:46.0097 0x06dc  [ CC67CB3E19438AF56D17FBB4E73E7A48, 1DDEBBD5654EF64FE084C21002B342781647C3F1F38BDE701505E601D206DD46 ] CLFS            C:\Windows\system32\CLFS.sys
20:55:46.0128 0x06dc  CLFS - ok
20:55:46.0222 0x06dc  [ F6A8B0E679D49B70895A9BBB938D1AA8, A6CA2E69466D752CB24E2E4E369890AC51EEA820D6308CEAF5775EDD856C7052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:55:46.0222 0x06dc  clr_optimization_v2.0.50727_32 - ok
20:55:46.0253 0x06dc  [ 7DED7AED1165C797DB7052096FA7D8DE, 29BEDBEBC04732C300C40E5E666336D34FC8061C8238DED2D3A2C5EE7E2390C9 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:55:46.0253 0x06dc  CmBatt - ok
20:55:46.0269 0x06dc  [ 2E9A4971F238DC19551C373586AC8E61, 1348A38FDAA2D4089C97136D9FDB5CFDAA905D3376C5AFD4A0B21FE0BA3D222D ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
20:55:46.0285 0x06dc  cmdide - ok
20:55:46.0332 0x06dc  [ 8265E2FFEEBEFEF63D69F3AC34290284, 61D59203A659E61586C18B1BBB5DA9E1C90390DD83ED16C316AC088DB0188ED5 ] CNG            C:\Windows\system32\Drivers\cng.sys
20:55:46.0347 0x06dc  CNG - ok
20:55:46.0410 0x06dc  [ C119DDF75E8D22C08502516D8F47965C, 05396230B35BD52C627B9BF8F92994B02C1CE883A9B7366998361F0D1A34DFF6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:55:46.0410 0x06dc  Compbatt - ok
20:55:46.0457 0x06dc  [ 5E7CF9244ED5F0AAC4B01E82F51C34B1, 0C80E4A22EAB135650F482F5A589DC9A1C6225B3CF972B54A2AC866AB96A7B1E ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:55:46.0457 0x06dc  CompositeBus - ok
20:55:46.0472 0x06dc  COMSysApp - ok
20:55:46.0503 0x06dc  [ 60886E350EE7F7D2F636158047EF7B52, 6D1F5C8DEB8F7C1FC25FD78720B9E81E31BF86CF6A40D44180B06701211BE256 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
20:55:46.0519 0x06dc  crcdisk - ok
20:55:46.0582 0x06dc  [ 3DA62576A423BB1A9D882F7CDEAF21BB, F539C18425D3BD71E452CC20211B9357D126E893EF8C7D1DC4139FD7BEE2CD80 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:55:46.0597 0x06dc  CryptSvc - ok
20:55:46.0660 0x06dc  [ 1A8A41AF63D1A2CDC547B2F3C32A3DF5, DD51CED3AE7B9FC722710712A8303FF4A816E1317508014A510B7E137A01C959 ] CSC            C:\Windows\system32\drivers\csc.sys
20:55:46.0691 0x06dc  CSC - ok
20:55:46.0738 0x06dc  [ CD27B17926FF2C4895D2EA448BE5583C, F780343D88783C2B7BD25F3A3963EFB06FE3C5A6684D68F56E9E56F708EE253B ] CscService      C:\Windows\System32\cscsvc.dll
20:55:46.0769 0x06dc  CscService - ok
20:55:46.0832 0x06dc  [ 0E829890E9E00BBBA3352B02C718CB63, 05236C8ADF3884EBB1C084A7FE6CF42464E516C23C44D4C89AC81E92991D96D4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:55:46.0878 0x06dc  DcomLaunch - ok
20:55:46.0941 0x06dc  [ 0502C0314B97E3B10521F0EB35DE6389, 445BCB96679E1B196DA6149FB36DDB247B0F7E7E5EF02EBA165843BBE9A6A9EB ] defragsvc      C:\Windows\System32\defragsvc.dll
20:55:46.0972 0x06dc  defragsvc - ok
20:55:46.0988 0x06dc  [ FB5BC26CA0B713C3B83F8B5B55BFCA51, CFD5C49BF297F46A98D52B20C0D2E6B78220B2358174D36AC03144E92EBFB962 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:55:46.0988 0x06dc  DfsC - ok
20:55:47.0050 0x06dc  [ DD0C4C2864E69696B51A3BDBD9DD009B, 194C7A120D57141C811501EEC7D8281721D28386052251C345A55DAD400C4009 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:55:47.0066 0x06dc  Dhcp - ok
20:55:47.0113 0x06dc  [ 39E41536536C6A73E54723744926758C, 2BF633CF396D237A782FB2F546671379A7E50B261FA1C8A6011347D8D6A4530A ] discache        C:\Windows\system32\drivers\discache.sys
20:55:47.0113 0x06dc  discache - ok
20:55:47.0160 0x06dc  [ A379F8C88D9825098027EFAABF3EB337, 2F83B59D3905742160A4831F3744CC2C35034C12D1AAB0684FD8909D4FE28A18 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:55:47.0160 0x06dc  Disk - ok
20:55:47.0207 0x06dc  [ 227A62E6B51EEA26EAA2668037007E28, EBC3A278A6FECFE87796177B5D7E15C9F8DEC29CBEB7C23D8B445DB1F2A870C9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:55:47.0222 0x06dc  Dnscache - ok
20:55:47.0269 0x06dc  [ 46731FFAB05F8C8660300D40A11F28E6, 19852A74B58A3CADABED352CD0BB7E8602E208832645D3EE2C51A3838487AB37 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:55:47.0300 0x06dc  dot3svc - ok
20:55:47.0347 0x06dc  [ B5146D81FE5C1C949A0E5EFA0BFC049E, 8D8B507D7F8C15BBE5750204A596D1A756EA64E8FBF4904B48C31C8B61B11968 ] DPS            C:\Windows\system32\dps.dll
20:55:47.0347 0x06dc  DPS - ok
20:55:47.0410 0x06dc  [ 64506061C2F506747CCBF36E204D518A, B3C9D39D89167A6BBEC9B92FA6BF20923B1D076EFE0F975DE64C78B95AF69CAB ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:55:47.0410 0x06dc  drmkaud - ok
20:55:47.0472 0x06dc  [ 90CDB54A4ACB66B29D0DE83A3848D813, 156A4948E893017B546E7AF6D46B6B4D9FDD6C362DF4282B423954B1EB2AFCF0 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:55:47.0519 0x06dc  DXGKrnl - ok
20:55:47.0566 0x06dc  [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
20:55:47.0566 0x06dc  E1G60 - ok
20:55:47.0613 0x06dc  [ 6C4EBC011F72D9920DBE7156716306BD, 82B623A13001A78C8EAE59F392A8A4588330EBD83925527A2C0CFF27E9DEF33D ] EapHost        C:\Windows\System32\eapsvc.dll
20:55:47.0613 0x06dc  EapHost - ok
20:55:47.0847 0x06dc  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
20:55:48.0066 0x06dc  ebdrv - ok
20:55:48.0144 0x06dc  [ 1EE5F9F327D19074DA82B58D8252A749, C1DF36F5DB9D72D49F7D43DFF125BCDCF3D001798A4B75CAC00B6E129E0266FE ] EfiMon          C:\Windows\system32\Drivers\Efimon.sys
20:55:48.0175 0x06dc  EfiMon - ok
20:55:48.0207 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] EFS            C:\Windows\System32\lsass.exe
20:55:48.0207 0x06dc  EFS - ok
20:55:48.0285 0x06dc  [ BC200BCAA4249AD3BAC88309BB5CF6E3, B52465DEB9026C5E63412172F9CD6D040AAACB0AB16581B7014D7DC54F42B90A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:55:48.0332 0x06dc  ehRecvr - ok
20:55:48.0363 0x06dc  [ 604D93A8D626BB36A6B6D058F0626A6E, 8E941838B7A8260B832DBCB28E5FCF56F573673F6E7F97A9B92B1D24ADDD3AE5 ] ehSched        C:\Windows\ehome\ehsched.exe
20:55:48.0363 0x06dc  ehSched - ok
20:55:48.0441 0x06dc  [ CD35088D84A17CA694658A3CB0EBD13C, 851961D7D327F813B5038F111F4EF31A38F8939EE7256603CCAA43DD5DF742AB ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
20:55:48.0457 0x06dc  ElbyCDIO - ok
20:55:48.0503 0x06dc  [ 0B15894B0698ABCAC9F19D060119D1D0, B9CC24CD14A1907075A009D9F4751AD40D64F45C4493EBDF078BA895C22EF60C ] ElbyDelay      C:\Windows\system32\Drivers\ElbyDelay.sys
20:55:48.0503 0x06dc  ElbyDelay - ok
20:55:48.0550 0x06dc  [ 908786A418AD69ED28E2A03AB14F9A2C, 76C4F613214E52DECCC8F9D3F326FDDA90C593CF00A5A2395B0E38E804F1740C ] ElbyVCD        C:\Windows\system32\DRIVERS\ElbyVCD.sys
20:55:48.0550 0x06dc  ElbyVCD - ok
20:55:48.0628 0x06dc  [ A2984D22D8337BAE947F63DE9A8305E1, 67D458E26EB59916B47499B79A2968F81B5CC65D6DDC50CB78578868E20B3723 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
20:55:48.0660 0x06dc  elxstor - ok
20:55:48.0691 0x06dc  [ 12C8D0197528048BFFA687DE93E3C3B3, 50A04CE248E15AE24184D7CE318A8D0FF579BC2DC96B514C051AF0D0AEBC4B89 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
20:55:48.0691 0x06dc  ErrDev - ok
20:55:48.0753 0x06dc  [ CF1602A6FE49BAC4E27A2A51E5B1F448, 4C182364D7D63C3F5E7CD0E93A703A80CC491053AD76DF9CDAAD666BC307240A ] EventSystem    C:\Windows\system32\es.dll
20:55:48.0769 0x06dc  EventSystem - ok
20:55:48.0816 0x06dc  [ 73A6551C0BEA6E3F13699932F97D8A9D, 4A85E8B383BADA1226790022EBC4936E4832450DDCE788AA7BF5A5206098B00C ] exfat          C:\Windows\system32\drivers\exfat.sys
20:55:48.0832 0x06dc  exfat - ok
20:55:48.0863 0x06dc  [ 7597DF0FD7028049D770DDF4AB86B50D, 4055A1F5719E1191F3565CB45B157793F3924B9B09AF35DDB189DD56F8FDD8DC ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:55:48.0878 0x06dc  fastfat - ok
20:55:48.0957 0x06dc  [ 40BA18140F58FAD95AA663C82ADF58E8, 9ED9A307C2491CEF07D60DE2ECF433C075F87C6D4D70B41A6F4FA4D5997AB5B4 ] Fax            C:\Windows\system32\fxssvc.exe
20:55:48.0988 0x06dc  Fax - ok
20:55:49.0019 0x06dc  [ 627477D6123005AD9CE5810A3D677302, 65F7487E5BABCABBE3F2EEF69838E0682E5DC68BC792367DE1AC4FC3696DB75F ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
20:55:49.0019 0x06dc  fdc - ok
20:55:49.0035 0x06dc  [ 4DC3CCD7082C8633D9701D635DF0C034, 2B3728679A7B44FBB385D75353C177977988554281103881F3BA4D45FEAC46F4 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:55:49.0050 0x06dc  fdPHost - ok
20:55:49.0082 0x06dc  [ 7B38E9F4E25B94D52B13705C7CE86953, D2A3A92253D431EDFEB6D9EA1DA1853FD913195AB21DEFAB1ACA3F4B7AA5EDFB ] FDResPub        C:\Windows\system32\fdrespub.dll
20:55:49.0082 0x06dc  FDResPub - ok
20:55:49.0113 0x06dc  [ DB256B7FA5FBB37436F52238D84ABB8B, 00CC23483A31ECA82B09ADA64A13DE33C59B3E9E8D7CFB8438E3742740A71811 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:55:49.0113 0x06dc  FileInfo - ok
20:55:49.0160 0x06dc  [ F52E7DF356A6885741DEA5D2D9C6AC20, AC4330BA7592BC3A4C8A8F3088E54979D41ADBEB0912D424424F4D5E0A7EB44F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:55:49.0160 0x06dc  Filetrace - ok
20:55:49.0175 0x06dc  [ A2B49CDC1F176B2F5169C64A563B1E6D, CF92FCBFF1EACEBE3E5EF653102A719DA5CCA2BFF49D290F2C65C59BD109FA28 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:55:49.0191 0x06dc  flpydisk - ok
20:55:49.0238 0x06dc  [ 1E158DEFC36838CACEDC465900B1D76A, 03096E6C787534D8A98D59FC8C5F4B99FD3E3A257FAB7868DE0991C0378A8A13 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:55:49.0253 0x06dc  FltMgr - ok
20:55:49.0332 0x06dc  [ A16DB1C4C9B14F786C623EE9F478E066, 0AF658B476278F32E0F7596484707EC25D88E677700DCAF2FAFC0D38DC3B77CD ] FontCache      C:\Windows\system32\FntCache.dll
20:55:49.0394 0x06dc  FontCache - ok
20:55:49.0472 0x06dc  [ 964FB6494E33F5D476DAE4FF51AD9A8B, 7EEB6C0028067296841FDE75E56C345C51C107E082D5CC78CF822A4D2F1464B4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:55:49.0488 0x06dc  FontCache3.0.0.0 - ok
20:55:49.0503 0x06dc  [ E2AC950EE2769827E2E04F3A7849B08A, 0631E8762529F36F4FBED77EA1872F99D1522D80D54FF2DCA51E0E59D0EB847C ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:55:49.0503 0x06dc  FsDepends - ok
20:55:49.0535 0x06dc  [ A1ED4A69BFD446651642FEF693D8277C, 5A50D4D6433F4DDC00FCA88AAB148C9204FE7D86915557DD1B0AA2EDFCEADD0D ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:55:49.0535 0x06dc  Fs_Rec - ok
20:55:49.0582 0x06dc  [ F914CCAAE271C07956220C45BF81C967, 70B5CDD5EBF3F9BFE6369FBBD5804372F672EEC67CD48632F98232C922893166 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:55:49.0597 0x06dc  fvevol - ok
20:55:49.0644 0x06dc  [ CE3FC4EFC8F25F43C9BBD7E154CA87CC, 129F312D814AD2F77C453B4B6F9D77F8E56413D8F16FB10A073698DCA5E3273A ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:55:49.0644 0x06dc  gagp30kx - ok
20:55:49.0722 0x06dc  [ F8EE2BA4A4FFF6817EEDEBB616FB047D, 66F23F5A430C7B21A2E45879F105B99A7729B1783907C7F3B61AD5AB38469F2D ] gpsvc          C:\Windows\System32\gpsvc.dll
20:55:49.0769 0x06dc  gpsvc - ok
20:55:49.0800 0x06dc  [ A65DED2EBD1C922D311545A2E7697332, 2AD899C6015FF61DAE0F16D764A34E01E55AF28078B254E7AC137FD0F8D96B98 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:55:49.0800 0x06dc  hcw85cir - ok
20:55:49.0832 0x06dc  [ 3437421020BA6DE5F35CE8EFF301D41A, 18A056B333814ACD636648FA266D8B4442967C23773BA5A33BDDAA49427A3425 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:55:49.0847 0x06dc  HDAudBus - ok
20:55:49.0878 0x06dc  [ 563DDB955D8FF84EA227045E931E7FE0, F364F2BD354B9DA0AB563F48ADB320054103E7936CE7A91A59BA25E42F9A08D3 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
20:55:49.0878 0x06dc  HidBatt - ok
20:55:49.0894 0x06dc  [ CF7DD6258CE05A7F1621CA8F67E615C6, 68F8C39612F929144538517FEBA472DADF9E98D07CE7135FD09E8813A4D104A6 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:55:49.0910 0x06dc  HidBth - ok
20:55:49.0925 0x06dc  [ 5DD466267F11BAB4272255CE6E11A55F, 457CAD6D1987ABFF0CCCF171AD07C27D9BE2CACDA312990B77AA5B929842EB48 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
20:55:49.0925 0x06dc  HidIr - ok
20:55:49.0957 0x06dc  [ E0A1CAD678E1A7775B495BD8961FE725, BED77425268C7C2B5F912C420A3D7849EABC4821A2E2A39570E11C247EC5F079 ] hidserv        C:\Windows\system32\hidserv.dll
20:55:49.0957 0x06dc  hidserv - ok
20:55:49.0988 0x06dc  [ 3B197964C30462A9180724CE44A7F7F9, 3A9A67B15D4C0E320E5D3CB06E9C430DFCFCC35564C064573269F614CD93795C ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:55:50.0050 0x06dc  HidUsb - ok
20:55:50.0082 0x06dc  [ D7967C23CDAB0148525788B828E6EAE2, B0831BDB5AD83B312E7748A39C0CDEEC0A787E58598A6AA9499E28493ACEB2FF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:55:50.0082 0x06dc  hkmsvc - ok
20:55:50.0128 0x06dc  [ 427E7EB7918A223C99EA17271D47478B, 7E17AEF18495914E2E1B7FEF25F6E622E4BEB14E9806DAE53E1562A4A2692A3F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:55:50.0160 0x06dc  HomeGroupListener - ok
20:55:50.0238 0x06dc  [ C320F08D0A0D2C29A35700CDD514CB79, 6FED68F8A645EA9B80B77A93C1E483CAC5678E2A2FE014AEFB37EB65E903AE12 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:55:50.0253 0x06dc  HomeGroupProvider - ok
20:55:50.0347 0x06dc  [ A377DAC0A2443F5301E97FA76096E609, 80FC0051745CA8130951B7870D9D16A9CB996C023D77F4DE4A2702757F472281 ] HookPort        C:\Windows\system32\Drivers\Hookport.sys
20:55:50.0363 0x06dc  HookPort - ok
20:55:50.0394 0x06dc  [ 91A15EC4471AA8D2A6392C3BCB2D3DC2, 15C0E6FF1772E566482461559998D95698E2A62DB30E07D261D46A175F06CC6F ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
20:55:50.0410 0x06dc  HpSAMD - ok
