dhl trojaner- Vista - gewerblich - war schon aktiv

HerrOK · 18.03.2015, 18:56

Hallo
es geht um einen gewerblich genützten Rechner, Vista serviceapck 2, Avira prof.
da eine packetsendung erwartet wird hat jemand angeklickt. Die Bank gab Bescheid weil der Trojaner "ein Formular nicht richtig ausgefüllt hat"
hier nun die logfiles etc. Namen wurden durch *** überschrieben
Danke und gruesse
avira:

Code:

ATTFilter

Avira Professional Security
Erstellungsdatum der Reportdatei: Mittwoch, 18. März 2015  12:00


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : B***** GmbH
Seriennummer   : 2228591928-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : PC101

Versionsinformationen:
BUILD.DAT      : 14.0.8.532     94015 Bytes  24.02.2015 09:43:00
AVSCAN.EXE     : 14.0.8.532   1015032 Bytes  04.03.2015 08:33:22
AVSCANRC.DLL   : 14.0.8.450     65272 Bytes  04.03.2015 08:33:23
LUKE.DLL       : 14.0.8.532     59696 Bytes  04.03.2015 08:33:39
AVSCPLR.DLL    : 14.0.8.450     93488 Bytes  04.03.2015 08:33:24
REPAIR.DLL     : 14.0.8.532    365360 Bytes  04.03.2015 08:33:21
REPAIR.RDF     : 1.0.6.46      805594 Bytes  17.03.2015 12:42:23
AVREG.DLL      : 14.0.8.532    264496 Bytes  04.03.2015 08:33:20
AVLODE.DLL     : 14.0.8.532    583472 Bytes  04.03.2015 08:33:19
AVLODE.RDF     : 14.0.4.54      78895 Bytes  05.12.2014 14:47:46
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:55
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 10:41:56
XBV00165.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:04
XBV00166.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:04
XBV00167.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00168.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00169.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00170.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00171.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00172.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00173.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00174.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00175.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00176.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00177.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00178.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00179.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00180.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00181.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00182.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00183.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00184.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00185.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00186.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00187.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00188.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00189.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00190.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00191.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00192.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00193.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00194.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00195.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00196.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:05
XBV00197.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00198.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00199.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00200.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00201.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00202.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00203.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00204.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00205.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00206.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00207.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00208.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00209.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00210.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00211.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00212.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00213.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00214.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00215.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00216.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00217.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00218.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00219.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00220.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00221.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00222.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00223.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00224.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00225.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00226.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:06
XBV00227.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00228.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00229.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00230.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00231.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00232.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00233.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00234.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00235.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00236.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00237.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00238.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00239.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00240.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00241.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00242.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00243.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00244.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00245.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00246.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00247.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00248.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00249.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00250.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00251.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00252.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00253.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00254.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00255.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 11:42:07
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:00:13
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 17:33:38
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 17:33:41
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 11:14:32
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 10:50:08
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 09:11:56
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 11:47:26
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 10:23:31
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 10:41:55
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 09:49:39
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 10:46:09
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 11:52:01
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 10:51:13
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 11:52:32
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 11:49:10
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 04:33:07
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 11:42:00
XBV00042.VDF   : 8.11.213.202     3584 Bytes  05.03.2015 11:42:00
XBV00043.VDF   : 8.11.213.204     2048 Bytes  05.03.2015 11:42:00
XBV00044.VDF   : 8.11.213.230    40960 Bytes  05.03.2015 14:42:04
XBV00045.VDF   : 8.11.214.2     29184 Bytes  05.03.2015 04:40:27
XBV00046.VDF   : 8.11.214.28    25088 Bytes  05.03.2015 04:40:28
XBV00047.VDF   : 8.11.214.30    14848 Bytes  05.03.2015 04:40:28
XBV00048.VDF   : 8.11.214.32     3072 Bytes  05.03.2015 04:40:28
XBV00049.VDF   : 8.11.214.34     2048 Bytes  06.03.2015 04:40:28
XBV00050.VDF   : 8.11.214.38    39424 Bytes  06.03.2015 06:40:29
XBV00051.VDF   : 8.11.214.40     6656 Bytes  06.03.2015 08:40:29
XBV00052.VDF   : 8.11.214.42     4608 Bytes  06.03.2015 08:40:29
XBV00053.VDF   : 8.11.214.44     5120 Bytes  06.03.2015 10:40:29
XBV00054.VDF   : 8.11.214.46    23552 Bytes  06.03.2015 11:40:35
XBV00055.VDF   : 8.11.214.48     3072 Bytes  06.03.2015 13:40:29
XBV00056.VDF   : 8.11.214.50    25600 Bytes  06.03.2015 13:40:29