20:55:50.0457 0x06dc  [ E2F8E8191EE6A7BE008BDE5D5429BC47, 6D36643A6D0C6E36E5BBB6B5C197BD058A3C91407629C3E66F354F63DEAF3481 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:55:50.0503 0x06dc  HTTP - ok
20:55:50.0582 0x06dc  [ 72E4194E66F103A0CB94AD8771381579, 780D46B179DB13EDAFA161CD023E99C10B0994E91216316ED43F5AD8F6960DED ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:55:50.0644 0x06dc  hwdatacard - ok
20:55:50.0691 0x06dc  [ 5E74325B4F0A07E583D2BEC72B3099FB, B7CE3FEEE1ECABB568F0AC365AEEA939F4517BC21F81A7C6351E8169699C6F82 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:55:50.0691 0x06dc  hwpolicy - ok
20:55:50.0738 0x06dc  [ FF72BE8FE6F69667E2C86111B4EA201B, EC44D968AC4484F86AB4EE10F14725279AAC9F7DCDBDFCE2D6260A6E8BE36AF4 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:55:50.0738 0x06dc  i8042prt - ok
20:55:50.0863 0x06dc  [ 643162FBC619E35D3F1A90A095A5BB42, F59C325B9822E740C5E2808791CFDFD3E8CB543557E52794F578566546B9316F ] ialm            C:\Windows\system32\DRIVERS\ialmnt5.sys
20:55:50.0941 0x06dc  ialm - ok
20:55:50.0988 0x06dc  [ AC958B65CDE27ADFDEC628BF7ECCEB8C, E1483BBDBD92C1E03F0BD37BC16FE18507BC5111CBFA0B9A098FD51671687510 ] iaStorV        C:\Windows\system32\DRIVERS\iaStorV.sys
20:55:51.0003 0x06dc  iaStorV - ok
20:55:51.0050 0x06dc  [ BF648877413F6160E480814A24942B65, 044986AAE743A8513A825FBFD6DCE08B43DBFC7473D062E72ED8D0DF154C280C ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:55:51.0050 0x06dc  IBMPMDRV - ok
20:55:51.0097 0x06dc  [ A75CE11915E4ECC5E1597D6E0F7BB2DB, AE77C4BDFA848AE0A0E4ADC427B489E4A2A61BF45BB8BA70390D1421A3ADC4DA ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
20:55:51.0097 0x06dc  IBMPMSVC - ok
20:55:51.0207 0x06dc  [ FFE589007CB703C958AC6E9051327DD5, 7CDA96B81AB344FE616CB25A8B65265BB4BF96626F1E9B1DFCA5C85CEBBE9872 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:55:51.0269 0x06dc  idsvc - ok
20:55:51.0316 0x06dc  [ 0D530FE77DFEC74C7731CCD30D620021, 36E0862ABFF7776853EA7C794BB4B31ED28F704A2F8B08BAFFF877ED78DF382E ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
20:55:51.0316 0x06dc  iirsp - ok
20:55:51.0394 0x06dc  [ 1B9C17C7294D316F9FDE5F9E25A7EEF2, 77C954260CD5212C882D18E882FAA75BAD295BE481C997C185DB16C6BE812B5A ] IKEEXT          C:\Windows\System32\ikeext.dll
20:55:51.0457 0x06dc  IKEEXT - ok
20:55:51.0519 0x06dc  [ 5493DEC4821FF89FD31D2E34EB4535AB, 2D6273F18C697016E69B4555A18F2BF2469B1A7D99628FCEDE4634CF0351FDBB ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
20:55:51.0519 0x06dc  intelide - ok
20:55:51.0550 0x06dc  [ 01A44D9FEF87073BF030FA1920000DB0, 3175E359A6F3CFCC0F89EFC300163F5915425D17159BF2BCDC5A9FB30804895C ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:55:51.0566 0x06dc  intelppm - ok
20:55:51.0597 0x06dc  [ DCCB0CAAB4B67AF7B34AFA8203674FEF, 6E233B09ABCE1389516CE038EB964A36D0BC62C0280D9D116323AB9CAA94B7DD ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:55:51.0597 0x06dc  IPBusEnum - ok
20:55:51.0613 0x06dc  [ DBDE76F5B377EB24A3588FCF789DDF74, 653493C8E71288D470BF10293671A002A07B6A1A2B4151A564F67D493D5C429D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:51.0628 0x06dc  IpFilterDriver - ok
20:55:51.0675 0x06dc  [ 614859865CDC33A103083976B9211AB8, CEF65CEBC498743A570FC86323678B549AAD4784B05681B79AB543C1835E3D28 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:55:51.0722 0x06dc  iphlpsvc - ok
20:55:51.0753 0x06dc  [ 8A19FAE8CFF37B7A8DDB48404728BB38, 6A68B21FA27A9688518C4D2401DEE8F322DA63EF74E9E6BB427B2F028005643A ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:55:51.0753 0x06dc  IPMIDRV - ok
20:55:51.0785 0x06dc  [ 3D3C33D6BF0828324D1813CA3980E0FB, 7BE37B3E9F6BD3306A4F3F07E2BDB0E01E4AFC98A5C421D6DDA656F3735E5CAA ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:55:51.0785 0x06dc  IPNAT - ok
20:55:51.0847 0x06dc  [ 4D81D6508C5957276F59D929F64A5C38, BD57A1CAD2F3EE99D4EC58E9288DF24855E1C0E4AAF995B437F42D20575AF19C ] irda            C:\Windows\system32\DRIVERS\irda.sys
20:55:51.0847 0x06dc  irda - ok
20:55:51.0894 0x06dc  [ 84B500317DF9D2637AC93E44FD461FF5, E5E0C7D409F9FE10D95D8C3CAA38EEF32485BACD48BEF197814A5CD38BAAEEA6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:55:51.0894 0x06dc  IRENUM - ok
20:55:51.0925 0x06dc  [ F5F2036B5D54118E29BD5C9FAA3BB4DF, 3B9736EBF498DCE24057A0C93FCB20269B7D5F20204C8FC4B38A8D03384333C3 ] Irmon          C:\Windows\System32\irmon.dll
20:55:51.0925 0x06dc  Irmon - ok
20:55:51.0941 0x06dc  [ C3B2BCDC1C62EB774C1625F8023671CA, 4E6EE2B8B6D37B4EAB10575FAE4B064F6B86B1D8B25FE39486D9E7FD9052DDD7 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
20:55:51.0941 0x06dc  isapnp - ok
20:55:51.0988 0x06dc  [ 46390D4F2A6710CD6FFC8D31F5B6453A, 8902AC07F71A38A7E056F62EA647FD0F6EFC7479993F3B00D186FB62FCD005F1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:55:52.0003 0x06dc  iScsiPrt - ok
20:55:52.0066 0x06dc  [ 21D8C59033A6F62DE759236F14BCC693, B6B704726EEC4DEE41ADC5B05A8A3E191BEB6CA698020B50D03CABA1987031AE ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:55:52.0066 0x06dc  kbdclass - ok
20:55:52.0128 0x06dc  [ 322C47BB688A1250E340CA76C59470BD, E6FED82760BBFC4A06D57001E92A89304C42F55DAF54D1B0C9B659A2622ADB0A ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:55:52.0128 0x06dc  kbdhid - ok
20:55:52.0160 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] KeyIso          C:\Windows\system32\lsass.exe
20:55:52.0160 0x06dc  KeyIso - ok
20:55:52.0175 0x06dc  [ 8B472D05B520CB300C108D8D3F94BC4A, 0D379DF1B79D26FAEDC2928BBC91D2A71C46966A3D8D0AF7F720E6FF66B11CB3 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:55:52.0175 0x06dc  KSecDD - ok
20:55:52.0207 0x06dc  [ BBF9CFEA2D3B4049E2CA18B2D6F4A916, CF2BD263B78870D12698A1290987C740307388F5FF07DDFA17E0B8768C84CE87 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:55:52.0222 0x06dc  KSecPkg - ok
20:55:52.0285 0x06dc  [ BBA8BF97FACBDDA25BF8EBBD6E445DE0, 296FFD6A0CEBB7435B4C2E247F95F6E9DC069F3B2A098E89014E9A1810FCF4EF ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:55:52.0332 0x06dc  KtmRm - ok
20:55:52.0394 0x06dc  [ 2570DB1167C6716CFE8EE0DFC13D2B23, A2638657E47C7325C955056D14116EFDB70E6357C0131CCE9EA71AC18E067D54 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:55:52.0410 0x06dc  LanmanServer - ok
20:55:52.0457 0x06dc  [ 70AB6AE64BEABD3BE0966EF4B2958245, 45A2B0F8662AF9ED96C9C79B2AE0689EF4277BE727F4538097151F96FE68730A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:55:52.0472 0x06dc  LanmanWorkstation - ok
20:55:52.0519 0x06dc  [ 56B6B12064159094E1DCF3667F338CF4, 3B00140114F53A4041A9750BFD6A83C5ECCA8B1D73D03C63AF4494399D1989ED ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:55:52.0519 0x06dc  lltdio - ok
20:55:52.0566 0x06dc  [ 831E14CEDA9E717FB2E449EFBEE7C0C0, 31273D5B8E1A8F485C32B7F94BFE22DF0397E7C89F0977DD41D210244CBB4086 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:55:52.0582 0x06dc  lltdsvc - ok
20:55:52.0613 0x06dc  [ 629EF99C36A5CDDB9119D43A475F01C1, 8F6AC25AE35133DD6F3CA99566730696EA48A3318F587A95B66462D312FC33D9 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:55:52.0628 0x06dc  lmhosts - ok
20:55:52.0675 0x06dc  [ E01CD2302BB3B19A50922A05028D3863, E315E05AAEF952DB34806808040D4DE83082508C4AE68C513DD78B10B1A5FDBB ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:55:52.0675 0x06dc  LSI_FC - ok
20:55:52.0707 0x06dc  [ 45A1373EA2E7BF21F77AD88180820FBA, 7FE9039F67FF9B72A6478C6D9BA8A7F9A93B038868DAAA4428DA848856A4C981 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
20:55:52.0707 0x06dc  LSI_SAS - ok
20:55:52.0753 0x06dc  [ B791FD73219AC7C4755FC473BA869D1F, CEFA2F9EDBBE5C1E6A877BC11D94BE7262FC8091E88DBBC1EFFBA6B4931D3CE3 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:55:52.0753 0x06dc  LSI_SAS2 - ok
20:55:52.0785 0x06dc  [ 3A5BD4B6BBCDB1FDBED48555366B1589, AEC422624DF5642B5BD48787D5AE0CF5F53CABC4713D5FCB3016A12C6ECA7DAF ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:55:52.0785 0x06dc  LSI_SCSI - ok
20:55:52.0816 0x06dc  [ 662A4CC0040557F4EEE8A570479D26D8, 8673CF64B327C1F3C14D90E6FF89C7CDB2E24B3A1BE86679EECFE71B2AD0229E ] luafv          C:\Windows\system32\drivers\luafv.sys
20:55:52.0832 0x06dc  luafv - ok
20:55:52.0863 0x06dc  [ BC0FEDAB2FB20FF4186FF30A8873859F, 78190F3DFBE7BAF9BAA9EED53116EFCC8FF8AC03F1E348E514DAA6D2008F9813 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:55:52.0878 0x06dc  Mcx2Svc - ok
20:55:52.0972 0x06dc  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:55:52.0988 0x06dc  MDM - ok
20:55:53.0003 0x06dc  [ DE749597787DE1ABE22111F6AD8E7087, E02A09140369A728C37E6ECC5A8D449410EC7BBC933E1BB290FE1F1A0B6ED48F ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
20:55:53.0019 0x06dc  megasas - ok
20:55:53.0050 0x06dc  [ A86E92C416C8B31620B08354FE03723E, D0558E9F835E52ADE88F720979FEC0D228331BB743689A8750971D23B86FA53B ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:55:53.0082 0x06dc  MegaSR - ok
20:55:53.0113 0x06dc  [ C93856D7B07CA30B7B451CCDE12CF873, 6F94494499E1A71BBC009E0D9353A91D0A8F284680E5E26C2808162440FCA132 ] MMCSS          C:\Windows\system32\mmcss.dll
20:55:53.0113 0x06dc  MMCSS - ok
20:55:53.0144 0x06dc  [ C4425FC9A1C56340F62DFA3F52173058, 94D51FADF578A411F824735B7DAD662C6FAF620F1E59AA50A518C2554960EBD9 ] Modem          C:\Windows\system32\drivers\modem.sys
20:55:53.0144 0x06dc  Modem - ok
20:55:53.0175 0x06dc  [ C812018B545EC2955CB1CC45E219B316, 4440C71654EE21191E21F5E757308282B725008504933C156319441208B929F1 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:55:53.0191 0x06dc  monitor - ok
20:55:53.0207 0x06dc  [ 04F4BB4D08F514849C10D842862EE449, C8BBBAE528BC7FC609D1C24B93A3C5B55BA1BCC5DCF36C56D64C7A2DDB7E4B11 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:55:53.0207 0x06dc  mouclass - ok
20:55:53.0253 0x06dc  [ A6DFF9490F6D8E4C4D14128F7C17E844, 917DE263F394C591CB3BE61607046B20E017A5140936E9EF36E1BC0C9C74521F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:55:53.0285 0x06dc  mouhid - ok
20:55:53.0316 0x06dc  [ F63D287A792C4B0460AB8C621B1391AE, 07FA175A4AC5AFF85A6D32FE05BE170C74A6A4D365B9E3A0EDEA219AF8807F06 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:55:53.0316 0x06dc  mountmgr - ok
20:55:53.0410 0x06dc  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:55:53.0425 0x06dc  MozillaMaintenance - ok
20:55:53.0503 0x06dc  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:55:53.0519 0x06dc  MpFilter - ok
20:55:53.0566 0x06dc  [ 3431EE8E4F9C95451C03C9737E4DE50A, 6C3A02B48065B639D0AEF4740A96D439E60D1A0D64BFA7C0CE9DBD7ECDC87662 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
20:55:53.0582 0x06dc  mpio - ok
20:55:53.0753 0x06dc  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl5a17a9ee  c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4E79B4E-D50C-4A78-9BA4-9E04F8E10DF5}\MpKsl5a17a9ee.sys
20:55:53.0753 0x06dc  MpKsl5a17a9ee - ok
20:55:53.0785 0x06dc  [ 1733A3D120E048DFFBA7FD069E2905BA, C569F700087BEC8714C409B78371C5D73274E003E3104F7C8516AC5FDA26CA96 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:55:53.0785 0x06dc  mpsdrv - ok
20:55:53.0847 0x06dc  [ 4308BD2A6D5FDDF04BE174E5FA5C288B, B2F2764867A5BBFE94B3D7766FB41B3A400D9ECEFD29925001F080329BA069D5 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:55:53.0894 0x06dc  MpsSvc - ok
20:55:53.0941 0x06dc  [ B23DA9A2230D146E8F1F1166DF2CD58A, 6932CA90AB9E205173BE37011FB6C654BEEDC0D38F9080061AE8502FC3514761 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:55:53.0941 0x06dc  MRxDAV - ok
20:55:53.0972 0x06dc  [ FE4CAE5A24FE5CC0B29BD215667540E3, EA22A37F80287CFB1EA4B6D2BDD3BEBCCBEC94EC2B40C59BE289B9A12F570CC6 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:55:53.0972 0x06dc  mrxsmb - ok
20:55:54.0019 0x06dc  [ 395A3C217A2AA5A5B83F587748DBE02E, 281023F56A8927534DE6EAC3E660F08DD546D806B9957DF2CC65448C79DC18D2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:55:54.0035 0x06dc  mrxsmb10 - ok
20:55:54.0066 0x06dc  [ CD39AD66CE15E21C21D8F68F9F56C836, DB4E5663585EFE3EFE46A2328BC8E8AD5127C1B7D8D92B647282A8A8805D7997 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:55:54.0066 0x06dc  mrxsmb20 - ok
20:55:54.0097 0x06dc  [ 1671BC2330B1D68FFA3019CE69FA4D52, C013DE479F2571F4447E8D7CA3AC50D7B33563C1F55118BE3F85D7E61C8A2D8B ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:55:54.0097 0x06dc  msahci - ok
20:55:54.0144 0x06dc  [ 901EE49B9A6D96E9CCCA0F042644E9C7, 6E64D7AFDD17AA9EAB7AFC0EFBCD894B2C7C933457A9468EF240CD60082E15DE ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
20:55:54.0160 0x06dc  msdsm - ok
20:55:54.0191 0x06dc  [ AA5B7711B477FC9C09338E3E2D2F5F52, 4BF09021C8EFED85FE28DEABE977A2F757B2FFFA0EA278E8CF9B6FC8490E1D7C ] MSDTC          C:\Windows\System32\msdtc.exe
20:55:54.0207 0x06dc  MSDTC - ok
20:55:54.0238 0x06dc  [ C1EFBA9E63D1477AEDCBD8AB330FA2C6, E3C954AA5511A63E53840B9AA209590B9D27E0272013E6F224AE6AEFA72C36D5 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:55:54.0238 0x06dc  Msfs - ok
20:55:54.0269 0x06dc  [ 843565B7780ED1FAA02DD5CF7BC69248, 907CA95805DA441C5D14D73F169CBE6187893FA6B62639AFA81D4D4B286DD240 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:55:54.0269 0x06dc  mshidkmdf - ok
20:55:54.0300 0x06dc  [ 019898164BA6818B36AAE658C63F5526, 322CA6A849F429453F30636CFA09823D9FD0F8340DB30CF343E2B08C1FD884D4 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