XBV00057.VDF   : 8.11.214.72     2048 Bytes  06.03.2015 13:40:29
XBV00058.VDF   : 8.11.214.92    48128 Bytes  06.03.2015 04:48:15
XBV00059.VDF   : 8.11.214.112    12800 Bytes  06.03.2015 04:48:15
XBV00060.VDF   : 8.11.214.114     2560 Bytes  06.03.2015 04:48:15
XBV00061.VDF   : 8.11.214.136    32256 Bytes  06.03.2015 04:48:15
XBV00062.VDF   : 8.11.214.138     2048 Bytes  06.03.2015 04:48:15
XBV00063.VDF   : 8.11.214.140     2048 Bytes  07.03.2015 04:48:15
XBV00064.VDF   : 8.11.214.144    34304 Bytes  07.03.2015 10:48:12
XBV00065.VDF   : 8.11.214.146     2048 Bytes  07.03.2015 10:48:12
XBV00066.VDF   : 8.11.214.168    33792 Bytes  07.03.2015 04:42:32
XBV00067.VDF   : 8.11.214.188    71168 Bytes  08.03.2015 04:42:32
XBV00068.VDF   : 8.11.214.190     2048 Bytes  08.03.2015 04:42:32
XBV00069.VDF   : 8.11.214.192     2048 Bytes  08.03.2015 04:42:32
XBV00070.VDF   : 8.11.214.212     2048 Bytes  08.03.2015 04:42:32
XBV00071.VDF   : 8.11.214.232    28672 Bytes  08.03.2015 04:42:32
XBV00072.VDF   : 8.11.214.252    69120 Bytes  09.03.2015 06:42:33
XBV00073.VDF   : 8.11.215.14     3584 Bytes  09.03.2015 07:42:32
XBV00074.VDF   : 8.11.215.32     7168 Bytes  09.03.2015 09:42:32
XBV00075.VDF   : 8.11.215.50    12800 Bytes  09.03.2015 12:42:35
XBV00076.VDF   : 8.11.215.52     5120 Bytes  09.03.2015 12:42:35
XBV00077.VDF   : 8.11.215.70    17920 Bytes  09.03.2015 15:42:36
XBV00078.VDF   : 8.11.215.90     2048 Bytes  09.03.2015 15:42:36
XBV00079.VDF   : 8.11.215.110     2048 Bytes  09.03.2015 15:42:36
XBV00080.VDF   : 8.11.215.132    29696 Bytes  09.03.2015 04:50:19
XBV00081.VDF   : 8.11.215.134    11264 Bytes  09.03.2015 04:50:19
XBV00082.VDF   : 8.11.215.136    11264 Bytes  09.03.2015 04:50:19
XBV00083.VDF   : 8.11.215.138    12288 Bytes  10.03.2015 06:50:19
XBV00084.VDF   : 8.11.215.140    35840 Bytes  10.03.2015 06:50:19
XBV00085.VDF   : 8.11.215.158     6144 Bytes  10.03.2015 08:50:22
XBV00086.VDF   : 8.11.215.174     5632 Bytes  10.03.2015 08:50:22
XBV00087.VDF   : 8.11.215.190     8704 Bytes  10.03.2015 09:50:23
XBV00088.VDF   : 8.11.215.206    19968 Bytes  10.03.2015 11:50:18
XBV00089.VDF   : 8.11.215.222    12800 Bytes  10.03.2015 13:50:23
XBV00090.VDF   : 8.11.215.226     2048 Bytes  10.03.2015 13:50:23
XBV00091.VDF   : 8.11.215.230    14336 Bytes  10.03.2015 15:50:22
XBV00092.VDF   : 8.11.215.234    26112 Bytes  10.03.2015 04:44:55
XBV00093.VDF   : 8.11.215.236    11776 Bytes  10.03.2015 04:44:55
XBV00094.VDF   : 8.11.215.240    22016 Bytes  11.03.2015 07:44:57
XBV00095.VDF   : 8.11.215.242     2048 Bytes  11.03.2015 07:44:57
XBV00096.VDF   : 8.11.215.244     2048 Bytes  11.03.2015 07:44:57
XBV00097.VDF   : 8.11.216.4      7680 Bytes  11.03.2015 10:44:55
XBV00098.VDF   : 8.11.216.20    12800 Bytes  11.03.2015 10:44:55
XBV00099.VDF   : 8.11.216.36    19968 Bytes  11.03.2015 12:44:54
XBV00100.VDF   : 8.11.216.52     2560 Bytes  11.03.2015 15:44:54
XBV00101.VDF   : 8.11.216.54    22016 Bytes  11.03.2015 17:44:55
XBV00102.VDF   : 8.11.216.56     8192 Bytes  11.03.2015 05:30:52
XBV00103.VDF   : 8.11.216.58     4608 Bytes  11.03.2015 05:30:52
XBV00104.VDF   : 8.11.216.60    16896 Bytes  11.03.2015 05:30:52
XBV00105.VDF   : 8.11.216.76    14336 Bytes  11.03.2015 05:30:52
XBV00106.VDF   : 8.11.216.90    30208 Bytes  11.03.2015 05:30:52
XBV00107.VDF   : 8.11.216.104     5632 Bytes  12.03.2015 05:30:52
XBV00108.VDF   : 8.11.216.118     6656 Bytes  12.03.2015 06:30:50
XBV00109.VDF   : 8.11.216.120    24576 Bytes  12.03.2015 06:30:50
XBV00110.VDF   : 8.11.216.122    16896 Bytes  12.03.2015 05:52:20
XBV00111.VDF   : 8.11.216.124     2048 Bytes  12.03.2015 05:52:20
XBV00112.VDF   : 8.11.216.138    16896 Bytes  12.03.2015 05:52:20
XBV00113.VDF   : 8.11.216.140     2048 Bytes  12.03.2015 05:52:20
XBV00114.VDF   : 8.11.216.154     3584 Bytes  12.03.2015 05:52:20
XBV00115.VDF   : 8.11.216.168     2048 Bytes  12.03.2015 05:52:20
XBV00116.VDF   : 8.11.216.182    70144 Bytes  12.03.2015 05:52:20
XBV00117.VDF   : 8.11.216.196     2048 Bytes  13.03.2015 05:52:20
XBV00118.VDF   : 8.11.216.200    46080 Bytes  13.03.2015 05:52:20
XBV00119.VDF   : 8.11.216.214    11776 Bytes  13.03.2015 07:52:19
XBV00120.VDF   : 8.11.216.228     4096 Bytes  13.03.2015 08:52:16
XBV00121.VDF   : 8.11.216.242     2560 Bytes  13.03.2015 11:52:17
XBV00122.VDF   : 8.11.216.254     2560 Bytes  13.03.2015 11:52:17
XBV00123.VDF   : 8.11.217.10     7680 Bytes  13.03.2015 15:52:18
XBV00124.VDF   : 8.11.217.14     2048 Bytes  13.03.2015 15:52:18
XBV00125.VDF   : 8.11.217.16    24576 Bytes  13.03.2015 04:37:16
XBV00126.VDF   : 8.11.217.22    17408 Bytes  13.03.2015 04:37:16
XBV00127.VDF   : 8.11.217.24     2048 Bytes  13.03.2015 04:37:16
XBV00128.VDF   : 8.11.217.26     2048 Bytes  13.03.2015 04:37:16
XBV00129.VDF   : 8.11.217.28    15872 Bytes  13.03.2015 04:37:16
XBV00130.VDF   : 8.11.217.42    84480 Bytes  14.03.2015 04:43:49
XBV00131.VDF   : 8.11.217.54     2048 Bytes  14.03.2015 04:43:49
XBV00132.VDF   : 8.11.217.66     2048 Bytes  14.03.2015 04:43:49
XBV00133.VDF   : 8.11.217.78    19456 Bytes  14.03.2015 04:43:49
XBV00134.VDF   : 8.11.217.90    71680 Bytes  15.03.2015 04:43:49
XBV00135.VDF   : 8.11.217.102     2048 Bytes  15.03.2015 04:43:49
XBV00136.VDF   : 8.11.217.124     6656 Bytes  15.03.2015 04:43:49
XBV00137.VDF   : 8.11.217.136    76800 Bytes  16.03.2015 06:43:48
XBV00138.VDF   : 8.11.217.146     3584 Bytes  16.03.2015 09:43:48
XBV00139.VDF   : 8.11.217.156     3584 Bytes  16.03.2015 09:43:48
XBV00140.VDF   : 8.11.217.166     4096 Bytes  16.03.2015 09:43:48
XBV00141.VDF   : 8.11.217.176    12288 Bytes  16.03.2015 11:43:45
XBV00142.VDF   : 8.11.217.186    13312 Bytes  16.03.2015 04:42:16
XBV00143.VDF   : 8.11.217.188    24064 Bytes  16.03.2015 04:42:16
XBV00144.VDF   : 8.11.217.194     7680 Bytes  16.03.2015 04:42:16
XBV00145.VDF   : 8.11.217.198    31232 Bytes  16.03.2015 04:42:16
XBV00146.VDF   : 8.11.217.208    13824 Bytes  16.03.2015 06:42:12
XBV00147.VDF   : 8.11.217.216     7680 Bytes  16.03.2015 06:42:13
XBV00148.VDF   : 8.11.217.224     2048 Bytes  17.03.2015 06:42:13
XBV00149.VDF   : 8.11.217.232    23552 Bytes  17.03.2015 06:42:13
XBV00150.VDF   : 8.11.217.240     7168 Bytes  17.03.2015 07:42:18
XBV00151.VDF   : 8.11.217.242     9216 Bytes  17.03.2015 09:42:14
XBV00152.VDF   : 8.11.217.244    13824 Bytes  17.03.2015 09:42:14
XBV00153.VDF   : 8.11.217.252     4608 Bytes  17.03.2015 13:42:18
XBV00154.VDF   : 8.11.218.4     10240 Bytes  17.03.2015 13:42:18
XBV00155.VDF   : 8.11.218.6     12800 Bytes  17.03.2015 13:42:18
XBV00156.VDF   : 8.11.218.16    14848 Bytes  17.03.2015 04:42:50
XBV00157.VDF   : 8.11.218.20     2048 Bytes  17.03.2015 04:42:50
XBV00158.VDF   : 8.11.218.28     4096 Bytes  17.03.2015 04:42:50
XBV00159.VDF   : 8.11.218.30    25600 Bytes  17.03.2015 04:42:50
XBV00160.VDF   : 8.11.218.32     2048 Bytes  17.03.2015 04:42:50
XBV00161.VDF   : 8.11.218.34    18432 Bytes  17.03.2015 04:42:50
XBV00162.VDF   : 8.11.218.38    26112 Bytes  18.03.2015 06:42:51
XBV00163.VDF   : 8.11.218.46     4096 Bytes  18.03.2015 08:42:49
XBV00164.VDF   : 8.11.218.52     3584 Bytes  18.03.2015 09:42:55
LOCAL001.VDF   : 8.11.218.52 124751872 Bytes  18.03.2015 09:43:20
Engineversion  : 8.3.30.2  
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 13:09:08
AESCRIPT.DLL   : 8.2.2.58      560248 Bytes  17.03.2015 10:42:27
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 10:42:58
AESBX.DLL      : 8.2.20.34    1615784 Bytes  04.03.2015 11:33:12
AERDL.DLL      : 8.2.1.20      731040 Bytes  11.02.2015 13:52:17
AEPACK.DLL     : 8.4.0.62      793456 Bytes  20.02.2015 16:11:22
AEOFFICE.DLL   : 8.3.1.14      354216 Bytes  10.03.2015 11:50:17
AEMOBILE.DLL   : 8.1.7.0       281456 Bytes  10.03.2015 11:50:18
AEHEUR.DLL     : 8.1.4.1578   8137584 Bytes  06.03.2015 11:40:35
AEHELP.DLL     : 8.3.1.0       278728 Bytes  12.06.2014 10:23:19
AEGEN.DLL      : 8.1.7.40      456608 Bytes  19.12.2014 11:52:10
AEEXP.DLL      : 8.4.2.70      255904 Bytes  06.02.2015 10:51:48
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 13:41:52
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  10.03.2015 11:50:18
AECORE.DLL     : 8.3.4.0       243624 Bytes  16.12.2014 14:51:28
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 13:41:51
AVWINLL.DLL    : 14.0.8.532     25904 Bytes  04.03.2015 08:33:13
AVPREF.DLL     : 14.0.8.532     52984 Bytes  04.03.2015 08:33:20
AVREP.DLL      : 14.0.8.532    220464 Bytes  04.03.2015 08:33:21
AVARKT.DLL     : 14.0.8.532    228088 Bytes  04.03.2015 08:33:15
AVEVTLOG.DLL   : 14.0.8.532    184568 Bytes  04.03.2015 08:33:16
SQLITE3.DLL    : 14.0.8.532    453936 Bytes  04.03.2015 08:33:42
AVSMTP.DLL     : 14.0.8.532     79096 Bytes  04.03.2015 08:33:24
NETNT.DLL      : 14.0.8.532     16120 Bytes  04.03.2015 08:33:40
RCIMAGE.DLL    : 14.0.8.450   5069616 Bytes  04.03.2015 08:33:13
RCTEXT.DLL     : 14.0.8.502     76080 Bytes  04.03.2015 08:33:14