20:55:54.0300 0x06dc  msisadrv - ok
20:55:54.0363 0x06dc  [ E1CCDAE502B1C218A40A83501CE3B622, 82DC22B3013F39BE7924316C049AA7B3D10206BD965C40119DD2756C8E655418 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:55:54.0378 0x06dc  MSiSCSI - ok
20:55:54.0394 0x06dc  msiserver - ok
20:55:54.0441 0x06dc  [ 1E7E626EA4EB8DB641EE85580FF932E9, 9C2B45230CB26494975B8E878E191F0E1985F449EF49489876521FB5236747FC ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:55:54.0457 0x06dc  MSKSSRV - ok
20:55:54.0535 0x06dc  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:55:54.0535 0x06dc  MsMpSvc - ok
20:55:54.0566 0x06dc  [ 9AE3B932985BDEC5D73445B32756A557, 214E6BDAAC9E5AF289A3890B5712C9B5AC2E6E1C38135DFDCB6EDA1026FF3F54 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:55:54.0566 0x06dc  MSPCLOCK - ok
20:55:54.0582 0x06dc  [ DAA1C9A0AEC832A7E08BC155171255D7, 653DE23DF76C40F69DCA5618F88C9B05053A23C56357024B7F6538C0BAB71A5B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:55:54.0582 0x06dc  MSPQM - ok
20:55:54.0628 0x06dc  [ E4676C45A848928EFA76FA5274C3C97F, 2B4BFADE26D274E55C2948F20152F7EED93522604F8C95392E7BBF80225FABC8 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:55:54.0644 0x06dc  MsRPC - ok
20:55:54.0675 0x06dc  [ 1F1DB11E4755BFF8B08A3957435ED640, DD5181BD58E902767C1912E637DEC11846A4289A5160CD6E84690419A402E6FC ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:55:54.0691 0x06dc  mssmbios - ok
20:55:54.0722 0x06dc  [ FD465966E3195FDA04A7850BFD28E290, 846514590D982A378E0DD894AE82A170F0FDE1141B56A80FB6D533BD21A8567D ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:55:54.0722 0x06dc  MSTEE - ok
20:55:54.0753 0x06dc  [ 3B1DA039DAA9FDD4EA5BDF2133E36DA3, E942F03AA56F6A5BA4890FFBD3EA987BA6390331E232D66722DBA56608D746DC ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:55:54.0753 0x06dc  MTConfig - ok
20:55:54.0785 0x06dc  [ AB643DE0696B3F03B189D9BF7B44E512, EC3B4A802A5990A4E217AEC6D089BAAE95EE95218DDD017E93EBAF675E0E812C ] Mup            C:\Windows\system32\Drivers\mup.sys
20:55:54.0785 0x06dc  Mup - ok
20:55:54.0847 0x06dc  [ E4D8D62381F5835EA20C5209F128F79C, 7324152C63D646790C93944FE706DFC2EA1EAF43E5E3815D20B87224E9E5E8E7 ] napagent        C:\Windows\system32\qagentRT.dll
20:55:54.0878 0x06dc  napagent - ok
20:55:54.0941 0x06dc  [ 9E0A867B7CB269996962F0127C9310D4, 8270C92847D39BA3A1D5178CA7AE99660AE1EA2C9CE2213008C8518AFB329455 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:55:54.0972 0x06dc  NativeWifiP - ok
20:55:55.0050 0x06dc  [ 162F14C805F121CFFAE748D65F6E50FF, B3929401DDCE277CACEF0ED8816C8B0E1AC74E70327EFC30D00D2C41B1C689C6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:55:55.0097 0x06dc  NDIS - ok
20:55:55.0128 0x06dc  [ E7B95624676C6E6B751C3002226C3F32, 77FE70C285CC557F16B3E5D047340C897918658AA01ACA4F9051FDCAE295D90D ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:55:55.0128 0x06dc  NdisCap - ok
20:55:55.0175 0x06dc  [ 41544BC6B3CE625DB16E0D6FC2725621, 5D5864C47E7A2FA3D7A71542ABDEED88393DF5E125AD68F9CF9A1964DDD4F42F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:55:55.0191 0x06dc  NdisTapi - ok
20:55:55.0207 0x06dc  [ D063835582EB22E6C3C76D7BDCBD8072, 7E4ED6492B5E280EE105FC4DA18E131C43231805518688A361963C2664EAFDDD ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:55:55.0207 0x06dc  Ndisuio - ok
20:55:55.0238 0x06dc  [ 84F1D9DC936C59F2F4AC786A8666B777, 9C456DF8E67ED9D44F09A2D9CDD4CA594FFA5DD483C9467475F8905B7650D7C0 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:55:55.0269 0x06dc  NdisWan - ok
20:55:55.0285 0x06dc  [ 9B05F3CC7C291F9F16BC3EF79C1CB781, FEBCA03A092C7A5C2EE8FB148D08542A9D3624F7A0612BED0ECB5A29470B7950 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:55:55.0300 0x06dc  NDProxy - ok
20:55:55.0347 0x06dc  [ EEFB90D63A418A0DE50159963F502C8C, 3B50C9EBE5641BAFA217DD39FE4CE5CE72CA55B88AF36D81C1C8983B71CDA21C ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:55:55.0347 0x06dc  NetBIOS - ok
20:55:55.0378 0x06dc  [ 4962AC7778D659C753E868749BA954DA, 94A525667E9E49EC9B41653F3BF67446518316CC319A03803A033D9ADC8559AB ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:55:55.0394 0x06dc  NetBT - ok
20:55:55.0425 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] Netlogon        C:\Windows\system32\lsass.exe
20:55:55.0425 0x06dc  Netlogon - ok
20:55:55.0472 0x06dc  [ BC5E409E9F8B72EF0D56AC85FC23FDFC, 2F5A125598DDB914D9756ADB9C10F2731A0F8AAAEF2F259F1B69B25936C00CA3 ] Netman          C:\Windows\System32\netman.dll
20:55:55.0503 0x06dc  Netman - ok
20:55:55.0550 0x06dc  [ 006E9A81F2B67173779BC410BD0B5EE3, 3D6E6DB6DD1633BBA8641D8D5FCB1FC09D662C1929C2C953C506A788C75AF04A ] netprofm        C:\Windows\System32\netprofm.dll
20:55:55.0582 0x06dc  netprofm - ok
20:55:55.0628 0x06dc  [ 28131EF1333F980079E3D611FE0E8E56, BBF31E235C7B056A060C069D6440234BF6F881135047BC11AA11C3E7884565BB ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:55:55.0644 0x06dc  NetTcpPortSharing - ok
20:55:55.0675 0x06dc  [ F845566B3C5DABACAFB435F0D07BA0DC, 26E9955A197F3C3E16E4748C6831D418F44380C120135AD4743CB47642C5C66E ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
20:55:55.0675 0x06dc  nfrd960 - ok
20:55:55.0738 0x06dc  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:55:55.0738 0x06dc  NisDrv - ok
20:55:55.0785 0x06dc  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:55:55.0800 0x06dc  NisSrv - ok
20:55:55.0847 0x06dc  [ 499E826E7356432A18EF7EB1A5161194, C67EC94A7761C7719CB79BAF0C9B94BD7CC98F3361BB7B6B71C0D34B985F04FA ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:55:55.0863 0x06dc  NlaSvc - ok
20:55:55.0910 0x06dc  [ 373D7B940FE792ACC9D6FC38DB42C705, D98A6698C2D50CFA122FC65044C5024605E91063E6F027E1FCE25369EF7CC502 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:55:55.0910 0x06dc  Npfs - ok
20:55:55.0972 0x06dc  [ 6D8D2E5652FC2442C810C5D8BE784148, 013FF4FA03CA2E066B1946CC09889616B243068BA0FB2E58D4C1435BF66FBC87 ] NSCIRDA        C:\Windows\system32\DRIVERS\nscirda.sys
20:55:55.0972 0x06dc  NSCIRDA - ok
20:55:56.0019 0x06dc  [ C1C48F6496FE20AB17C93ACC5FB51230, B27D56273A87301294FD8F94F7BE4FBB0FFEBC9E6868FA2135CDF099B8DD1E66 ] nsi            C:\Windows\system32\nsisvc.dll
20:55:56.0019 0x06dc  nsi - ok
20:55:56.0050 0x06dc  [ D65BA02F291B42FA3C2910EE25BF4251, 8F70A0C72388672A4E7124B7F6FBAF5A95CE59F15672002C0B7D2FF877BBA558 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:55:56.0050 0x06dc  nsiproxy - ok
20:55:56.0144 0x06dc  [ B2B1E77C5284C86977115FE9F220843E, 1A72A2F2E25AC2155BD43D5785BE6194ED73A7E99BD69E2FE86AAC738664EAF4 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:55:56.0222 0x06dc  Ntfs - ok
20:55:56.0253 0x06dc  [ 8087231261F187640112C8408AF51BE2, F96E15EC8330E533BB2F4E45F8FE3ABBDC45E449BFD70245E8420E4797CF9608 ] Null            C:\Windows\system32\drivers\Null.sys
20:55:56.0253 0x06dc  Null - ok
20:55:56.0285 0x06dc  [ 4A5984C5859D951D0B62B7B406AFE357, 6263C8CEF3321C80888893164036436A161C6828F588BE89B34DBD94740DE922 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
20:55:56.0300 0x06dc  nvraid - ok
20:55:56.0347 0x06dc  [ 93CF6F974095F7D146AA273F3BF418D7, 23EA589624D94BC52455336994917A4334CD68C1B2583A0BFAA704F2AC241386 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
20:55:56.0347 0x06dc  nvstor - ok
20:55:56.0378 0x06dc  [ 486D929A5B9663412AD136150E282CE0, 0462176A7B98F160D43C83E56D55AB6A7DC5200E2C3816D4511EE701347F5C6E ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
20:55:56.0394 0x06dc  nv_agp - ok
20:55:56.0410 0x06dc  [ E1639EB7C2A107DBDF50E7831E8894CD, 7459BBDA16C142465FABE6811E9818BB2E10F6596DCEA71324B9FBCB9318CC4C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:55:56.0410 0x06dc  ohci1394 - ok
20:55:56.0472 0x06dc  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:55:56.0472 0x06dc  ose - ok
20:55:56.0535 0x06dc  [ 8BED935535581695AB89DBC9EA23F39D, DF285F7085A5583159DDD0578889E099F305062758378811E85B63F12CC3FCBF ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:55:56.0566 0x06dc  p2pimsvc - ok
20:55:56.0628 0x06dc  [ 0C2C14FE3177A875FD4D61F9205E4811, 089BD02DA7DD626D88DB467D81406D4B9359D61F486A64BCEDA028C46C513086 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:55:56.0660 0x06dc  p2psvc - ok
20:55:56.0707 0x06dc  [ E04CE1AE8EE500EC19384F3CF00954C1, 407D9DEA5295FFBF9EF600A7F1E285590AD8DAEE09809580C776DF280CD2B33B ] Parport        C:\Windows\system32\DRIVERS\parport.sys
20:55:56.0707 0x06dc  Parport - ok
20:55:56.0738 0x06dc  [ 54764B4DB6FB45E8D3E433423668DABB, B86DB972657636443340AD74FE6715753013C6C664B98E4D9EDB4B40718F7F72 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:55:56.0738 0x06dc  partmgr - ok
20:55:56.0769 0x06dc  [ 355A5E5FC03E8E0F59C19DB5E317C118, A49CC63631D8E8FBE5173B627C9B12B30343D6A856E60012ACD507049DDE7EB3 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:55:56.0769 0x06dc  Parvdm - ok
20:55:56.0800 0x06dc  [ 797E0BAEE477419EF6B648CE26379036, 18C9974F59446D242B32697951B40E41628302A00BB5C06D53142F8BD5F79E98 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:55:56.0832 0x06dc  PcaSvc - ok
20:55:56.0863 0x06dc  [ CDE782E594DACFEEF15569CBC4156067, 575F138B86D12B9DF5B79F59604DD986B302FE78EE12CBABCB9B987DCCE14029 ] pci            C:\Windows\system32\DRIVERS\pci.sys
20:55:56.0878 0x06dc  pci - ok
20:55:56.0910 0x06dc  [ 991E82771AF4734A42A3020EC8918F12, 8ACF0634D6F080E8B95CCFF0CC4965582BBFBF524858D3E9F82AAA6F3B853F8D ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
20:55:56.0910 0x06dc  pciide - ok
20:55:56.0941 0x06dc  [ F4784355979D8AB8F1475A90B3807863, BFAD01AB8C3BFA1F95C6E9C26A808E516A6FA50D90F4FB0A0D8F051A8967C2DA ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:55:56.0972 0x06dc  pcmcia - ok
20:55:56.0988 0x06dc  [ EF210BAB813DEA4E655AB0BA6B75BFEF, D9DC1970B5CED801CF20CB69569574DAE422565146B5284666B9086EB2ACD045 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:55:57.0003 0x06dc  pcw - ok
20:55:57.0050 0x06dc  [ A470926671F544550FFA49BCC78B5146, A87A28C722E0BA823A281265988848BB106ADA5B12218CCB44BF6D2B4CE03FAD ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:55:57.0097 0x06dc  PEAUTH - ok
20:55:57.0207 0x06dc  [ 60C6D00580DA9F31819EF21B56585714, 0AAF187FCCB51D1EF45BCAE2671B65FD586362141D235839A020BF09C633749B ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
20:55:57.0285 0x06dc  PeerDistSvc - ok
20:55:57.0425 0x06dc  [ 089C24A0F14FFD74F193F2506A34CFEF, 270DEEF8D202C8229477BBD240AEFA2BC5794075D28ABDB1213B909FC2954E36 ] pla            C:\Windows\system32\pla.dll
20:55:57.0535 0x06dc  pla - ok
20:55:57.0597 0x06dc  [ B0BB948610CF9278AD3127C7CF57AE7A, 5CBC1DF8099CFB273E09FF1F147E5B5337B737E3A9B88C406856EE33A46B7976 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:55:57.0644 0x06dc  PlugPlay - ok
20:55:57.0675 0x06dc  [ EC19081F73D4898352DA2355FBD363B8, 010500F7B12A7C5855D531948E799365E6B4B2885D3767780A0FFAC5029DAB10 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:55:57.0675 0x06dc  PNRPAutoReg - ok
20:55:57.0722 0x06dc  [ 8BED935535581695AB89DBC9EA23F39D, DF285F7085A5583159DDD0578889E099F305062758378811E85B63F12CC3FCBF ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:55:57.0738 0x06dc  PNRPsvc - ok
20:55:57.0800 0x06dc  [ E468C13473210E4A31E51B7141002D30, 6030FAFA610993718ACF3F0E03A5CF6080267070873645026BFD1BDAA152A72D ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:55:57.0832 0x06dc  PolicyAgent - ok
20:55:57.0878 0x06dc  [ 32450FF618A1657EC9C6EB10934525EB, 30818D94E698BF2B650F01043D8B150DA63E541B16B2CDAEF09C2F7AAC35230E ] Power          C:\Windows\system32\umpo.dll
20:55:57.0894 0x06dc  Power - ok
20:55:57.0941 0x06dc  [ B02D495DA64D8D7E9A72CA0E1C4F0D4F, 373F8A59583E783DD7FF512ADF62245BEE20484E09C27C1317DD4D305B0732EF ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:55:57.0957 0x06dc  PptpMiniport - ok
20:55:57.0988 0x06dc  [ 62A8A15AF151D3ABCE5939766B072717, 9F534836BC95A79F6A94075087A334AB7FF72A135E9C3D399E2207C26119600E ] Processor      C:\Windows\system32\DRIVERS\processr.sys
20:55:57.0988 0x06dc  Processor - ok
20:55:58.0035 0x06dc  [ 1C6B69FAB9EBB1989A3B1DE2477400E6, FBBDAEDCCC8EAE45F29CEED8803A0289C362D30260C299E74AED41C76B712A35 ] ProfSvc        C:\Windows\system32\profsvc.dll
20:55:58.0066 0x06dc  ProfSvc - ok
20:55:58.0097 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:55:58.0097 0x06dc  ProtectedStorage - ok
20:55:58.0144 0x06dc  [ F3E056A00BC553F01216A05A34C769DA, 77138CF8EBA38F21FF58F83CCC1AE5ADEFF034924BD68594DB54E08C73DCCE94 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:55:58.0144 0x06dc  Psched - ok
20:55:58.0316 0x06dc  [ AF89C832807CF7F4E1630E32FDFCAC17, 5DC22B126E9CB230D9515D3A7E73731DE76C4E34373DE9CC9EDD8E61DDF7879C ] QHActiveDefense C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
20:55:58.0566 0x06dc  QHActiveDefense - ok
20:55:58.0675 0x06dc  [ 22889AFB02D1CB51EA1826BCF26AAE29, D35BA68EB84F615FB482722963F7EBAB17BF97BDC1E1C65B7B25821B2D8A9104 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:55:58.0769 0x06dc  ql2300 - ok
20:55:58.0816 0x06dc  [ CFCEA1D2F03309E13DFB22F18DA55F37, 987E290E7EB260849E32A7D297E8518A5F50C9D8F09381E8297FC21B5E6B6C4C ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:55:58.0816 0x06dc  ql40xx - ok