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 18. März 2015  12:00

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SFAutomat.Exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'WkDetect.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\B*****\AppData\Local\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}.exe
  [FUND]      Ist das Trojanische Pferd TR/Visucius.21

Die Registry wurde durchsucht ( '3093' Dateien ).


Beginne mit der Desinfektion:
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}> wurde erfolgreich entfernt.
C:\Users\B*****\AppData\Local\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}.exe
  [FUND]      Ist das Trojanische Pferd TR/Visucius.21
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5188f85a.qua' verschoben!
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}> wurde erfolgreich repariert.


Ende des Suchlaufs: Mittwoch, 18. März 2015  12:04
Benötigte Zeit: 00:50 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   3686 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   3685 Dateien ohne Befall
     28 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

kann ich denn mehrer auf einmal schicken?
GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-18 18:45:04
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000052 360320AS_____________________________ rev.AM___ 335,35GB
Running: Gmer-19357.exe; Driver: C:\Users\B*****\AppData\Local\Temp\pgldapog.sys


---- System - GMER 2.1 ----

SSDT   8A240E2E                                                                                     ZwCreateSection
SSDT   8A240E06                                                                                     ZwCreateSymbolicLinkObject
SSDT   8A240E0B                                                                                     ZwLoadDriver
SSDT   8A240E01                                                                                     ZwOpenSection
SSDT   8A240E38                                                                                     ZwRequestWaitReplyPort
SSDT   8A240E33                                                                                     ZwSetContextThread
SSDT   8A240E3D                                                                                     ZwSetSecurityObject
SSDT   8A240E10                                                                                     ZwSetSystemInformation
SSDT   8A240E42                                                                                     ZwSystemDebugControl
SSDT   8A240DCF                                                                                     ZwTerminateProcess
SSDT   8A240DCA                                                                                     ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                820ED7D8 4 Bytes  [2E, 0E, 24, 8A] {PUSH CS; AND AL, 0x8a}
.text  ntkrnlpa.exe!KeSetEvent + 21D                                                                820ED7E0 4 Bytes  [06, 0E, 24, 8A] {PUSH ES; PUSH CS; AND AL, 0x8a}
.text  ntkrnlpa.exe!KeSetEvent + 37D                                                                820ED940 4 Bytes  [0B, 0E, 24, 8A] {OR ECX, [ESI]; AND AL, 0x8a}
.text  ntkrnlpa.exe!KeSetEvent + 3FD                                                                820ED9C0 4 Bytes  [01, 0E, 24, 8A] {ADD [ESI], ECX; AND AL, 0x8a}
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                820EDAFC 4 Bytes  [38, 0E, 24, 8A] {CMP [ESI], CL; AND AL, 0x8a}
.text  ...                                                                                          
.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                     section is writeable [0x8C405340, 0x33F6F7, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!EnableWindow                770ACD8B 5 Bytes  JMP 6D8CA2AC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxParamW             770D10B0 5 Bytes  JMP 6D82190B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxIndirectParamW     770D2EF5 5 Bytes  JMP 6DA1EA9A C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxParamA             770E8152 5 Bytes  JMP 6DA1EA35 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxIndirectParamA     770E847D 5 Bytes  JMP 6DA1EAFF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxIndirectA         770FD4D9 5 Bytes  JMP 6DA1E9BC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxIndirectW         770FD5D3 5 Bytes  JMP 6DA1E943 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxExA               770FD639 5 Bytes  JMP 6DA1E8DF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxExW               770FD65D 5 Bytes  JMP 6DA1E87B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] ntdll.dll!RtlExitUserThread            77821CFB 5 Bytes  JMP 6DA1F0EC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] kernel32.dll!TerminateThread           75F644DB 5 Bytes  JMP 6DA1F105 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] kernel32.dll!CreateThread              75F6CBEE 5 Bytes  JMP 6D8874FB C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogParamW          770A72A2 5 Bytes  JMP 6DA1EE04 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!GetAsyncKeyState            770A863C 5 Bytes  JMP 6D86DEC5 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetWindowsHookExW           770A87AD 5 Bytes  JMP 6D8C298C C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CallNextHookEx              770A8E3B 5 Bytes  JMP 6D8E7CCF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!UnhookWindowsHookEx         770A98DB 5 Bytes  JMP 6D90E230 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!EnableWindow                770ACD8B 5 Bytes  JMP 6D8CA2AC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DefWindowProcA              770ADB88 7 Bytes  JMP 6D88972D C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExA             770ADC2A 5 Bytes  JMP 6D89354B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExW             770B1305 5 Bytes  JMP 6D8F005B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!GetKeyState                 770B8CB1 5 Bytes  JMP 6D86DD9B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DefWindowProcW              770C03B4 7 Bytes  JMP 6D8E7D32 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!IsDialogMessageW            770C0745 5 Bytes  JMP 6DA1F5D7 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogParamA          770C17AA 5 Bytes  JMP 6DA1EDCC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!IsDialogMessage             770C1847 5 Bytes  JMP 6DA1F5AF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogIndirectParamA  770C26F1 5 Bytes  JMP 6DA1EE3C C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogIndirectParamW  770C9A62 5 Bytes  JMP 6DA1EE74 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetKeyboardState            770D0987 5 Bytes  JMP 6DA1FEC9 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamW             770D10B0 5 Bytes  JMP 6D82190B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamW     770D2EF5 5 Bytes  JMP 6DA1EA9A C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SendInput                   770D2F75 5 Bytes  JMP 6DA1FE71 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!EndDialog                   770D326E 5 Bytes  JMP 6DA1F883 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetCursorPos                770E6FB2 5 Bytes  JMP 6DA1FF4A C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamA             770E8152 5 Bytes  JMP 6DA1EA35 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamA     770E847D 5 Bytes  JMP 6DA1EAFF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectA         770FD4D9 5 Bytes  JMP 6DA1E9BC C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectW         770FD5D3 5 Bytes  JMP 6DA1E943 C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExA               770FD639 5 Bytes  JMP 6DA1E8DF C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExW               770FD65D 5 Bytes  JMP 6DA1E87B C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!keybd_event                 770FD972 5 Bytes  JMP 6DA1FE2E C:\Windows\system32\IEFRAME.dll
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] SHELL32.dll!SHRestricted + D95         766088D8 4 Bytes  [CF, 01, 0E, 6D] {IRET ; ADD [ESI], ECX; INS DWORD [ES:EDI], DX}
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] SHELL32.dll!SHRestricted + D9D         766088E0 8 Bytes  [E0, 61, 0D, 6D, 79, F7, 0D, ...] {LOOPNZ 0x63; OR EAX, 0xdf7796d; INS DWORD [ES:EDI], DX}
.text  C:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!OleLoadFromStream            776B1E80 5 Bytes  JMP 6DA1F2E1 C:\Windows\system32\IEFRAME.dll

---- EOF - GMER 2.1 ----

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:15 on 18/03/2015 (B******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by B***** at 2015-03-18 17:29:47
Running from C:\Users\B*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.8.532 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Dropbox (HKU\S-1-5-21-2550521-3271785228-4015257772-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.0.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDCleaner (HKLM\...\HDCleaner) (Version:  - )
IBM iSeries Access für Windows (HKLM\...\ClientAccessExpress) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Standard (HKLM\...\{91120407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6.0 (HKLM\...\{D0AC6844-79D4-11D4-AFEE-00C04F443448}) (Version: 06.00.0000 - Microsoft Corporation)
Mozilla Firefox 6.0.2 (x86 de) (HKLM\...\Mozilla Firefox 6.0.2 (x86 de)) (Version: 6.0.2 - Mozilla)
Mozilla Thunderbird (7.0.1) (HKLM\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571031}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org Installer 1.0 (HKLM\...\{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}) (Version: 1.0.9221 - Sun Microsystems)
Praktische Arbeitshilfe (HKLM\...\{FF2E73E1-D8D5-48BC-9517-A3CB199B0B86}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM\...\Samsung ML-1670 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SFirm (HKLM\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.5.250.5 - Star Finanz GmbH)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
TransDATA Professional, Version 2.1.4 (HKLM\...\TransDATA Professional_is1) (Version:  - AvenDATA GmbH)
VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version:  - Corel Corporation)
WordPerfect Office X3 (Version: 13.3 - Corel Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{52AFBCC2-EBAB-94C6-1603-BBB04F86678D}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{53B45807-A53D-57BC-9471-5C0C2D3EC539}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{7B43291D-AFF3-DDC8-C9C7-CDADB4C79744}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-02-2015 06:15:32 Geplanter Prüfpunkt
28-02-2015 06:49:19 Geplanter Prüfpunkt
02-03-2015 06:14:33 Geplanter Prüfpunkt
03-03-2015 06:06:56 Geplanter Prüfpunkt
04-03-2015 05:53:41 Geplanter Prüfpunkt
05-03-2015 06:19:16 Geplanter Prüfpunkt
06-03-2015 06:14:10 Geplanter Prüfpunkt
07-03-2015 06:08:53 Geplanter Prüfpunkt
09-03-2015 06:08:12 Geplanter Prüfpunkt
10-03-2015 06:11:00 Geplanter Prüfpunkt
11-03-2015 06:17:22 Geplanter Prüfpunkt
12-03-2015 06:33:53 Windows Update
13-03-2015 06:12:55 Geplanter Prüfpunkt
14-03-2015 06:15:05 Geplanter Prüfpunkt
16-03-2015 06:09:22 Geplanter Prüfpunkt
17-03-2015 06:02:43 Geplanter Prüfpunkt
18-03-2015 06:16:55 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00D91678-EE1A-44CC-BA22-C2A15CAF5295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {1B6CE553-D69A-43A6-9371-726A16608C6E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4D0F48CF-60B2-40B7-89FB-B9FEDCAB41A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {6BC3BA74-F132-4973-9EF3-3D7E084F292A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7043DF74-532B-4FA4-915C-E34E5FC1092F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D757272E-EBDF-4478-B3AA-9104901672A7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - B***** => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

first

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by B***** (administrator) on PC101 on 18-03-2015 17:32:17
Running from C:\Users\B*****\Desktop
Loaded Profiles: B****** (Available profiles: B******)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PSIService.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft® Corporation) C:\Program Files\Microsoft Works\WkDetect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\B*****\Desktop\2 - FRST.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [recinfo87] => c:\RecInfo\RecInfo.exe [2768896 2007-09-14] ()
HKLM\...\Run: [SfWinStartInfo] => C:\SFIRM32\sfWinStartupInfo.exe [144544 2012-07-24] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [311350 2000-07-12] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-07-21] (Microsoft® Corporation)
HKLM\...\Run: [Client Access Service] => C:\Program Files\IBM\Client Access\cwbsvstr.exe [20531 2006-12-04] (IBM Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [294912 2008-01-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2550521-3271785228-4015257772-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{B75D10ED-54E4-416D-9F67-1189758B6648}: [NameServer] 192.168.124.1