20:55:58.0925 0x06dc  [ BF10E282E7E8034298C435574E947358, 5FFE9E65ACC7E50B0FCDE95821DF2DD9C6B5F93136FD71274C72BACF0A8C95BB ] qutmdserv      C:\Windows\system32\DRIVERS\qutmdrv.sys
20:55:59.0019 0x06dc  qutmdserv - ok
20:55:59.0082 0x06dc  [ 6358934B6CBDE5D03A39865D67421404, DD4F3DCD40FC41C5239A1E09C364244CAB9E4BD470A4901352262773C2CE191B ] qutmipc        C:\Windows\system32\drivers\qutmipc.sys
20:55:59.0144 0x06dc  qutmipc - ok
20:55:59.0207 0x06dc  [ 05B1899846F96DE179DFA69DB0751E9A, E17FD00DABC1D847CED8C7E5D484DDDDB2C84CF2093E70CA3896E704B9FF9EA8 ] QWAVE          C:\Windows\system32\qwave.dll
20:55:59.0222 0x06dc  QWAVE - ok
20:55:59.0253 0x06dc  [ CD4BC3923F620AB959788E1C76DAA485, 5E87E17F03C6C804A12DE2D8F5DC20B055F97DA77989D3548846D163ED0524CA ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:55:59.0253 0x06dc  QWAVEdrv - ok
20:55:59.0285 0x06dc  [ 1E170F4B9930DADB277D413703685C3B, 8CD11C25032F4AB974391B97F30DC7B3AAF5DFA749E7BD4AF91A756A64EAD89C ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:55:59.0285 0x06dc  RasAcd - ok
20:55:59.0316 0x06dc  [ 30279C1FC747B29DEFE67175270A690C, 0A47354CFE0D81DAF3907AC4E6124DAB422C404ECE10081C77FC76F12C5ACD4B ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
20:55:59.0316 0x06dc  RasAgileVpn - ok
20:55:59.0347 0x06dc  [ 54B4C2256E8B56286F2AA2487617C062, EA0F0DB456882BAA7DBADDF8964B7DBC4BD8E03A1E57E063FCA88B1DA358B60A ] RasAuto        C:\Windows\System32\rasauto.dll
20:55:59.0378 0x06dc  RasAuto - ok
20:55:59.0425 0x06dc  [ 6B4C990CE47882821E46249B642E688E, DA430ECA69925322FDC58A445B2DCC0D0560A5211137FC068255D5865E9639C2 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:55:59.0425 0x06dc  Rasl2tp - ok
20:55:59.0488 0x06dc  [ 6DD5BEE7A2C427DD14798BCB02872A5B, 8DA2B67DF4E39F6EAF3AC46B5951531DC6B8C91196AE70C2EE9D41043663B451 ] RasMan          C:\Windows\System32\rasmans.dll
20:55:59.0503 0x06dc  RasMan - ok
20:55:59.0535 0x06dc  [ 0562406118AD3680CC8759F3EAB3DC8D, 5D7DF2A6C2702CC69B5B66E9990C92BC96145187BECB3B37A5DAE9C37F3B3097 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:55:59.0535 0x06dc  RasPppoe - ok
20:55:59.0550 0x06dc  [ CC516407B26C30DAD6024C1B6716A03B, 3CCCA2B58413588A6CA708324E56C107632513C2CE34488DCA2B39AC5F37E02C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:55:59.0566 0x06dc  RasSstp - ok
20:55:59.0597 0x06dc  [ EED381430C2A96CA759B796CFDDDED47, 2C100A248E1A5BA54477C82786365E829FAE5DCA9D4333BA4D39AA65576B8A3F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:55:59.0613 0x06dc  rdbss - ok
20:55:59.0644 0x06dc  [ 73078AE48172CD6618FBB6DEC62ADF95, B01B773979D21CB127CEB919E6497655D7FDB36C3471325F51607E8A35F56FB7 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:55:59.0644 0x06dc  rdpbus - ok
20:55:59.0660 0x06dc  [ 51102C6C0AE6246115A1E7280089B0F3, 6A470BBA1BF083F05F15C90B0F75F5CFD75DF4BFCA26A1FD2FCC7378BCEB7503 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:55:59.0660 0x06dc  RDPCDD - ok
20:55:59.0707 0x06dc  [ 0013A4AFA0E93BAFDD25C60A2E52EFE5, DFAB346E9DB5FA3EE4B056A187BF2CBA7E350297A265FE0B60F544F6A3220EF4 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
20:55:59.0722 0x06dc  RDPDR - ok
20:55:59.0753 0x06dc  [ 3C43E014BD69AA256D832DA02309060B, AFA8424FA8725CE571EF3BBA0C1A30841A656D1E2E72C6F9416F5C13BF123E14 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:55:59.0753 0x06dc  RDPENCDD - ok
20:55:59.0785 0x06dc  [ 58E4C6344CE70AE5AB8737EBE335CC4D, 1122B91149C50FEC6BA204791141D5F1344108061410A6D8C558DF9A2ED62B76 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:55:59.0785 0x06dc  RDPREFMP - ok
20:55:59.0816 0x06dc  [ FF9FB44F19C38F861233E947DA162E77, 539A6D4909973AAABC8AE88507DC257893925592B7429CABE2E3948658C4A952 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:55:59.0847 0x06dc  RDPWD - ok
20:55:59.0894 0x06dc  [ E77F18E43117E313F0D0D1F463AFF124, 8B812E2A7A001415D993DA39CE86DBF629CEEF03DFC36A8EAAAEF65E95719BD3 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:55:59.0894 0x06dc  rdyboost - ok
20:55:59.0941 0x06dc  [ 06C8C5EB9244C9268983685F7A213739, D1C5C55EC8B1DD52B10DA552F9285A4F074F1040AAB49317416B85A5494E3A07 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:55:59.0957 0x06dc  RemoteAccess - ok
20:55:59.0988 0x06dc  [ 495330D6C885BCFD09797278DCC6DC76, 9E869A4F8581FFAEACAA0791135EEEA794211CD63A6BA8B3DB4CBAD9968995D6 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:56:00.0003 0x06dc  RemoteRegistry - ok
20:56:00.0082 0x06dc  [ 6FBD3C7F5CFC81AC518A84319399CDB9, 3397688C4D0EC62AEEE0371B819CC9DD9C19FA98437E4CE81A0F38F2AB19020D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:56:00.0128 0x06dc  RFCOMM - ok
20:56:00.0191 0x06dc  [ 00B7AA946863DFFDE49C8C15183E4253, 4D4313B0F91800754B9223BCA150BCAAD9087E75368CAD3E66EE1088F4CDD862 ] ROOTMODEM      C:\Windows\system32\Drivers\RootMdm.sys
20:56:00.0191 0x06dc  ROOTMODEM - ok
20:56:00.0222 0x06dc  [ C406A5185F72C57FA8078A64D23191C2, 0E4F88C79FC6EF66C13EC68E1D83B7CDE0126543788FB5A651FA2B7903FD2C82 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:56:00.0222 0x06dc  RpcEptMapper - ok
20:56:00.0253 0x06dc  [ BCBBCFF1743993097FA8780F286F934B, E1940002313368450769869845583A344B0E789735C6CFB2F0AF8027BB163FE9 ] RpcLocator      C:\Windows\system32\locator.exe
20:56:00.0253 0x06dc  RpcLocator - ok
20:56:00.0300 0x06dc  [ 0E829890E9E00BBBA3352B02C718CB63, 05236C8ADF3884EBB1C084A7FE6CF42464E516C23C44D4C89AC81E92991D96D4 ] RpcSs          C:\Windows\system32\rpcss.dll
20:56:00.0316 0x06dc  RpcSs - ok
20:56:00.0363 0x06dc  [ 067958CA476698DAD32CBA353BC0C99A, C85054BDD983838257F128D7B652FD272514D0D6066007C286F30734496F354C ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:56:00.0363 0x06dc  rspndr - ok
20:56:00.0410 0x06dc  [ 62ACA5DA2A4B8EBAB323823B5FEDCF04, FBDB80F2479DD737FB1896D1E0039A08DC459D8FFD6563A84752FE10B3362E7D ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
20:56:00.0410 0x06dc  s3cap - ok
20:56:00.0441 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] SamSs          C:\Windows\system32\lsass.exe
20:56:00.0441 0x06dc  SamSs - ok
20:56:00.0472 0x06dc  [ 7DADAA93967CBEE5A5E65537C5D5D6FF, C8175B94EFC216861C2AA02B3DE708DD1B2EE503642AC3FA14AD251872ED31B1 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
20:56:00.0472 0x06dc  sbp2port - ok
20:56:00.0503 0x06dc  [ D9044A5CB7B5A4F552C6EE8494EB9A3D, 3F1FB0A1BD5077986D01687140287E9EEC27AB56374133EEED0573BFE32896DB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:56:00.0535 0x06dc  SCardSvr - ok
20:56:00.0566 0x06dc  [ C240BFC9F7B7F3A0DBBE1E626CA83498, F1D53E14D8ED819C837281E1BCED38784ABACD196F754013BA9661E6F43B42F5 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:56:00.0566 0x06dc  scfilter - ok
20:56:00.0660 0x06dc  [ F683BE1819C0729B7216325C046DEA0B, 6A314BC4495C3393F53B3C59DB10BD01B69E872372B81A2BC9ABA602DD6C675B ] Schedule        C:\Windows\system32\schedsvc.dll
20:56:00.0722 0x06dc  Schedule - ok
20:56:00.0753 0x06dc  [ CC208724CC5F2CB4CC95791BD5A01E24, 15634FFD69A7813920B032A6B91DA97CE68F92BF599CDE61D277FC3D9A3232B3 ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:56:00.0753 0x06dc  SCPolicySvc - ok
20:56:00.0785 0x06dc  [ D351E8ABFB6CA57501EB291B7510C723, EE7158AD9456390D4DEAB6385799E81FD529306D80BF649704C921934F81770C ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:56:00.0800 0x06dc  SDRSVC - ok
20:56:00.0863 0x06dc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:56:00.0863 0x06dc  secdrv - ok
20:56:00.0894 0x06dc  [ 6507A5E211E4E1DE3AAB575B70740C3D, A1183499FF69CB6962CBD0942517D2DDDB7EB2DAE82E283144EA8B72079670BA ] seclogon        C:\Windows\system32\seclogon.dll
20:56:00.0894 0x06dc  seclogon - ok
20:56:00.0925 0x06dc  [ B8B44DF92D7750A2009375EBF28E3004, CEABB92F1BE965A1ADDFAEDB13FED4D7B6B7003E7A16834CC5F17CBB12D0EA71 ] SENS            C:\Windows\System32\sens.dll
20:56:00.0925 0x06dc  SENS - ok
20:56:00.0972 0x06dc  [ 9B7B29004D870DE67DFE83BFB154B14A, BB3222C0897A7E36D808585275DF1275CD22442409019EED745A69EADA0B9D1C ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:56:00.0988 0x06dc  SensrSvc - ok
20:56:01.0019 0x06dc  [ CF2FA9458AAE5DEA5FC6BC34DA0E4E2B, 954C296409003645F8AC2D7FE7D1790D3473C0A8BF4051FA055AEF56DDB16505 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
20:56:01.0019 0x06dc  Serenum - ok
20:56:01.0050 0x06dc  [ 7861141D6C20FF3A1D8E8FF21DE8C193, D627FC50B1435C9F40FB2C58F4BEE2D754F6FF8E941AA62C7F7DC4D1DE8317FB ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:56:01.0050 0x06dc  Serial - ok
20:56:01.0082 0x06dc  [ BB9ED1B01FB200D6C20B09C2ECC861FE, 5D34401F944A9333FE5A8CFCBDE978266D06CE440506DAE2951941E0777D9BC1 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:56:01.0082 0x06dc  sermouse - ok
20:56:01.0144 0x06dc  [ F90D8D337B9DCAD6EFE5CA00F0699BE1, 71332A997075D7268A9E95810CA20AC1EC18C78E4EB13297B8FF21B4A61A0CBE ] SessionEnv      C:\Windows\system32\sessenv.dll
20:56:01.0144 0x06dc  SessionEnv - ok
20:56:01.0175 0x06dc  [ 69D32BE754489D319A8C3E83410D8464, 4AC6FFE198647BF7BCF3156C191CD47D0FC46C9749E997DCB9C4E2DFBC0818CD ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
20:56:01.0175 0x06dc  sffdisk - ok
20:56:01.0191 0x06dc  [ D68CAEA34B2D20A26435B693C7119932, 87E6CEBB9CACEA8CBEF1CB63FA30E1807273BB551B90B3B870E2D08E2B1E5FE5 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:56:01.0207 0x06dc  sffp_mmc - ok
20:56:01.0238 0x06dc  [ 6E7E854B6E8378FC628C78852DE87A15, FF509D10A63DC7956D6B98FC19AB23018E6D6DDD6FD89E935AB8C42B5CE67B46 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
20:56:01.0238 0x06dc  sffp_sd - ok
20:56:01.0269 0x06dc  [ FBAADF5A1DFC270B6B553596E9FFBCA4, 6AA87F3BB71EAC2EBDC3783D757125C75C110551749B887EB4EA0CF94CD41D8B ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:01.0269 0x06dc  sfloppy - ok
20:56:01.0316 0x06dc  [ 5C73BAFCF18C1AB78C8607825C23842A, CE4C84556F8F6E01F43BA47D2DC11C089B734736B0125562BC89F417BDF2DF51 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:56:01.0347 0x06dc  SharedAccess - ok
20:56:01.0410 0x06dc  [ 131C42DBFC9B390E7EDF85D8B2005A43, 030661FCA75CFCEA3D8EEEA3725AFF7D10319BD9B77CEB37FF23A3FEB044C0C8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:01.0441 0x06dc  ShellHWDetection - ok
20:56:01.0472 0x06dc  [ 0D27454879B0981F5838022AE140CB59, 8A9DF458E6DEEB9F249E022D86832FB8DD5EC6A887A01C36BF78D89B674FC698 ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
20:56:01.0472 0x06dc  sisagp - ok
20:56:01.0535 0x06dc  [ 2F199E7334D5AA5D8DF6CAF8BDD20ECE, F3E927D445CA19D0E3D45DF3310A2D2579E2A729CE6B39E553ABB0D0BF35792F ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:01.0535 0x06dc  SiSRaid2 - ok
20:56:01.0566 0x06dc  [ 317FFB05894089AA3EC0BDE66FFF46B1, 43A24C3C3BD4616F1539F8D2F6643F76568560FDD2F22DD5D456B3007D78EA62 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:01.0566 0x06dc  SiSRaid4 - ok
20:56:01.0613 0x06dc  [ F3B32077BA0BE7CD6C848AB1752394CE, C656840B44C023F9E0B27B5DFA12B63F06A6DD916658AD10A95072ECE432E529 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
20:56:01.0613 0x06dc  Smb - ok
20:56:01.0675 0x06dc  [ 96ABBCACBEE41C6D8B031246DB16A78D, 67D9C5D0C1026919044E4757BDBE558B27E8DEA540CFACD47EF281D8E721DDD3 ] smwdm          C:\Windows\system32\drivers\smwdm.sys
20:56:01.0707 0x06dc  smwdm - ok
20:56:01.0753 0x06dc  [ E6EF03780E42F3A05DBAA987CA0BD29C, C082CE225C1D078F91C6DEB0D2265684D30FB033DE84F228D57D503E3C7A531F ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:56:01.0753 0x06dc  SNMPTRAP - ok
20:56:01.0785 0x06dc  [ 51BC86DCFC712D7ED29753BCDCE687E9, D1346B8BEC364384E39A4BC17F667A8856C478924A22BF730E8F113F36D91A6F ] spldr          C:\Windows\system32\drivers\spldr.sys
20:56:01.0785 0x06dc  spldr - ok
20:56:01.0832 0x06dc  [ BF197280C152DE799B283575773D5FD7, 4F2B86AF9562CD394F58D9D2948EC8F618CA6EC143C2CA87ABE4853D289E8078 ] Spooler        C:\Windows\System32\spoolsv.exe
20:56:01.0847 0x06dc  Spooler - ok
20:56:02.0066 0x06dc  [ 7D3AD0594E4CE6F311637761A3E146DA, DFB514977B8E15BDB360049701F490CB531F374417E59356DFB43468BDB4B865 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:56:02.0285 0x06dc  sppsvc - ok
20:56:02.0332 0x06dc  [ 06D9FFCE1E3ECD909D1D0FC865CE04FD, 49B4A0ADCC36B8038F10AD985B6A53128096501ED7EBB2D7E78E130FC4E773D5 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
20:56:02.0347 0x06dc  sppuinotify - ok
20:56:02.0410 0x06dc  [ B64A37F41A2A5D6B8139546D37E3AF42, 439AA3B602DD6402BA73FF6FCFBB38E5F83688C6BA74646E2C4D859D0ABC5F0F ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:56:02.0425 0x06dc  srv - ok
20:56:02.0488 0x06dc  [ 60E89D416BDE705A76A9F6A3D6C43BDD, 91AC86CC844D33D5BC45A63256F9BDBEFA17D92E4343E8CE047637506ACE0813 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:56:02.0519 0x06dc  srv2 - ok
20:56:02.0550 0x06dc  [ A2634BDA920BDF2B61E298CDBE5A0137, 0C02533764202B7A1EBD3087AFB5A419468638CE7A095B4E657C119EC4F14639 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:56:02.0550 0x06dc  srvnet - ok
20:56:02.0597 0x06dc  [ 3566A8B5C9DEC0ACFAC0EFFA1334F707, 57ACD889BDA62A17AA19D76FB79D26322EA108AFE1BE9C5957C3D74986D0F02F ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:56:02.0613 0x06dc  SSDPSRV - ok
20:56:02.0660 0x06dc  [ F73FD0235DD2F9CFB955F95F6ACCB05D, 2DB35BD8CAEF5374631B560D92BA8F15D0BA18D3796D034BA005820B701DDB45 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:56:02.0675 0x06dc  SstpSvc - ok