FireFox:
========
FF ProfilePath: C:\Users\Breckle\AppData\Roaming\Mozilla\Firefox\Profiles\669y21ee.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-13]
CHR Extension: (Google Drive) - C:\Users\B*****AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]
CHR Extension: (YouTube) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-13]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\B*****\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [804600 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [65585 2006-12-04] (IBM Corporation) [File not signed]
R2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc.              )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [6912 2006-02-07] (JMicron )
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [47872 2007-04-03] (JMicron Technology Corp.) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 17:29 - 2015-03-18 17:32 - 00013197 _____ () C:\Users\B*****\Desktop\FRST.txt
2015-03-18 17:29 - 2015-03-18 17:30 - 00012458 _____ () C:\Users\B*****\Desktop\Addition.txt
2015-03-18 17:26 - 2015-03-18 13:10 - 01135104 _____ (Farbar) C:\Users\B*****Desktop\2 - FRST.exe
2015-03-18 17:26 - 2015-03-18 13:09 - 00050477 _____ () C:\Users\B*****\Desktop\1 - Defogger.exe
2015-03-18 17:26 - 2015-03-18 13:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\B*****\Desktop\tdsskiller.exe
2015-03-18 17:26 - 2015-03-18 12:58 - 16502728 _____ (Malwarebytes Corp.) C:\Users\B*****\Desktop\mbar-1.09.1.1004.exe
2015-03-18 17:25 - 2015-03-18 17:16 - 00000476 _____ () C:\Users\B*****\Desktop\defogger_disable.log
2015-03-18 17:25 - 2015-03-18 14:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\B*****\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-18 17:25 - 2015-03-18 13:13 - 00000239 _____ () C:\Users\B*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url
2015-03-18 17:25 - 2015-03-18 12:01 - 00000218 _____ () C:\Users\B*****\Desktop\Entfernen von DHL-Trojaner - Seite 4 - Trojaner-Board.url
2015-03-18 17:17 - 2015-03-18 17:32 - 00000000 ____D () C:\FRST
2015-03-18 17:15 - 2015-03-18 17:15 - 00000000 _____ () C:\Users\B*****\defogger_reenable
2015-03-18 14:45 - 2015-03-18 14:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 14:44 - 2015-03-18 14:44 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-18 14:44 - 2015-03-18 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-18 14:44 - 2015-03-18 14:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-18 14:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 14:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 14:44 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 14:01 - 2015-03-18 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-18 14:00 - 2015-03-18 14:29 - 00000000 ____D () C:\Users\B*****\Desktop\mbar
2015-03-18 13:45 - 2015-03-18 17:17 - 00000000 ____D () C:\Users\B*****\Desktop\dhl scheisse
2015-03-12 06:56 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 06:56 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 06:56 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 06:42 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 06:40 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:27 - 2015-03-18 16:23 - 00000000 ____D () C:\Users\B*****\Desktop\FSC
2015-03-11 05:52 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 05:52 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 05:52 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 05:52 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 05:52 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 05:52 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 05:52 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 05:52 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 05:52 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 05:52 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 05:52 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 05:52 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 05:52 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 16:06 - 2015-03-04 16:06 - 00000000 ____D () C:\Users\B*****\AppData\Local\elfopatch
2015-03-04 13:31 - 2015-03-04 13:31 - 00028084 _____ () C:\Users\B*****\UStVA2015_01_Januar_B*****_GmbH_Benninger_Bettsysteme.elfo
2015-03-04 13:24 - 2015-03-04 13:24 - 00022148 _____ () C:\Users\B*****\UStVA2015_02_Februar_Friedrich_B*****.elfo
2015-03-03 06:49 - 2015-03-03 06:49 - 00020836 _____ () C:\Users\B*****\UStVA2015_02_Februar_Grundstücksgemeinschaft_B*****.elfo
2015-03-03 06:46 - 2015-03-03 06:46 - 00020004 _____ () C:\Users\B*****\UStVA2015_02_Februar_B*****_GBR.elfo
2015-02-17 09:58 - 2015-02-17 09:58 - 00034816 _____ () C:\Users\B*****\Desktop\Kopie von Kfz_Kurzfragebogen.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 17:22 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:22 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:17 - 2013-10-23 17:00 - 00000000 ___RD () C:\Users\B*****\Dropbox
2015-03-18 17:15 - 2007-10-12 16:43 - 00000000 ____D () C:\Users\B*****
2015-03-18 16:56 - 2013-11-13 13:57 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 16:49 - 2014-08-10 14:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 16:23 - 2007-10-12 16:33 - 01425066 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 15:45 - 2013-10-23 16:57 - 00000000 ____D () C:\Users\B*****\AppData\Roaming\Dropbox
2015-03-18 15:19 - 2007-10-12 21:16 - 00000000 ____D () C:\SFIRM32
2015-03-18 15:16 - 2013-11-13 13:57 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 15:16 - 2007-09-17 16:13 - 00359112 _____ () C:\Windows\PFRO.log
2015-03-18 15:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 15:15 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-18 13:46 - 2006-11-02 11:33 - 01564930 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 11:16 - 2011-07-15 13:55 - 00000000 ____D () C:\Scan
2015-03-17 16:20 - 2007-10-12 17:00 - 00000000 ____D () C:\Users\B*****\Desktop\Listen,Größe Dormiente
2015-03-17 11:38 - 2009-02-25 12:18 - 00000000 ____D () C:\Users\B*****\Desktop\Kundenspezifische Aufkleber
2015-03-16 13:08 - 2013-10-23 16:58 - 00000000 ____D () C:\Users\B*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-16 11:29 - 2007-10-12 18:44 - 00000000 ____D () C:\Program Files\Praktische Arbeitshilfe
2015-03-13 16:40 - 2013-12-20 10:49 - 00000000 ____D () C:\Users\B*****\Desktop\Rhenus Speditionsauftrag
2015-03-13 06:51 - 2007-10-12 17:00 - 00000000 ____D () C:\Users\B*****\Desktop\Toll collect
2015-03-12 07:10 - 2006-11-02 13:47 - 00360048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:56 - 2013-08-16 04:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 06:45 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 14:56 - 2007-10-12 16:59 - 00000000 ____D () C:\Users\B*****\Desktop\Buchhaltung
2015-03-10 13:06 - 2007-10-12 16:59 - 00000000 ____D () C:\Users\B*****\Desktop\JPEG BILDER
2015-03-04 16:06 - 2007-10-12 18:42 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-04 09:33 - 2013-05-30 18:16 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 09:33 - 2013-05-30 18:16 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-17 12:13 - 2009-02-09 15:21 - 00102424 _____ () C:\Users\B*****\AppData\Roaming\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2007-10-12 18:33 - 2007-10-12 18:33 - 0024206 _____ () C:\Users\B*****\AppData\Roaming\UserTile.png
2007-10-13 13:37 - 2014-01-11 13:08 - 0014336 _____ () C:\Users\B*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-10-12 18:41 - 2007-10-12 18:41 - 0000305 _____ () C:\ProgramData\addr_file.html

Some content of TEMP:
====================
C:\Users\B*****\AppData\Local\Temp\APNSetup.exe
C:\Users\B*****\AppData\Local\Temp\avgnt.exe
C:\Users\B*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr1fqpi.dll
C:\Users\B*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\B*****\AppData\Local\Temp\shmcapture_3944_1.exe
C:\Users\B*****\AppData\Local\Temp\shmcapture_5136_1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 15:22

==================== End Of Log ============================

--- --- ---

schrauber · 18.03.2015, 19:02

Hi,

Regeln für gewerbliche Rechner gelesen?
http://www.trojaner-board.de/108422-...-anfragen.html

HerrOK · 18.03.2015, 19:10

wir sind ein ein Unternehmen mit 2 Verwaltungsangestellten, entsprechend groß ist auch unsere IT Abteilung
herzlichen Dank für die freundliche Hilfe

Gruesse

schrauber · 19.03.2015, 09:47

Zitat:

entsprechend groß ist auch unsere IT Abteilung

Ich deute das mal als Ironie, ergo keine IT Abteilung

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

HerrOK · 19.03.2015, 10:56

Herzlichen Dank der freundlichen Antwort

[QUOTE=HerrOK;1443422] 2 Verwaltungsangestellten, entsprechend groß ist auch unsere IT Abteilung
/QUOTE]

war durchaus ernst gemeint, wobei das Ergebniss dasselbe ist
2 Verwalter sind 2mal Teilzeit plus Scheffin.
"IT-Zahl" entsprechend der "Angestelltenzahl" ergibt Null.

die logfiles kann ich erst am Abend spät posten, ein Durchlauf gestern Abend (die 2 Versionen Malwarebites und TDSS) ergaben keine Funde.
zur Zeit (seit gestern spät Abends) läuft ein Antivir Suchlauf. Wobei leider nebenbei noch auf dem Rechner einige wenige Arbeiten gemacht werden müssen.
gruesse

schrauber · 19.03.2015, 21:00

Ok

HerrOK · 19.03.2015, 21:29

bin etwas verunsichert. Der Antivirsuchlauf geht seit gestern Abend und ist jetzt (21.27h) auf knapp 20%. Bis morgen geb ich ihm noch....

schrauber · 20.03.2015, 06:46

Dann schalte den Mist ab, der Scan bringt doch eh nix.