20:56:02.0738 0x06dc  [ 305CC42945A713347F978D78566113F3, 92D95E1DCCAA5E31AADB061EB7B531337975974961211BFB7C542FB799348034 ] STAC97          C:\Windows\system32\drivers\STAC97.sys
20:56:02.0753 0x06dc  STAC97 - ok
20:56:02.0785 0x06dc  [ 63D94515F23994DACD2C013BD38FE85A, 6ABAFC9E806060FA7A6D245A87229E7ED7152F05791B3748B099425C005F3551 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:56:02.0800 0x06dc  stexstor - ok
20:56:02.0847 0x06dc  [ 5247FFB9C789E89F17FC566B22800766, 8AFC63F85964DAFC22E210E9790642DD5146BB0B92A875F322C6E20ACE854F8F ] StiSvc          C:\Windows\System32\wiaservc.dll
20:56:02.0878 0x06dc  StiSvc - ok
20:56:02.0925 0x06dc  [ D7FC0C1CA99C0C2D12EDB6B291501716, 7D7EA722CF78DB59148A05471DA22DAFBCF4B66FCFB4F0867813007D012F08AB ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
20:56:02.0925 0x06dc  storflt - ok
20:56:02.0972 0x06dc  [ 39DBC657C06184F2D8928722814463BE, E92800B3C0198866A585CC5561B6422BEB089D3FEA9681B5BDD9870234646F08 ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
20:56:02.0972 0x06dc  storvsc - ok
20:56:03.0003 0x06dc  [ DF6022C8E28D896EA760CE83990D351D, 3812D179C1B1393263E9E2E1EC5A2CF7EFB4834AD8A242760000D625E899B82E ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:56:03.0019 0x06dc  swenum - ok
20:56:03.0066 0x06dc  [ 6E737CDCBAEDF1ECE23008006C7D5D56, CE9716680ABF5675AA64E495D72151CC197C77B3012B44467EE49725CCEF9DDE ] swprv          C:\Windows\System32\swprv.dll
20:56:03.0113 0x06dc  swprv - ok
20:56:03.0191 0x06dc  [ D7DC30B8B41E7A913C3FCCC0631E72EC, B066708F75231547D263BEEA265CC5B7D87F4DF52174BF5CA141D2FD9B49E546 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
20:56:03.0207 0x06dc  SynTP - ok
20:56:03.0300 0x06dc  [ 319CD0F6C7E5D67CD2DA7BBFBE40DBA4, B8C82005B72F17632AC7D64AF1E1AD0CCBE998DB2A4D1C4AE44DED6BB9DABC28 ] SysMain        C:\Windows\system32\sysmain.dll
20:56:03.0394 0x06dc  SysMain - ok
20:56:03.0441 0x06dc  [ 09746CE866FA24CAA272895032BF5321, 17F6E68D217CA93DACC25199B936F223CDABF47E30A2EA2F0DB5AE56ACE21DB4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:03.0441 0x06dc  TabletInputService - ok
20:56:03.0488 0x06dc  [ 3457C873A024054E9E4C44A803D15C4A, E1F286774334DB9B6902C21C697C0E80F06E4BEA0CFD7B1C9A87E60A58CD73D4 ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:56:03.0503 0x06dc  TapiSrv - ok
20:56:03.0535 0x06dc  [ 000106A912AD243F952BC9FB1F148894, BC720F999533E1193D49B55293DFFA4C78598B81ADDF184F6625C414AB9FB948 ] TBS            C:\Windows\System32\tbssvc.dll
20:56:03.0550 0x06dc  TBS - ok
20:56:03.0660 0x06dc  [ 473DAB2B280C4751D1C3C67D5925D666, 2657D8E41C265B5F7C32C03C8533FAFFFA8567836B55D146943AE8CBBBE108A5 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:56:03.0738 0x06dc  Tcpip - ok
20:56:03.0847 0x06dc  [ 473DAB2B280C4751D1C3C67D5925D666, 2657D8E41C265B5F7C32C03C8533FAFFFA8567836B55D146943AE8CBBBE108A5 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:56:03.0925 0x06dc  TCPIP6 - ok
20:56:03.0988 0x06dc  [ 0170BFD116D6558AAC26F6CC0F8449EE, D82001163A23827B8FBDAF5F9F6A0B64845E6CBD08F5326532973D870F7AA8CE ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:56:04.0003 0x06dc  tcpipreg - ok
20:56:04.0035 0x06dc  [ C7DAEB5D031852527CEB793060B828AE, 2B39B9FE2A2ACA84251861BC092E851CCE01897635FF26FFD5422FD830B1D8C1 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:56:04.0035 0x06dc  TDPIPE - ok
20:56:04.0066 0x06dc  [ DAB2F3AC2969A501213B1E3A1E007C72, A2B78193B2B1D43AC4A272D7C79B09160D4CE28F947D72856C2E90DBF673E9D3 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
20:56:04.0066 0x06dc  TDTCP - ok
20:56:04.0097 0x06dc  [ 890765BBEE701E758E35BF8E2EF1857C, A66D81A180318C67AF093C82590B1FDE82E186BFEF7745CAEE39F03D95A29173 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:56:04.0097 0x06dc  tdx - ok
20:56:04.0113 0x06dc  [ E7E96BE4914A6DCDF1ED6E2081362CE4, BAC1BF367D96CAE57F2DCCFA7238901C042584ED764701696F49E5E0070A478C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:56:04.0128 0x06dc  TermDD - ok
20:56:04.0191 0x06dc  [ FC99ECA97106EA2D721E9FC90B4527B8, 58ECEC5B1B5632711A88329C1C250ABAF684EB7C744C3AF7C688CAE5E4127343 ] TermService    C:\Windows\System32\termsrv.dll
20:56:04.0222 0x06dc  TermService - ok
20:56:04.0253 0x06dc  [ 94023D02EEC1498A9C71A7AED48F539E, 91EC830968AD4F090D35C841F95A8A8D241126E10C7DDC455EE7D11BE3387F2E ] Themes          C:\Windows\system32\themeservice.dll
20:56:04.0253 0x06dc  Themes - ok
20:56:04.0285 0x06dc  [ C93856D7B07CA30B7B451CCDE12CF873, 6F94494499E1A71BBC009E0D9353A91D0A8F284680E5E26C2808162440FCA132 ] THREADORDER    C:\Windows\system32\mmcss.dll
20:56:04.0285 0x06dc  THREADORDER - ok
20:56:04.0394 0x06dc  [ 0A03E85A641F2672796D34F506066594, B2AA139CC53F25DB1709844483D404A8FA1D010167BCF164B4A31A029C606F7D ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:56:04.0394 0x06dc  TomTomHOMEService - ok
20:56:04.0441 0x06dc  [ C1F675E0C42FBE2E5B8510398E609DA2, 3248E1CAAA3B07B34AA77CD6D38BAF0C3B062B01AE21111EB5554014E0032370 ] TrkWks          C:\Windows\System32\trkwks.dll
20:56:04.0457 0x06dc  TrkWks - ok
20:56:04.0519 0x06dc  [ 4024A2EBD2E265DD093FABC775D79056, 42E51007ADAD9E45DCF8D050691E241562DDA4336D6EED3545B89BF228D31257 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:04.0550 0x06dc  TrustedInstaller - ok
20:56:04.0597 0x06dc  [ 08063D8CA891B2A9D3C9CAE14545D604, E832BA6DA3C1625DD20AB6CB9CD4255DE903B6502ADC72C14BD13A741353D71A ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:04.0597 0x06dc  tssecsrv - ok
20:56:04.0644 0x06dc  [ 8BF40BED3FFA9BEF8C1940A3791268FF, 18F232161D3BA06B88DAA7F4EC5F741106E853175BF6158FD91DC972D87B1CC9 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:56:04.0644 0x06dc  tunnel - ok
20:56:04.0675 0x06dc  [ A6EA1C98AE00FB7146CD75C34C456196, DB0FF01E960999F2C2F2672215425AC977748562C1F03D689A2AAC35E157AA90 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:56:04.0675 0x06dc  uagp35 - ok
20:56:04.0722 0x06dc  [ E7E2E29E829BA45B60786DCF397B187B, DF0A1800FEA011126F09D2123864260554439944F84FE08AEB7E806B57FE49FC ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:56:04.0738 0x06dc  udfs - ok
20:56:04.0800 0x06dc  [ C454C20BFD173BE47D2D1E4ADADF6BDD, A14087843C94C20A43E8D0BAAE0C1CDC0CA9F9629C2A28528D81096D5C122ECE ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:56:04.0816 0x06dc  UI0Detect - ok
20:56:04.0832 0x06dc  [ 47EFFDBE173AC5AE56D1F2F3354269AE, 6015EF17003280638EE458ECE9BB67A87597D7CFDDE673F8B5BAAE2A8899B665 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
20:56:04.0832 0x06dc  uliagpkx - ok
20:56:04.0878 0x06dc  [ BEEB0013A4BACFF04A250E1EE144A317, E39C884145390E392CDB404BAD362D60CF7A2CA569B2D351BB1815797F499A50 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
20:56:04.0878 0x06dc  umbus - ok
20:56:04.0910 0x06dc  [ 5F7F103E240A6464D532B4090C897C93, 728DD32677DC5E09A8F744C2E96D3E8F9B137A01AE6EB6B7668A29ED0D6C1B29 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:56:04.0910 0x06dc  UmPass - ok
20:56:04.0957 0x06dc  [ 64CE528A4BA316F14D443C63994DFA12, DB9DF6CDDFE2B4B853178E40EF678B70D316EF33591F649C7C200326A790CE2B ] UmRdpService    C:\Windows\System32\umrdp.dll
20:56:04.0988 0x06dc  UmRdpService - ok
20:56:05.0035 0x06dc  [ 2004068AB5045271C5520F5CD254B935, DFF04713C6D97DE48313582DA37893E51C2FD522094E8679972E4B8790AC5CAC ] upnphost        C:\Windows\System32\upnphost.dll
20:56:05.0050 0x06dc  upnphost - ok
20:56:05.0082 0x06dc  [ 377A860798C291A032AFDBC8039B0188, 00DD05D671D687F6C0442949C8DB929A74B981AD5DAF628AEB3EC2901BBD017F ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:05.0144 0x06dc  usbccgp - ok
20:56:05.0160 0x06dc  [ 640A8D954FC6E04B93F0A0A95F7DA145, 8149A93E161AB22D26C9B1A466B53279B7DDF7A59644980F052D4F3B7E966A51 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
20:56:05.0175 0x06dc  usbcir - ok
20:56:05.0222 0x06dc  [ 9CFC87D59D71920A3249CB971ED13E8E, 3574A33862532DB135D4AB921A98515EC54F4BE90C73A51333D48453DA2BD59A ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
20:56:05.0222 0x06dc  usbehci - ok
20:56:05.0253 0x06dc  [ 23BDE1EFE718BB471EB663B40E0EC472, 655A6A965399DFAFA32FF7D7613E4FCB7D8A583CFD12B6D7BB1858160E259D1A ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:56:05.0269 0x06dc  usbhub - ok
20:56:05.0300 0x06dc  [ 9256702AA6C353EE79F05D76A030B059, A8CC8AB8230741E6D3D6A501D1488437FE023A2F5E05F178FAC2FF1C12856C8C ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
20:56:05.0300 0x06dc  usbohci - ok
20:56:05.0332 0x06dc  [ 284947FB10AA17D7FA8BAF8171D4E2D0, C1B61EAD81C16E2610BE791440AEC4E83827FB3DE98AAD7461CCD5FEBE17098D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:56:05.0347 0x06dc  usbprint - ok
20:56:05.0410 0x06dc  [ FAC2B913C560833B3F2D90C384862B83, 119381A8362AFD4FA86A54BB30513D10C816DDC175D2C8EF60E95B05A2587B68 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
20:56:05.0425 0x06dc  usbscan - ok
20:56:05.0457 0x06dc  [ F499B234ABEF64AE74F49017D239F869, C383EADEBB683AE83B4456BCA80C7FC3EBA34E5C9A4CC75EC8B8716B50954283 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:05.0519 0x06dc  USBSTOR - ok
20:56:05.0535 0x06dc  [ A3C059DF87935DF5594FA4A2AF1021ED, BF13467181D05D82468808C3AED115E4946A24EDCA6794F00ED0E99CA9991FFF ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
20:56:05.0535 0x06dc  usbuhci - ok
20:56:05.0597 0x06dc  [ 3C6A99BE30FF29C8148B106553C9CEB1, B8478621718F3557A53E0AFE9AC24C60BD6CFF580DC3917148B3FBDAC6B9C5BE ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:56:05.0628 0x06dc  usb_rndisx - ok
20:56:05.0660 0x06dc  [ 31298BFA1D5D4376CED85AF1B4FE17E2, A91B8F12C59AF3FEC7A3578DFB9CBD3A5FEF51ABC2BAE88E8A014DCD7A9471EB ] UxSms          C:\Windows\System32\uxsms.dll
20:56:05.0660 0x06dc  UxSms - ok
20:56:05.0691 0x06dc  [ 62C4EF46A710A84416AEA89E52C01833, 55153A7FBD5B43A0C756E14CE1CADED4A2D49D5739DC779F05936BA527A3D225 ] VaultSvc        C:\Windows\system32\lsass.exe
20:56:05.0691 0x06dc  VaultSvc - ok
20:56:05.0722 0x06dc  VComm - ok
20:56:05.0753 0x06dc  VcommMgr - ok
20:56:05.0785 0x06dc  [ B5B5E2A18CBEDC1DD61E40F21F00213B, 70F03C09B5F1F3C5134F26F2010DD866F5324C6BC94E8F06B3982B16E2D58099 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
20:56:05.0785 0x06dc  vdrvroot - ok
20:56:05.0847 0x06dc  [ E95EABEA8E555D1EDDDCFB15B26E06EE, 045186DB9CFD21DB70A15111E307CEB15929972E56F8A039BBEB1DF17077AA5A ] vds            C:\Windows\System32\vds.exe
20:56:05.0878 0x06dc  vds - ok
20:56:05.0925 0x06dc  [ DA332C7F0C9B7CAEC2D09F87689574AA, 72C644B7ACE22EDBFB78F4769893AD27193EBD6FAA7872C52798CA36563F20B2 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:05.0925 0x06dc  vga - ok
20:56:05.0941 0x06dc  [ 7531D05C60B312963E8242BFC2A2DB43, FED6336FF5D7468D5340B84C15CC7833343360DE0C27699A513EA01D04663DDA ] VgaSave        C:\Windows\System32\drivers\vga.sys
20:56:05.0957 0x06dc  VgaSave - ok
20:56:05.0988 0x06dc  [ 3BAA3E8C5CE25587808C98A984731750, D35B1D138CBA8D5CC000F0ADCD4ACA63418E4128E401FBB537F1C9526E93765A ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
20:56:06.0003 0x06dc  vhdmp - ok
20:56:06.0019 0x06dc  [ A6F20C29AF56AF5135C321B83D9A0CD6, 4455BF1A673B9B5C33408A9BC79CD2AF6BAED1B7E2128740305452DB19338751 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
20:56:06.0035 0x06dc  viaagp - ok
20:56:06.0050 0x06dc  [ 4E5FFE098CCD24379EE03E415B2637C6, 99C5F8AF1BA6BA5D4EA67025E61488B1BA16955B9C84885BE60689BE7F033695 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
20:56:06.0050 0x06dc  ViaC7 - ok
20:56:06.0082 0x06dc  [ E7FE0D0691708C8CEE8725211F634E61, 357EA8DE43B614076E029AF6286C3D3E87BC6987AF4D607848E51A12C3063D99 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
20:56:06.0082 0x06dc  viaide - ok
20:56:06.0128 0x06dc  [ 8752DB3BEAC56F4C30C5F8DEDD057F1E, 1983CDB0E4D7BB6FE98D01BD8E6A1DE5CEAECADCD5503DD47D67433502A1D852 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
20:56:06.0144 0x06dc  vmbus - ok
20:56:06.0160 0x06dc  [ D2AA31DD936099F9694CAC96492C746E, 02D24C98D0CD2A61FD12E9DA9F1FFAF43C94860435E11DED61ABBC56E411CE6C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
20:56:06.0175 0x06dc  VMBusHID - ok
20:56:06.0191 0x06dc  [ 54A999F5A4F9C166DE86BACC0FE3A992, 7FF3D9BFA386640959C1068BE82D48FED17361F9311535E08D7201F339AB4394 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
20:56:06.0191 0x06dc  volmgr - ok
20:56:06.0238 0x06dc  [ BED15F4120480452FC924D216A38DA67, F62B14C0DD25CA0D7200EC6CD464D0393EB2D581C0A7E0C6192AEA5E0FBADA85 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:56:06.0253 0x06dc  volmgrx - ok
20:56:06.0285 0x06dc  [ 803F111D3DBA35D34DE1F0AC12517DE8, 398E4C4562B915F7CB411A358EB684B52421ACDDE61758CA96C7663AD14F2BC4 ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
20:56:06.0316 0x06dc  volsnap - ok
20:56:06.0363 0x06dc  [ 013A033EF110AF1AC145F13BAD8592AF, E88C6E02FB41DF825C04A1902F0B478C52A8B2603C922FA7DA15B98D60305D4F ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
20:56:06.0378 0x06dc  vsmraid - ok
20:56:06.0472 0x06dc  [ B593871B748F4C2F246FEEFDA1D04939, 32AD2411874837903A8C8CDD38C4AA94F24E5B56B204035FFA53D8FF4F647EC1 ] VSS            C:\Windows\system32\vssvc.exe
20:56:06.0550 0x06dc  VSS - ok
20:56:06.0613 0x06dc  [ A864E0BFE76383ED7D5FFCA51DCC0D5B, ED5FBBFAF78ED27D956DB4DAEEF4998F922C2817657ED20B1F9339C4CDE749F1 ] VSTHWICH        C:\Windows\system32\DRIVERS\VSTICH3.SYS
20:56:06.0644 0x06dc  VSTHWICH - ok
20:56:06.0722 0x06dc  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] VST_DPV        C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:56:06.0785 0x06dc  VST_DPV - ok
20:56:06.0816 0x06dc  [ 56021863CAA995A086BFDDB659D91A84, 2F266D528E4C3C9D894C95A2AA330AEB3DBC45556559B526842787B05D60DC6E ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:56:06.0832 0x06dc  vwifibus - ok
20:56:06.0878 0x06dc  [ 6FAAC3E3EB2BBAFE3881C457FB02790B, E5E8334A979619B881D3B859B4198DEF7C61EF7A0B7B22868AD9AA44D6622B26 ] W32Time        C:\Windows\system32\w32time.dll
20:56:06.0894 0x06dc  W32Time - ok
20:56:06.0925 0x06dc  [ A7088FA2F8904AAEBF81943469AF590C, AB86F634DA970C47692CC790E44277DB88D4D5E703AE147107252889BD9DE700 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:56:06.0925 0x06dc  WacomPen - ok
20:56:06.0972 0x06dc  [ 60DB77528322077833FB048FAF66BB81, 7D87752D1141A2C4403CCC17EB84DE979C86FE1DFE49BD187A1809A70A5B89A3 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:56:07.0003 0x06dc  WANARP - ok
20:56:07.0019 0x06dc  [ 60DB77528322077833FB048FAF66BB81, 7D87752D1141A2C4403CCC17EB84DE979C86FE1DFE49BD187A1809A70A5B89A3 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:56:07.0019 0x06dc  Wanarpv6 - ok
20:56:07.0160 0x06dc  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
20:56:07.0253 0x06dc  WatAdminSvc - ok
20:56:07.0363 0x06dc  [ B0CF2A7E992CE86E822F99063F004FD7, 21B96AFB35A653091F59A959EA764546AA81233BF271AC5DA8CDFB2E1492EEC4 ] wbengine        C:\Windows\system32\wbengine.exe
20:56:07.0441 0x06dc  wbengine - ok
20:56:07.0488 0x06dc  [ 1A57CF6CF234C7F18EE208F207C001D9, 756133C7CAEB147D0E647F8D78E9D9C9BE50B06CEA4018C3B517185F4D5DA295 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:56:07.0519 0x06dc  WbioSrvc - ok
20:56:07.0566 0x06dc  [ 95534CEC9D3851D4389701697D32CE58, 9D98EBB498E1DD197FAAC2E943BE66668F7FF1DF0288C9216678C50817FE1684 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:56:07.0597 0x06dc  wcncsvc - ok
20:56:07.0628 0x06dc  [ 5953DD81F64F63376E016E2D0B8AF7AF, 73F89D54D5C71B9081446B2944277E4AF85036325F5E2239FA8BBCA17AA14393 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:56:07.0628 0x06dc  WcsPlugInService - ok
20:56:07.0660 0x06dc  [ 3792FEC814984456C0E613E2371AA09B, B2E59C8EB013B21C1900963624ABEE2F2D766DB1682DAE869A53C3F93AC357DA ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:56:07.0660 0x06dc  Wd - ok
20:56:07.0707 0x06dc  [ 6D77FF2224D2D3984760ACBDF4024A7B, 51B4CE08FE2B8B39976E9445BEB5798E13B1F695DA487AC3359A3B04CB2BF738 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:56:07.0738 0x06dc  Wdf01000 - ok
20:56:07.0785 0x06dc  [ EA74F16E30F11AD8E2A6B16324102BB9, BBDA33A353A5E800E2733B7E5B1B518E17AD1FAA5ECFF90DA1795399FE1E1A7F ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:56:07.0800 0x06dc  WdiServiceHost - ok
20:56:07.0832 0x06dc  [ EA74F16E30F11AD8E2A6B16324102BB9, BBDA33A353A5E800E2733B7E5B1B518E17AD1FAA5ECFF90DA1795399FE1E1A7F ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:56:07.0832 0x06dc  WdiSystemHost - ok
20:56:07.0878 0x06dc  [ 8E4355AE3067A9AF4BD60A319F457C81, 5311B3F22ED1C43A7C298F8BD143E8BEEF7B6440027D30767A612DACACDFE03D ] WebClient      C:\Windows\System32\webclnt.dll
20:56:07.0910 0x06dc  WebClient - ok
20:56:07.0941 0x06dc  [ 22A4C39F275025F7AFD9A11FDCFC9F29, AD083A3A3D513EDCF62742083F75B38FF4F38789918E49DCA3EE007C24F02E07 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:56:07.0972 0x06dc  Wecsvc - ok
20:56:08.0003 0x06dc  [ 63D184936C3F6615982415BD01EBE67E, 07D7B41BA3F961FCB2B909EE7CD3E22C172DCE1C587E69D257C734DB513DF0B5 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:56:08.0003 0x06dc  wercplsupport - ok
20:56:08.0050 0x06dc  [ E2773587982476DD5B5744C4DF297018, 187207B65BC0A4A5EF784F78AD9AB1B5D39279A90301B683201FBFBC2865F0E6 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:56:08.0050 0x06dc  WerSvc - ok
20:56:08.0097 0x06dc  [ CD2DBAA438F0A01BB82101F56ECE5B6E, B638843BDB759EE572C98D9A90591FDE10193E17BD9AEE9A1E65431418CC82A4 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:56:08.0097 0x06dc  WfpLwf - ok
20:56:08.0113 0x06dc  [ FCBEAE96A408C8F2E0B94BE2AB712864, D606D9375A584DF88024264DFD15F677587C04A96B44B63A5AFC7A0E1D24A0E8 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:56:08.0113 0x06dc  WIMMount - ok
20:56:08.0191 0x06dc  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:56:08.0238 0x06dc  winachsf - ok
20:56:08.0347 0x06dc  [ 5B149783C197C78A2CED7C9F4765DEC9, C6A399266779703385782EB3194F371744677DEACA1150215F3D1A06FB5F7497 ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
20:56:08.0394 0x06dc  WinDefend - ok
20:56:08.0410 0x06dc  WinHttpAutoProxySvc - ok
20:56:08.0488 0x06dc  [ 596234DFAEABD61D4AC9BC19E5D20DFD, E58D040B65507B32EA9B9B2EC907F77AD6916EEAF6E0AE822DEB70DBF1ACB3AD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:56:08.0519 0x06dc  Winmgmt - ok
20:56:08.0628 0x06dc  [ F194AB265D86DF54453DDD4478EE34DE, 0343A2A40015D40ABDC53EE8411C2359370C8B30D81BE7D4358B71F7DE59741D ] WinRM          C:\Windows\system32\WsmSvc.dll
20:56:08.0707 0x06dc  WinRM - ok
20:56:08.0816 0x06dc  [ 7EF1FF64EC9C280F3342F22CC48513A2, E413A084D41851A581CA0A3A10A11A36190F161F33B481FABF748DF6461812B8 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:56:08.0863 0x06dc  WinUsb - ok
20:56:08.0925 0x06dc  [ 2B9225D627AECB9152AC5B2ADB4F4E11, 38FBF13DBD5F9C65256F91E44FD4EB54F87ED8AF05C173C54C0908A5DA82C426 ] Wlansvc        C:\Windows\System32\wlansvc.dll
20:56:08.0988 0x06dc  Wlansvc - ok
20:56:09.0019 0x06dc  [ 02B1FBFD9828986BF73051CBE6F7ACCC, 0DAA781C1F511BE73B97FF4026E9EE8EEA5D6034A8D09DEB51C477B936EC24EE ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
20:56:09.0019 0x06dc  WmiAcpi - ok
20:56:09.0066 0x06dc  [ 916688210A461CA88A09D7D271185E9F, 3E98473F072C4D1CDDB5745C2A90245885B06A2A1D4F115D41A9DE1043C88DD5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:56:09.0082 0x06dc  wmiApSrv - ok
20:56:09.0191 0x06dc  [ 865BC1B77DA7A12B07C2DD70D1427A40, 0D4C1E5263A6E9B62F108981673CC24A38E9F85B903DB4407912A1784EE7059D ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
20:56:09.0253 0x06dc  WMPNetworkSvc - ok
20:56:09.0285 0x06dc  [ 520F8AE4641390013D0246AF0DCF1089, B46E1101249D2490A3821EB9DB516552FAFFADE4B04FF3789029F223237DCFDF ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:56:09.0316 0x06dc  WPCSvc - ok
20:56:09.0363 0x06dc  [ 470E5279C5C552CFDC9B170C28BFC0E1, 4A8A97AB937EC743914F846D9B3B5A7DAD986949781E8E38842EE3F4FFC0C05B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:56:09.0394 0x06dc  WPDBusEnum - ok
20:56:09.0410 0x06dc  [ 2482D8B39E0010AD1BB2EA08703E4783, 81D8E078986F79377390FFB72E9D380641AB0166229AB3F4F179DB031F0F26B9 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:56:09.0410 0x06dc  ws2ifsl - ok
20:56:09.0441 0x06dc  [ 58B05154B6BD934A529FE547BF74A847, D5356418B29EE50CEFEA75679256B6FD6A41CD5BABA2FA7F17CA0EA7D8B2645F ] wscsvc          C:\Windows\System32\wscsvc.dll
20:56:09.0457 0x06dc  wscsvc - ok
20:56:09.0472 0x06dc  WSearch - ok
20:56:09.0675 0x06dc  [ D598DCD9CDF64336377B6A84F1B63608, E5BAFD50D1EC4F87217C0B4D3692EB18B6BE746BE7C1120DB81C08BD44F71AF6 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:56:09.0816 0x06dc  wuauserv - ok
20:56:09.0863 0x06dc  [ 586BC56459B6E4A3A9CBDDB9A117AEF5, CB92A2C270F6F09DDECCE6F5C786BC417416FD362E7844D8744B242AAB81BFF6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:56:09.0894 0x06dc  WudfPf - ok
20:56:09.0941 0x06dc  [ F29B56BC536289E05CB01E36F5C7F6BA, FEB29F778A3B6F69DD4292A0147E4CA98D2D6A8BF963FF8F6A1A45A0C8DD81E2 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:09.0972 0x06dc  WUDFRd - ok
20:56:10.0003 0x06dc  [ 2C5330D73ACB59242DBBD0489D40DAD5, 598CE0C0DE652E69B32422C4702081FAD3B7D79261213B80804798FF4567C1D8 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:56:10.0035 0x06dc  wudfsvc - ok
20:56:10.0082 0x06dc  [ F366BE88D3DE8F8BA0A45D70817B47F4, B39842B05BE7F94BE0BACBC5E73BD1A67C1515905D969592CDE4938E3A905B17 ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:56:10.0160 0x06dc  WwanSvc - ok
20:56:10.0253 0x06dc  ================ Scan global ===============================
20:56:10.0300 0x06dc  [ 17B2B90E90D8E9DACB20CD14AD7AF480, 2BC67C89C39AF0B4CD5649E18A7ACAABC4F4565B64D4C48AFD7A984AA1E54876 ] C:\Windows\system32\basesrv.dll
20:56:10.0441 0x06dc  [ 0EDE23A3639AB9B78F8A15BC6B34F2CA, 7240E0D68BB2DF5CB632ABD6BFDD79F5253BB7666165EB6B68F3EAE63E76B253 ] C:\Windows\system32\winsrv.dll
20:56:10.0472 0x06dc  [ 0EDE23A3639AB9B78F8A15BC6B34F2CA, 7240E0D68BB2DF5CB632ABD6BFDD79F5253BB7666165EB6B68F3EAE63E76B253 ] C:\Windows\system32\winsrv.dll
20:56:10.0675 0x06dc  [ 0036FB155FF5D40319CE79EF4284DFE4, 531B5788D41DFAF33E43D385AFC692F77E81ABA83515A01A9C9522A0E1024B2C ] C:\Windows\system32\sxssrv.dll
20:56:10.0722 0x06dc  [ 77474E495E99CCE05AD2720E6FA85A35, B5164ABDE1BA19DF596475765BCECB80054FF400A8BE63C2B6A9F5D25035D792 ] C:\Windows\system32\services.exe
20:56:10.0738 0x06dc  [ Global ] - ok
20:56:10.0738 0x06dc  ================ Scan MBR ==================================
20:56:10.0769 0x06dc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:56:11.0003 0x06dc  \Device\Harddisk0\DR0 - ok
20:56:11.0019 0x06dc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:56:11.0019 0x06dc  \Device\Harddisk1\DR1 - ok
20:56:11.0035 0x06dc  ================ Scan VBR ==================================
20:56:11.0035 0x06dc  [ 8892CB5DA7B4F10293B5B350692907CD ] \Device\Harddisk0\DR0\Partition1
20:56:11.0035 0x06dc  \Device\Harddisk0\DR0\Partition1 - ok
20:56:11.0050 0x06dc  [ E05DFA9DCED56D1CD1826BEB13CD8B9B ] \Device\Harddisk0\DR0\Partition2
20:56:11.0050 0x06dc  \Device\Harddisk0\DR0\Partition2 - ok
20:56:11.0066 0x06dc  [ C20028E8BC271DBF9E4BD2493E159147 ] \Device\Harddisk1\DR1\Partition1
20:56:11.0066 0x06dc  \Device\Harddisk1\DR1\Partition1 - ok
20:56:11.0066 0x06dc  ================ Scan generic autorun ======================
20:56:11.0253 0x06dc  [ 66A3CF1B8A895FCB2A62599D2EAE3066, CC403A231E6AB5822C1F3246C16735F8F2ED0C0433E4F7FCFA3EDC23436EFA17 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:56:11.0394 0x06dc  SynTPEnh - ok
20:56:11.0503 0x06dc  [ 03396637E1E1B4E333D00AED86178918, CF582487E856D01C960392AC658E8D36A92F2B2B4B9AEA9BFC9E6F75FBAD6571 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:56:11.0535 0x06dc  MSC - ok
20:56:11.0691 0x06dc  [ D34C5E15A19AEC85E827962C2EFB957F, C143F689D0662AA8DE58BA54633157C27EF127EBC3E7D0FC561780190D4F537A ] C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
20:56:11.0738 0x06dc  QHSafeTray - ok
20:56:11.0863 0x06dc  [ 04271B50F0EA2BF52A8069911372316B, 111EA6B190C48B92638ED0A97B67CCC4816A8614497C72EEFFBF65ACB6E495A2 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:56:11.0941 0x06dc  Sidebar - ok
20:56:12.0003 0x06dc  [ 3E319D78A59D9A8BA3B21DB83C688F59, 7F783E6084C13B1C68DBB813856F159CF68107D45350D76F77DB8CE42F3092D9 ] C:\Windows\System32\mctadmin.exe
20:56:12.0035 0x06dc  mctadmin - ok
20:56:12.0113 0x06dc  [ 04271B50F0EA2BF52A8069911372316B, 111EA6B190C48B92638ED0A97B67CCC4816A8614497C72EEFFBF65ACB6E495A2 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:56:12.0191 0x06dc  Sidebar - ok
20:56:12.0222 0x06dc  [ 3E319D78A59D9A8BA3B21DB83C688F59, 7F783E6084C13B1C68DBB813856F159CF68107D45350D76F77DB8CE42F3092D9 ] C:\Windows\System32\mctadmin.exe
20:56:12.0222 0x06dc  mctadmin - ok
20:56:12.0316 0x06dc  [ 04271B50F0EA2BF52A8069911372316B, 111EA6B190C48B92638ED0A97B67CCC4816A8614497C72EEFFBF65ACB6E495A2 ] C:\Program Files\Windows Sidebar\sidebar.exe
20:56:12.0347 0x06dc  Sidebar - ok
20:56:12.0503 0x06dc  [ F1DC2458DFC929331F2FE071EB17CFE8, 2A046F41DC0C2A72B425812D5EEBC5FF8B0970DB492646A979FA242ECB63CCD1 ] C:\Program Files\MyDrive Connect\MyDriveConnect.exe
20:56:12.0519 0x06dc  MyDriveConnect.exe - ok
20:56:12.0566 0x06dc  [ 3C8989CF2B59228785F16B3EB547F58C, B410410258129E00B16EDF404F6A8BEDD8E1A6598864F000056D352A002607D9 ] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
20:56:12.0566 0x06dc  TomTomHOME.exe - ok
20:56:12.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:13.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:14.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:15.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:16.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:17.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:18.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:19.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:20.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:21.0582 0x06dc  Waiting for KSN requests completion. In queue: 294
20:56:22.0800 0x06dc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
20:56:22.0800 0x06dc  AV detected via SS2: 360 Total Security, C:\Program Files\360\Total Security\safemon\QHSafeTray.exe ( 6.6.0.1002 ), 0x51000 ( enabled : updated )
20:56:22.0910 0x06dc  Win FW state via NFP2: enabled
20:56:32.0597 0x06dc  ============================================================
20:56:32.0597 0x06dc  Scan finished
20:56:32.0597 0x06dc  ============================================================
20:56:32.0613 0x0f30  Detected object count: 0
20:56:32.0613 0x0f30  Actual detected object count: 0
Danke!
norxi