HerrOK · 23.03.2015, 12:24

so nun hier die logfile von mbar -- KEINE FUNDE-- wie auch schon beim früheren Durchlauf
tdss kommt noch
antivir hat folgende gefunden und in Quarantäne gesperrt:
TR/geldag.1
TR/Rogue.A.D.605605
TR/Visucius.21

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.22.05
  rootkit: v2015.02.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
B***** :: PC101 [administrator]

22.03.2015 19:52:09
mbar-log-2015-03-22 (19-52-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 35
Time elapsed: 1 minute(s), 1 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

nun tdss- - wieder nichts gefunden

Code:

ATTFilter

20:33:30.0540 0x0b8c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:33:37.0055 0x0b8c  ============================================================
20:33:37.0055 0x0b8c  Current date / time: 2015/03/22 20:33:37.0055
20:33:37.0055 0x0b8c  SystemInfo:
20:33:37.0055 0x0b8c  
20:33:37.0055 0x0b8c  OS Version: 6.0.6002 ServicePack: 2.0
20:33:37.0055 0x0b8c  Product type: Workstation
20:33:37.0055 0x0b8c  ComputerName: PC101
20:33:37.0055 0x0b8c  UserName: B*****
20:33:37.0055 0x0b8c  Windows directory: C:\Windows
20:33:37.0055 0x0b8c  System windows directory: C:\Windows
20:33:37.0055 0x0b8c  Processor architecture: Intel x86
20:33:37.0055 0x0b8c  Number of processors: 2
20:33:37.0055 0x0b8c  Page size: 0x1000
20:33:37.0055 0x0b8c  Boot type: Normal boot
20:33:37.0055 0x0b8c  ============================================================
20:33:51.0290 0x0b8c  KLMD registered as C:\Windows\system32\drivers\07972767.sys
20:33:51.0586 0x0b8c  System UUID: {240D7A20-26A4-3C41-B39D-BF6844AD97EE}
20:33:52.0305 0x0b8c  !crdlk
20:33:52.0321 0x0b8c  Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 ( 335.35 Gb ), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:33:52.0352 0x0b8c  ============================================================
20:33:52.0352 0x0b8c  \Device\Harddisk0\DR0:
20:33:52.0368 0x0b8c  MBR partitions:
20:33:52.0368 0x0b8c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1B0D0000
20:33:52.0368 0x0b8c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C840800, BlocksNum 0xD672800
20:33:52.0368 0x0b8c  ============================================================
20:33:52.0399 0x0b8c  C: <-> \Device\Harddisk0\DR0\Partition1
20:33:52.0446 0x0b8c  D: <-> \Device\Harddisk0\DR0\Partition2
20:33:52.0446 0x0b8c  ============================================================
20:33:52.0446 0x0b8c  Initialize success
20:33:52.0446 0x0b8c  ============================================================
20:34:52.0305 0x0348  ============================================================
20:34:52.0305 0x0348  Scan started
20:34:52.0305 0x0348  Mode: Manual; 
20:34:52.0305 0x0348  ============================================================
20:34:52.0305 0x0348  KSN ping started
20:34:54.0977 0x0348  KSN ping finished: true
20:34:55.0915 0x0348  ================ Scan system memory ========================
20:34:55.0915 0x0348  System memory - ok
20:34:55.0915 0x0348  ================ Scan services =============================
20:34:56.0086 0x0348  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:34:56.0102 0x0348  ACPI - ok
20:34:56.0227 0x0348  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:34:56.0227 0x0348  AdobeARMservice - ok
20:34:56.0290 0x0348  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:56.0305 0x0348  AdobeFlashPlayerUpdateSvc - ok
20:34:56.0383 0x0348  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:34:56.0399 0x0348  adp94xx - ok
20:34:56.0430 0x0348  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:34:56.0461 0x0348  adpahci - ok
20:34:56.0493 0x0348  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:34:56.0508 0x0348  adpu160m - ok
20:34:56.0540 0x0348  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:34:56.0540 0x0348  adpu320 - ok
20:34:56.0618 0x0348  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:34:56.0618 0x0348  AeLookupSvc - ok
20:34:56.0696 0x0348  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
20:34:56.0711 0x0348  AFD - ok
20:34:56.0758 0x0348  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:34:56.0758 0x0348  agp440 - ok
20:34:56.0790 0x0348  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:34:56.0790 0x0348  aic78xx - ok
20:34:56.0836 0x0348  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
20:34:56.0852 0x0348  ALG - ok
20:34:56.0883 0x0348  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:34:56.0883 0x0348  aliide - ok
20:34:56.0915 0x0348  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:34:56.0915 0x0348  amdagp - ok
20:34:56.0930 0x0348  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:34:56.0946 0x0348  amdide - ok
20:34:56.0961 0x0348  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:34:56.0961 0x0348  AmdK7 - ok
20:34:56.0977 0x0348  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:34:56.0977 0x0348  AmdK8 - ok
20:34:57.0071 0x0348  [ DFAD5A9E0C900A00E8B6A8308CCA347D, 1E899D092C7C9B0F6C043D25238BFF843F59F57E3FB9C861533524693D0AB070 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:34:57.0102 0x0348  AntiVirMailService - ok
20:34:57.0165 0x0348  [ EE4CD8B219CC3C0FA73982C2791819E2, 9A7CBDD5972B9E0365C91C6ED7F286196F70DD07C1379930FA62252D943BBF00 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:34:57.0180 0x0348  AntiVirSchedulerService - ok
20:34:57.0243 0x0348  [ EE4CD8B219CC3C0FA73982C2791819E2, 9A7CBDD5972B9E0365C91C6ED7F286196F70DD07C1379930FA62252D943BBF00 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:34:57.0258 0x0348  AntiVirService - ok
20:34:57.0321 0x0348  [ 2EE6ED2CD8CEBB954B1CA2C04C8BD203, F835C59447B2EAD69BB694E16E11DE286805F1BAD17875E2CA408211F7E2F865 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:34:57.0368 0x0348  AntiVirWebService - ok
20:34:57.0399 0x0348  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
20:34:57.0415 0x0348  Appinfo - ok
20:34:57.0430 0x0348  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
20:34:57.0430 0x0348  arc - ok
20:34:57.0461 0x0348  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:34:57.0461 0x0348  arcsas - ok
20:34:57.0555 0x0348  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:34:57.0555 0x0348  aspnet_state - ok
20:34:57.0586 0x0348  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:57.0586 0x0348  AsyncMac - ok
20:34:57.0618 0x0348  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
20:34:57.0633 0x0348  atapi - ok
20:34:57.0680 0x0348  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:34:57.0696 0x0348  AudioEndpointBuilder - ok
20:34:57.0711 0x0348  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:34:57.0727 0x0348  Audiosrv - ok
20:34:57.0774 0x0348  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:34:57.0774 0x0348  avgntflt - ok
20:34:57.0805 0x0348  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:34:57.0821 0x0348  avipbb - ok
20:34:57.0852 0x0348  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:34:57.0852 0x0348  avkmgr - ok
20:34:57.0883 0x0348  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:34:57.0883 0x0348  Beep - ok
20:34:57.0930 0x0348  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
20:34:57.0946 0x0348  BFE - ok
20:34:58.0008 0x0348  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
20:34:58.0040 0x0348  BITS - ok
20:34:58.0055 0x0348  blbdrive - ok
20:34:58.0071 0x0348  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:34:58.0086 0x0348  bowser - ok
20:34:58.0102 0x0348  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:34:58.0102 0x0348  BrFiltLo - ok
20:34:58.0118 0x0348  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:34:58.0118 0x0348  BrFiltUp - ok
20:34:58.0149 0x0348  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
20:34:58.0149 0x0348  Browser - ok
20:34:58.0180 0x0348  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:34:58.0180 0x0348  Brserid - ok
20:34:58.0196 0x0348  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:34:58.0196 0x0348  BrSerWdm - ok
20:34:58.0211 0x0348  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:34:58.0211 0x0348  BrUsbMdm - ok
20:34:58.0227 0x0348  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:34:58.0227 0x0348  BrUsbSer - ok
20:34:58.0243 0x0348  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:34:58.0243 0x0348  BTHMODEM - ok
20:34:58.0274 0x0348  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:34:58.0290 0x0348  cdfs - ok
20:34:58.0305 0x0348  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:34:58.0321 0x0348  cdrom - ok
20:34:58.0352 0x0348  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
20:34:58.0352 0x0348  CertPropSvc - ok
20:34:58.0383 0x0348  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:34:58.0383 0x0348  circlass - ok
20:34:58.0399 0x0348  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
20:34:58.0430 0x0348  CLFS - ok
20:34:58.0493 0x0348  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:58.0493 0x0348  clr_optimization_v2.0.50727_32 - ok
20:34:58.0540 0x0348  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:58.0555 0x0348  clr_optimization_v4.0.30319_32 - ok
20:34:58.0571 0x0348  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:34:58.0571 0x0348  cmdide - ok
20:34:58.0602 0x0348  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:34:58.0602 0x0348  Compbatt - ok
20:34:58.0618 0x0348  COMSysApp - ok
20:34:58.0727 0x0348  cpuz134 - ok
20:34:58.0743 0x0348  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:34:58.0758 0x0348  crcdisk - ok
20:34:58.0774 0x0348  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:34:58.0774 0x0348  Crusoe - ok
20:34:58.0805 0x0348  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:34:58.0821 0x0348  CryptSvc - ok
20:34:58.0852 0x0348  [ A3F57578DC8C3A4A6B356846EF007F41, D7E59F190EA8493D55A7B3E0C148A51BFD0CBBC3AD9DC76FA7DB9C090372CC83 ] Cwbrxd          C:\Windows\CWBRXD.EXE
20:34:58.0852 0x0348  Cwbrxd - ok
20:34:58.0915 0x0348  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:34:58.0946 0x0348  DcomLaunch - ok
20:34:58.0977 0x0348  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:34:58.0993 0x0348  DfsC - ok
20:34:59.0118 0x0348  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
20:34:59.0258 0x0348  DFSR - ok
20:34:59.0321 0x0348  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:34:59.0336 0x0348  Dhcp - ok
20:34:59.0368 0x0348  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
20:34:59.0368 0x0348  disk - ok
20:34:59.0399 0x0348  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:34:59.0415 0x0348  Dnscache - ok
20:34:59.0446 0x0348  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
20:34:59.0461 0x0348  dot3svc - ok
20:34:59.0493 0x0348  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
20:34:59.0508 0x0348  DPS - ok
20:34:59.0555 0x0348  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:34:59.0555 0x0348  drmkaud - ok
20:34:59.0602 0x0348  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:34:59.0649 0x0348  DXGKrnl - ok
20:34:59.0680 0x0348  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:34:59.0680 0x0348  E1G60 - ok
20:34:59.0727 0x0348  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
20:34:59.0727 0x0348  EapHost - ok
20:34:59.0758 0x0348  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:34:59.0774 0x0348  Ecache - ok
20:34:59.0836 0x0348  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:34:59.0852 0x0348  ehRecvr - ok
20:34:59.0883 0x0348  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
20:34:59.0883 0x0348  ehSched - ok
20:34:59.0899 0x0348  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
20:34:59.0899 0x0348  ehstart - ok
20:34:59.0946 0x0348  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:34:59.0961 0x0348  elxstor - ok
20:35:00.0024 0x0348  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:35:00.0055 0x0348  EMDMgmt - ok
20:35:00.0118 0x0348  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
20:35:00.0133 0x0348  EventSystem - ok
20:35:00.0165 0x0348  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:35:00.0165 0x0348  exfat - ok
20:35:00.0211 0x0348  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:35:00.0227 0x0348  fastfat - ok
20:35:00.0243 0x0348  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:35:00.0258 0x0348  fdc - ok
20:35:00.0290 0x0348  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
20:35:00.0290 0x0348  fdPHost - ok
20:35:00.0321 0x0348  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:35:00.0321 0x0348  FDResPub - ok
20:35:00.0352 0x0348  [ 8787449F8EF116DB0E8E06C3555746A7, 9B0C2C160BB196AE0E43DD7C591A6B875D5862AD17B048DAEC43CF1BA271DFA4 ] FET5X86V        C:\Windows\system32\DRIVERS\fetnd5bv.sys
20:35:00.0352 0x0348  FET5X86V - ok
20:35:00.0415 0x0348  [ 403BEDAD0226653BA8D05AEFC3F04A0C, 78A6559943199C2D33D43B452BDE708CC096F755D7536FF056AB8AF09C1FCF0C ] FETND6V         C:\Windows\system32\DRIVERS\fetnd6v.sys
20:35:00.0415 0x0348  FETND6V - ok
20:35:00.0446 0x0348  [ B2B2C38E916184FF8523C7439DDD417F, 85B02622146478F488650771E28A311F55A503CC4F7154061E526DB0C4675FF7 ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd5.sys
20:35:00.0446 0x0348  FETNDIS - ok
20:35:00.0493 0x0348  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:35:00.0493 0x0348  FileInfo - ok
20:35:00.0524 0x0348  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:35:00.0524 0x0348  Filetrace - ok
20:35:00.0555 0x0348  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:00.0555 0x0348  flpydisk - ok
20:35:00.0602 0x0348  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:35:00.0602 0x0348  FltMgr - ok
20:35:00.0680 0x0348  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
20:35:00.0727 0x0348  FontCache - ok
20:35:00.0790 0x0348  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:35:00.0790 0x0348  FontCache3.0.0.0 - ok
20:35:00.0821 0x0348  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:35:00.0836 0x0348  Fs_Rec - ok
20:35:00.0852 0x0348  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:35:00.0852 0x0348  gagp30kx - ok
20:35:00.0915 0x0348  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
20:35:00.0961 0x0348  gpsvc - ok
20:35:01.0040 0x0348  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:01.0040 0x0348  gupdate - ok
20:35:01.0055 0x0348  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:01.0071 0x0348  gupdatem - ok
20:35:01.0102 0x0348  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:01.0118 0x0348  HdAudAddService - ok
20:35:01.0165 0x0348  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:35:01.0211 0x0348  HDAudBus - ok
20:35:01.0243 0x0348  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:35:01.0243 0x0348  HidBth - ok
20:35:01.0258 0x0348  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:35:01.0258 0x0348  HidIr - ok
20:35:01.0305 0x0348  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
20:35:01.0305 0x0348  hidserv - ok
20:35:01.0336 0x0348  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:35:01.0336 0x0348  HidUsb - ok
20:35:01.0368 0x0348  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:35:01.0368 0x0348  hkmsvc - ok
20:35:01.0383 0x0348  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:35:01.0399 0x0348  HpCISSs - ok
20:35:01.0446 0x0348  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:35:01.0477 0x0348  HTTP - ok
20:35:01.0493 0x0348  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:35:01.0493 0x0348  i2omp - ok
20:35:01.0555 0x0348  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:35:01.0555 0x0348  i8042prt - ok
20:35:01.0586 0x0348  [ 294110966CEDD127629C5BE48367C8CF, A05049B96BBD2E4FAF01AF69A69F9B0B96E610EB66E68A45051FEF7E67DD846A ] iaStor          C:\Windows\system32\drivers\iastor.sys
20:35:01.0602 0x0348  iaStor - ok
20:35:01.0633 0x0348  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:35:01.0649 0x0348  iaStorV - ok
20:35:01.0727 0x0348  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:35:01.0774 0x0348  idsvc - ok
20:35:01.0821 0x0348  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:35:01.0821 0x0348  iirsp - ok
20:35:01.0868 0x0348  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:35:01.0899 0x0348  IKEEXT - ok