P.S.: die Anzeige am Monitor nach der Eingabe ist immer noch verzögert

schrauber 23.05.2015 19:45
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

norxi 24.05.2015 11:34
hi,

habe Combofix.exe auf den Desktop gespeichert, Antiviren-Software deaktiviert und Combofix.exe gestartet, ist ca. 2 Minuten gelaufen, aber leider gab es weder Meckereien noch war danach eine C:\Combofix.txt zu finden. Sorry! Was könnte ich falsch gemacht haben?

sorry, hab vergessen zu erwähnen, dass am Ende des (kurzen) Laufes von ComboFix die Warnung gekommen ist: Do not run ComboFix in Compatibility Mode. Doing so may damage the machine. Ich habe OK gedrückt, dann war nichts mehr (wie gesagt auch keine C:\Combofix.txt).

schrauber 25.05.2015 10:18
What? Du hast doch Win7? :wtf:


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

norxi 26.05.2015 15:19
next step
 
Hi Schrauber,
habe alles gemacht wie angeordnet, mit kleinen Pannen: meine Sicherheits - Software hat den FRST.exe als Trojaner erkannt und gleich gelöscht. Ich wusste leider nicht, bei welchem Scan ich online sein muss und bei welchem nicht. Online bei ausgeschaltetem Virenscanner soll ja nacht so gut sein ...


1. AdwCleaner:
Code:
# AdwCleaner v4.205 - Bericht erstellt 26/05/2015 um 14:48:54
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Lokal]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : w7 - W7-PC
# Gestarted von : C:\Users\w7\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7100.0


-\\ Mozilla Firefox v38.0.1 (x86 de)

[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"bef49ece97b35f767cda312d22c94d84a419ce59\"");
[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"0290172b5bfbe2af74d4cc713116b6d9d304d8cd\"");
[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1432240596876");
[m623rhua.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"2020Player@2020Technologies.com\":{\"d\":\"C:\\\\Users\\\\w7\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m623rhua.default\\\\extens[...]

*************************

AdwCleaner[R0].txt - [11733 Bytes] - [23/11/2013 14:15:07]
AdwCleaner[R1].txt - [1846 Bytes] - [26/05/2015 14:39:06]
AdwCleaner[S0].txt - [11678 Bytes] - [23/11/2013 14:17:43]
AdwCleaner[S1].txt - [1820 Bytes] - [26/05/2015 14:48:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1879  Bytes] ##########
2. JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.0 (05.25.2015:1)
OS: Windows 7 Ultimate x86
Ran by w7 on 26.05.2015 at 15:12:43,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\w7\AppData\Roaming\mozilla\firefox\profiles\m623rhua.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\w7\AppData\Roaming\mozilla\firefox\profiles\m623rhua.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\w7\AppData\Roaming\mozilla\firefox\profiles\m623rhua.default\prefs.js

user_pref(avira.safe_search.installed, [\safesearch\]);
user_pref(avira.safe_search.search_was_active, false);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.bootstrappedAddons, {\safesearch@avira.com\:{\version\:\1.1.5\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\w7\\\\AppData\\\\Roaming\\\
user_pref(extensions.safesearch.MP_DISTINCT_ID, \0a31b17df6716b44faf796fcc0ce33ccc73e0acd\);
user_pref(extensions.safesearch.SAUTH_rndsnr, \cbe140a5da5ea071e26d5d113dd3522f7e87218f\);
user_pref(extensions.safesearch.install, 1432644907259);
user_pref(extensions.xpiState, {\app-profile\:{\2020Player@2020Technologies.com\:{\d\:\C:\\\\Users\\\\w7\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m
Emptied folder: C:\Users\w7\AppData\Roaming\mozilla\firefox\profiles\m623rhua.default\minidumps [230 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2015 at 15:17:17,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. FRST-log:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by w7 (administrator) on W7-PC on 26-05-2015 15:53:51
Running from C:\Users\w7\Desktop
Loaded Profiles: w7 & Administrator (Available Profiles: w7 & Administrator)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Office2k\OFFICE11\WINWORD.EXE
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\QHSafeMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1264248 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0901-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0903-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315542-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315549-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {79d78ce0-9a00-11e3-887b-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ab2559e0-8e51-11e3-90ad-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d1df3a90-382b-11e0-94b3-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d61d962c-a305-11df-96de-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d188e-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d1890-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_Win32.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1291470965134
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: hxxp://www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-07] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-04-04] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\2020Player@2020Technologies.com [2010-09-15]
FF Extension: Avira Browser Safety - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\abs@avira.com [2015-04-28]
FF Extension: Bitdefender QuickScan - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Go Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\goParentFolder@alice.xpi [2014-12-01]
FF Extension: Show Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\showParentFolder@alice.xpi [2014-12-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-22]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2014-11-11]
FF HKU\S-1-5-21-3062942232-3235879386-1935734408-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [839792 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680448 2009-04-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2014-11-07] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-05-18] (360.cn)
S3 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-05-18] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2014-11-07] (360.cn)
S1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2014-11-07] (360安全中心)
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [77904 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23120 2009-04-22] (AMD)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470208 2005-12-29] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [169040 2015-03-09] (Qihu 360 Software Co., Ltd.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2014-11-07] (360安全中心)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-11-29] (Elaborate Bytes AG) []
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-02-12] (Elaborate Bytes AG) []
R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22528 2004-02-12] (Elaborate Bytes AG) []
S0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [58440 2015-03-09] (360安全中心)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl5d029f3c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9AB37A4-16B7-48C7-9A57-3D123A8C8127}\MpKsl5d029f3c.sys [39464 2015-05-26] (Microsoft Corporation)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [257352 2014-11-07] (360.cn)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2014-11-07] (360.cn)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-04-22] (Conexant Systems, Inc.)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-04-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 15:47 - 2015-05-26 15:47 - 01147392 _____ (Farbar) C:\Users\w7\Desktop\FRST.exe
2015-05-26 15:17 - 2015-05-26 15:17 - 00001960 _____ () C:\Users\w7\Desktop\JRT.txt
2015-05-26 15:13 - 2015-05-26 15:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-W7-PC-Windows-7-Ultimate-(32-bit).dat
2015-05-26 15:12 - 2015-05-26 15:12 - 00000000 ____D () C:\RegBackup
2015-05-26 15:10 - 2015-05-26 15:11 - 02946703 _____ (Thisisu) C:\Users\w7\Desktop\JRT.exe
2015-05-26 14:32 - 2015-05-26 14:32 - 02222592 _____ () C:\Users\w7\Desktop\AdwCleaner_4.205.exe
2015-05-23 20:59 - 2015-05-23 20:59 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 20:58 - 2015-05-24 13:14 - 00000000 ___SD () C:\32788R22FWJFW
2015-05-23 20:56 - 2015-05-23 20:56 - 05627500 ____R (Swearware) C:\Users\w7\Desktop\ComboFix.exe
2015-05-22 20:52 - 2015-05-22 20:52 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\w7\Desktop\tdsskiller.exe
2015-05-22 08:49 - 2015-05-23 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-22 08:49 - 2015-05-22 19:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 08:47 - 2015-05-22 20:50 - 00000000 ____D () C:\Users\w7\Desktop\mbar
2015-05-22 08:47 - 2015-05-22 19:22 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-22 08:45 - 2015-05-22 08:46 - 16502728 _____ (Malwarebytes Corp.) C:\Users\w7\Desktop\mbar-1.09.1.1004.exe
2015-05-22 07:42 - 2015-05-22 07:42 - 00001410 _____ () C:\Users\w7\Desktop\gmer.txt
2015-05-21 23:58 - 2015-05-21 23:58 - 00380416 _____ () C:\Users\w7\Desktop\Gmer-19357.exe
2015-05-21 23:55 - 2015-05-26 15:53 - 00012282 _____ () C:\Users\w7\Desktop\FRST.txt
2015-05-21 23:55 - 2015-05-21 23:56 - 00024744 _____ () C:\Users\w7\Desktop\Addition.txt
2015-05-21 23:50 - 2015-05-21 23:50 - 00000466 _____ () C:\Users\w7\Desktop\defogger_disable.log
2015-05-21 23:50 - 2015-05-21 23:50 - 00000000 _____ () C:\Users\w7\defogger_reenable
2015-05-21 23:49 - 2015-05-21 23:49 - 00050477 _____ () C:\Users\w7\Desktop\Defogger.exe
2015-05-21 23:28 - 2015-05-26 15:53 - 00000000 ____D () C:\FRST
2015-05-21 22:45 - 2015-05-21 22:45 - 00000000 ____D () C:\Program Files\Common Files\AV
2015-05-21 22:33 - 2015-05-21 22:33 - 00080080 _____ () C:\Users\w7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-21 22:31 - 2015-05-21 22:31 - 00358488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-21 21:55 - 2015-05-21 21:55 - 02347384 _____ (ESET) C:\Users\w7\Desktop\esetsmartinstaller_deu.exe
2015-05-21 20:35 - 2015-05-21 20:35 - 01187496 _____ (Uniblue Systems Limited ) C:\Users\w7\Desktop\pcmechanicpm.exe
2015-05-17 08:10 - 2015-05-17 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-04 18:13 - 2015-05-04 18:13 - 21258466 _____ () C:\Users\w7\Desktop\Garage-Sockel-links.tif
2015-05-04 18:12 - 2015-05-04 18:12 - 21252322 _____ () C:\Users\w7\Desktop\Garagentor.tif
2015-05-03 08:01 - 2015-05-03 08:01 - 00000000 ____D () C:\84bc2ca00468d711748d3b0f9e
2015-04-26 21:21 - 2015-04-26 21:21 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 15:48 - 2009-08-15 12:37 - 01073817 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 15:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-05-26 15:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\$360Section
2015-05-26 15:13 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 15:13 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 14:52 - 2015-02-09 10:16 - 00009184 _____ () C:\Windows\setupact.log
2015-05-26 14:52 - 2009-04-22 10:27 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 14:49 - 2013-11-23 14:14 - 00000000 ____D () C:\AdwCleaner
2015-05-24 12:50 - 2013-12-09 23:21 - 00002127 _____ () C:\Windows\epplauncher.mif
2015-05-23 09:44 - 2014-11-11 22:35 - 00000000 ____D () C:\Users\w7\AppData\Roaming\360safe
2015-05-23 09:33 - 2015-02-09 10:14 - 00024088 _____ () C:\Windows\PFRO.log
2015-05-22 19:12 - 2009-04-22 08:17 - 00000000 ____D () C:\Windows\IME
2015-05-21 23:50 - 2009-08-15 20:34 - 00000000 ____D () C:\Users\w7
2015-05-21 22:45 - 2015-04-10 18:00 - 00001111 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-05-21 22:45 - 2014-11-11 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-05-21 21:52 - 2015-04-10 18:01 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-05-21 18:10 - 2014-11-11 22:33 - 00000000 ____D () C:\ProgramData\360safe
2015-05-18 12:20 - 2014-11-11 22:34 - 00065608 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-05-18 12:20 - 2014-11-11 22:32 - 00202312 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2015-05-17 22:20 - 2012-09-24 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-10-11 09:13 - 2014-10-11 09:03 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av_41834845_cpmtce9iomm1crdat73b_wd.exe
2014-10-11 09:13 - 2014-10-11 08:53 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av___ws.exe
2013-06-26 20:04 - 2013-11-10 23:03 - 0003725 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-11-21 13:52 - 2013-11-21 15:18 - 0000004 _____ () C:\Users\w7\AppData\Roaming\Other.ico
2013-11-19 13:12 - 2013-11-22 15:59 - 0099147 _____ () C:\Users\w7\AppData\Local\ars.cache
2013-11-19 13:13 - 2013-11-22 15:59 - 0255589 _____ () C:\Users\w7\AppData\Local\census.cache
2013-11-19 12:29 - 2013-11-19 12:29 - 0000036 _____ () C:\Users\w7\AppData\Local\housecall.guid.cache
2012-09-24 23:59 - 2013-11-13 10:25 - 0007605 _____ () C:\Users\w7\AppData\Local\resmon.resmoncfg
2013-06-17 12:49 - 2013-06-17 12:51 - 0000352 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\w7\360TS_Setup.exe
C:\Users\w7\AdbeRdr933_de_DE.exe
C:\Users\w7\jxpiinstall.exe


Some files in TEMP:
====================
C:\Users\w7\AppData\Local\Temp\Quarantine.exe
C:\Users\w7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 00:50

==================== End of log ============================
Danke für deine Geduld!
norxi

schrauber 27.05.2015 06:56

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

norxi 28.05.2015 17:14
Hi,
 
1. ESET-log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=484d8a9779ca4a4a9793bb9e785c61f0
# engine=24059
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-28 12:26:44
# local_time=2015-05-28 02:26:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7100 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 46195510 55796397 0 0
# compatibility_mode_1='360 Total Security'
# compatibility_mode=16641 16777213 87 100 501273 17470507 0 0
# scanned=112638
# found=6
# cleaned=0
# scan_time=19514
sh=F2CBBE9867A40A0928542DACE51D8B94957DFCAC ft=1 fh=28920606932e3460 vn="Win32/Systweak.E evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3062942232-3235879386-1935734408-1002\$RKT58XV\systweakasp.exe"
sh=32AA7247383A283E40B388621CF87A3C3BB3BF86 ft=1 fh=4eae06911fbaa0de vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3062942232-3235879386-1935734408-1002\$RKT58XV\TuneupPro.exe"
sh=95AABFBC3A7FCEA51179B455FBDD5B7B4888C6EC ft=1 fh=567a33047db71482 vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3062942232-3235879386-1935734408-1002\$RKT58XV\TuppUns.exe"
sh=D01B747E9F18B8424A16540FBB8561DFA843E67E ft=1 fh=a39b87c7f49e6c63 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dateien - Norbert\Sicherung-NORBERT-10-2014\NORBERT\Karolina\wzmp_8.exe"
sh=3A6AD9C8506F01ACF6A7E497BBBD238A2876E8BF ft=1 fh=8fb38969cb1d9ba4 vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\w7\Desktop\pcmechanicpm.exe"

2. Security Check:
Code:
Results of screen317's Security Check version 1.002 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
360 Total Security             
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51 
 Java version 32-bit out of Date!
 Adobe Flash Player        17.0.0.188 
 Adobe Reader XI 
 Mozilla Firefox (38.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

und ein frisches FRST-log:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by w7 (administrator) on W7-PC on 28-05-2015 18:02:04
Running from C:\Users\w7\Desktop
Loaded Profiles: w7 & Administrator (Available Profiles: w7 & Administrator)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Office2k\OFFICE11\WINWORD.EXE
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Program Files\Office2k\OFFICE11\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1264248 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0901-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {055d0903-6115-11e3-9cd0-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315542-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {4b315549-70c7-11df-9d4b-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {79d78ce0-9a00-11e3-887b-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ab2559e0-8e51-11e3-90ad-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d1df3a90-382b-11e0-94b3-00054e4ed161} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {d61d962c-a305-11df-96de-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d188e-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\...\MountPoints2: {ee6d1890-7181-11e3-926a-00123fedf47b} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3062942232-3235879386-1935734408-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_Win32.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1291470965134
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: hxxp://www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-28] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2009-04-04] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\2020Player@2020Technologies.com [2010-09-15]
FF Extension: Avira Browser Safety - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Bitdefender QuickScan - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Go Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\goParentFolder@alice.xpi [2014-12-01]
FF Extension: Show Parent Folder - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\showParentFolder@alice.xpi [2014-12-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\m623rhua.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-22]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2014-11-11]
FF HKU\S-1-5-21-3062942232-3235879386-1935734408-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [839792 2015-05-18] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680448 2009-04-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2014-11-07] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-05-18] (360.cn)
S3 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-05-18] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2014-11-07] (360.cn)
S1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2014-11-07] (360安全中心)
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [77904 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [23120 2009-04-22] (AMD)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470208 2005-12-29] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [169040 2015-03-09] (Qihu 360 Software Co., Ltd.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2014-11-07] (360安全中心)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-11-29] (Elaborate Bytes AG) []
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-02-12] (Elaborate Bytes AG) []
R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22528 2004-02-12] (Elaborate Bytes AG) []
S0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [58440 2015-03-09] (360安全中心)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl5d029f3c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9AB37A4-16B7-48C7-9A57-3D123A8C8127}\MpKsl5d029f3c.sys [39464 2015-05-26] (Microsoft Corporation)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [257352 2014-11-07] (360.cn)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2014-11-07] (360.cn)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-04-22] (Conexant Systems, Inc.)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-04-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 17:12 - 2015-05-28 17:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 15:48 - 2015-05-28 15:49 - 00852639 _____ () C:\Users\w7\Desktop\SecurityCheck.exe
2015-05-26 15:47 - 2015-05-26 15:47 - 01147392 _____ (Farbar) C:\Users\w7\Desktop\FRST.exe
2015-05-26 15:17 - 2015-05-26 15:17 - 00001960 _____ () C:\Users\w7\Desktop\JRT.txt
2015-05-26 15:13 - 2015-05-26 15:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-W7-PC-Windows-7-Ultimate-(32-bit).dat
2015-05-26 15:12 - 2015-05-26 15:12 - 00000000 ____D () C:\RegBackup
2015-05-26 15:10 - 2015-05-26 15:11 - 02946703 _____ (Thisisu) C:\Users\w7\Desktop\JRT.exe
2015-05-26 14:32 - 2015-05-26 14:32 - 02222592 _____ () C:\Users\w7\Desktop\AdwCleaner_4.205.exe
2015-05-23 20:59 - 2015-05-23 20:59 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 20:58 - 2015-05-24 13:14 - 00000000 ___SD () C:\32788R22FWJFW
2015-05-23 20:56 - 2015-05-23 20:56 - 05627500 ____R (Swearware) C:\Users\w7\Desktop\ComboFix.exe
2015-05-22 20:52 - 2015-05-22 20:52 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\w7\Desktop\tdsskiller.exe
2015-05-22 08:49 - 2015-05-23 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-22 08:49 - 2015-05-22 19:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 08:47 - 2015-05-22 20:50 - 00000000 ____D () C:\Users\w7\Desktop\mbar
2015-05-22 08:47 - 2015-05-22 19:22 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-22 08:45 - 2015-05-22 08:46 - 16502728 _____ (Malwarebytes Corp.) C:\Users\w7\Desktop\mbar-1.09.1.1004.exe
2015-05-22 07:42 - 2015-05-22 07:42 - 00001410 _____ () C:\Users\w7\Desktop\gmer.txt
2015-05-21 23:58 - 2015-05-21 23:58 - 00380416 _____ () C:\Users\w7\Desktop\Gmer-19357.exe
2015-05-21 23:55 - 2015-05-28 18:02 - 00012112 _____ () C:\Users\w7\Desktop\FRST.txt
2015-05-21 23:55 - 2015-05-21 23:56 - 00024744 _____ () C:\Users\w7\Desktop\Addition.txt
2015-05-21 23:50 - 2015-05-21 23:50 - 00000466 _____ () C:\Users\w7\Desktop\defogger_disable.log
2015-05-21 23:50 - 2015-05-21 23:50 - 00000000 _____ () C:\Users\w7\defogger_reenable
2015-05-21 23:49 - 2015-05-21 23:49 - 00050477 _____ () C:\Users\w7\Desktop\Defogger.exe
2015-05-21 23:28 - 2015-05-28 18:02 - 00000000 ____D () C:\FRST
2015-05-21 22:45 - 2015-05-21 22:45 - 00000000 ____D () C:\Program Files\Common Files\AV
2015-05-21 22:33 - 2015-05-21 22:33 - 00080080 _____ () C:\Users\w7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-21 22:31 - 2015-05-21 22:31 - 00358488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-21 21:55 - 2015-05-28 08:55 - 02347384 _____ (ESET) C:\Users\w7\Desktop\esetsmartinstaller_deu.exe
2015-05-21 20:35 - 2015-05-21 20:35 - 01187496 _____ (Uniblue Systems Limited ) C:\Users\w7\Desktop\pcmechanicpm.exe
2015-05-17 08:10 - 2015-05-17 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-04 18:13 - 2015-05-04 18:13 - 21258466 _____ () C:\Users\w7\Desktop\Garage-Sockel-links.tif
2015-05-04 18:12 - 2015-05-04 18:12 - 21252322 _____ () C:\Users\w7\Desktop\Garagentor.tif
2015-05-03 08:01 - 2015-05-03 08:01 - 00000000 ____D () C:\84bc2ca00468d711748d3b0f9e

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 17:36 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 17:36 - 2009-04-22 10:08 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 17:12 - 2012-04-30 13:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-28 17:12 - 2012-04-30 13:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-28 17:12 - 2010-08-21 10:42 - 00000000 ____D () C:\Users\w7\AppData\Local\Adobe
2015-05-28 14:23 - 2009-08-15 12:37 - 01102950 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 15:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-05-26 15:38 - 2014-11-12 00:10 - 00000000 __SHD () C:\$360Section
2015-05-26 14:52 - 2015-02-09 10:16 - 00009184 _____ () C:\Windows\setupact.log
2015-05-26 14:52 - 2009-04-22 10:27 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 14:49 - 2013-11-23 14:14 - 00000000 ____D () C:\AdwCleaner
2015-05-24 12:50 - 2013-12-09 23:21 - 00002127 _____ () C:\Windows\epplauncher.mif
2015-05-23 09:44 - 2014-11-11 22:35 - 00000000 ____D () C:\Users\w7\AppData\Roaming\360safe
2015-05-23 09:33 - 2015-02-09 10:14 - 00024088 _____ () C:\Windows\PFRO.log
2015-05-22 19:12 - 2009-04-22 08:17 - 00000000 ____D () C:\Windows\IME
2015-05-21 23:50 - 2009-08-15 20:34 - 00000000 ____D () C:\Users\w7
2015-05-21 22:45 - 2015-04-10 18:00 - 00001111 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-05-21 22:45 - 2014-11-11 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-05-21 21:52 - 2015-04-10 18:01 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-05-21 18:10 - 2014-11-11 22:33 - 00000000 ____D () C:\ProgramData\360safe
2015-05-18 12:20 - 2014-11-11 22:34 - 00065608 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-05-18 12:20 - 2014-11-11 22:32 - 00202312 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2015-05-17 22:20 - 2012-09-24 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-10-11 09:13 - 2014-10-11 09:03 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av_41834845_cpmtce9iomm1crdat73b_wd.exe
2014-10-11 09:13 - 2014-10-11 08:53 - 4714656 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_av___ws.exe
2013-06-26 20:04 - 2013-11-10 23:03 - 0003725 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-11-21 13:52 - 2013-11-21 15:18 - 0000004 _____ () C:\Users\w7\AppData\Roaming\Other.ico
2013-11-19 13:12 - 2013-11-22 15:59 - 0099147 _____ () C:\Users\w7\AppData\Local\ars.cache
2013-11-19 13:13 - 2013-11-22 15:59 - 0255589 _____ () C:\Users\w7\AppData\Local\census.cache
2013-11-19 12:29 - 2013-11-19 12:29 - 0000036 _____ () C:\Users\w7\AppData\Local\housecall.guid.cache
2012-09-24 23:59 - 2013-11-13 10:25 - 0007605 _____ () C:\Users\w7\AppData\Local\resmon.resmoncfg
2013-06-17 12:49 - 2013-06-17 12:51 - 0000352 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\w7\360TS_Setup.exe
C:\Users\w7\AdbeRdr933_de_DE.exe
C:\Users\w7\jxpiinstall.exe


Some files in TEMP:
====================
C:\Users\w7\AppData\Local\Temp\Quarantine.exe
C:\Users\w7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 00:50

==================== End of log ============================
An der zeitverzögerten Wiedergabe am Monitor meiner Eingaben hat sich leider noch nichts geändert (... dass ich ein bisschen "voraus"- schreibe, würde mich nicht so arg stören, blöd ist nur, dass er manchmal die ersten paar Buchstaben "vergisst" und irgendwo mitten im Wort beginnt ...)

Vielen Dank für deine Mühe!
norxi

schrauber 29.05.2015 07:01
Java updaten. Graka Treiber updaten. Und vor allem WIndows updaten, da fehlen 4 Jahre Updates inkl Servicepack.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131