20:35:02.0024 0x0348  [ 6F62BAFE6150F3952F877051C65786FE, 331E16BF61AC77592CCB02237C807E1B1E7253EB7EF70FC4EBACEFACB72903A3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:35:02.0133 0x0348  IntcAzAudAddService - ok
20:35:02.0165 0x0348  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:35:02.0180 0x0348  intelide - ok
20:35:02.0211 0x0348  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:35:02.0211 0x0348  intelppm - ok
20:35:02.0258 0x0348  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:35:02.0258 0x0348  IPBusEnum - ok
20:35:02.0290 0x0348  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:02.0290 0x0348  IpFilterDriver - ok
20:35:02.0321 0x0348  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:35:02.0336 0x0348  iphlpsvc - ok
20:35:02.0352 0x0348  IpInIp - ok
20:35:02.0383 0x0348  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:35:02.0383 0x0348  IPMIDRV - ok
20:35:02.0415 0x0348  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:35:02.0415 0x0348  IPNAT - ok
20:35:02.0446 0x0348  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:35:02.0446 0x0348  IRENUM - ok
20:35:02.0477 0x0348  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:35:02.0477 0x0348  isapnp - ok
20:35:02.0508 0x0348  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:35:02.0524 0x0348  iScsiPrt - ok
20:35:02.0540 0x0348  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:35:02.0540 0x0348  iteatapi - ok
20:35:02.0555 0x0348  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:35:02.0555 0x0348  iteraid - ok
20:35:02.0602 0x0348  [ C995C0E8B4503FAC38793BB0236AD246, 5147C90053C8DBAFA9A7E4457A03AA2BCF5EC1A7367526FD102D4B542CC357B0 ] JGOGO           C:\Windows\system32\drivers\jgogo.sys
20:35:02.0602 0x0348  JGOGO - ok
20:35:02.0618 0x0348  [ 6568289BC2E9CA3E8082817F0933685B, FF4B60F872740EB464DF5CCF4242480B43A874E9344D5EEAD52D15079B46F963 ] JRAID           C:\Windows\system32\drivers\jraid.sys
20:35:02.0618 0x0348  JRAID - ok
20:35:02.0649 0x0348  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:35:02.0649 0x0348  kbdclass - ok
20:35:02.0680 0x0348  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:35:02.0680 0x0348  kbdhid - ok
20:35:02.0696 0x0348  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
20:35:02.0696 0x0348  KeyIso - ok
20:35:02.0774 0x0348  [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:35:02.0790 0x0348  KSecDD - ok
20:35:02.0836 0x0348  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:35:02.0868 0x0348  KtmRm - ok
20:35:02.0899 0x0348  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:35:02.0915 0x0348  LanmanServer - ok
20:35:02.0961 0x0348  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:02.0961 0x0348  LanmanWorkstation - ok
20:35:03.0008 0x0348  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:35:03.0008 0x0348  lltdio - ok
20:35:03.0024 0x0348  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:35:03.0040 0x0348  lltdsvc - ok
20:35:03.0071 0x0348  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:35:03.0071 0x0348  lmhosts - ok
20:35:03.0102 0x0348  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:35:03.0118 0x0348  LSI_FC - ok
20:35:03.0133 0x0348  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:35:03.0133 0x0348  LSI_SAS - ok
20:35:03.0149 0x0348  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:35:03.0165 0x0348  LSI_SCSI - ok
20:35:03.0180 0x0348  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:35:03.0196 0x0348  luafv - ok
20:35:03.0211 0x0348  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:35:03.0227 0x0348  Mcx2Svc - ok
20:35:03.0243 0x0348  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:35:03.0258 0x0348  megasas - ok
20:35:03.0290 0x0348  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
20:35:03.0290 0x0348  MMCSS - ok
20:35:03.0305 0x0348  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
20:35:03.0305 0x0348  Modem - ok
20:35:03.0352 0x0348  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:35:03.0352 0x0348  monitor - ok
20:35:03.0383 0x0348  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:35:03.0383 0x0348  mouclass - ok
20:35:03.0399 0x0348  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:35:03.0399 0x0348  mouhid - ok
20:35:03.0446 0x0348  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:35:03.0446 0x0348  MountMgr - ok
20:35:03.0477 0x0348  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:35:03.0477 0x0348  mpio - ok
20:35:03.0524 0x0348  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:35:03.0524 0x0348  mpsdrv - ok
20:35:03.0571 0x0348  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:35:03.0602 0x0348  MpsSvc - ok
20:35:03.0633 0x0348  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:35:03.0633 0x0348  Mraid35x - ok
20:35:03.0680 0x0348  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:35:03.0680 0x0348  MRxDAV - ok
20:35:03.0727 0x0348  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:03.0727 0x0348  mrxsmb - ok
20:35:03.0758 0x0348  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:03.0774 0x0348  mrxsmb10 - ok
20:35:03.0805 0x0348  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:03.0805 0x0348  mrxsmb20 - ok
20:35:03.0836 0x0348  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:35:03.0836 0x0348  msahci - ok
20:35:03.0852 0x0348  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:35:03.0868 0x0348  msdsm - ok
20:35:03.0883 0x0348  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
20:35:03.0899 0x0348  MSDTC - ok
20:35:03.0946 0x0348  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:35:03.0946 0x0348  Msfs - ok
20:35:03.0961 0x0348  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:35:03.0961 0x0348  msisadrv - ok
20:35:03.0993 0x0348  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:35:04.0008 0x0348  MSiSCSI - ok
20:35:04.0008 0x0348  msiserver - ok
20:35:04.0040 0x0348  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:35:04.0040 0x0348  MSKSSRV - ok
20:35:04.0071 0x0348  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:04.0071 0x0348  MSPCLOCK - ok
20:35:04.0086 0x0348  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:35:04.0086 0x0348  MSPQM - ok
20:35:04.0133 0x0348  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:35:04.0149 0x0348  MsRPC - ok
20:35:04.0180 0x0348  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:35:04.0196 0x0348  mssmbios - ok
20:35:04.0227 0x0348  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:35:04.0227 0x0348  MSTEE - ok
20:35:04.0258 0x0348  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:35:04.0258 0x0348  Mup - ok
20:35:04.0305 0x0348  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
20:35:04.0321 0x0348  napagent - ok
20:35:04.0352 0x0348  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:35:04.0352 0x0348  NativeWifiP - ok
20:35:04.0415 0x0348  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:35:04.0446 0x0348  NDIS - ok
20:35:04.0493 0x0348  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:04.0493 0x0348  NdisTapi - ok
20:35:04.0524 0x0348  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:04.0524 0x0348  Ndisuio - ok
20:35:04.0555 0x0348  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:04.0571 0x0348  NdisWan - ok
20:35:04.0586 0x0348  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:35:04.0586 0x0348  NDProxy - ok
20:35:04.0618 0x0348  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:35:04.0618 0x0348  NetBIOS - ok
20:35:04.0649 0x0348  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:35:04.0649 0x0348  netbt - ok
20:35:04.0665 0x0348  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
20:35:04.0665 0x0348  Netlogon - ok
20:35:04.0696 0x0348  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
20:35:04.0711 0x0348  Netman - ok
20:35:04.0790 0x0348  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0821 0x0348  NetMsmqActivator - ok
20:35:04.0821 0x0348  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0836 0x0348  NetPipeActivator - ok
20:35:04.0883 0x0348  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
20:35:04.0899 0x0348  netprofm - ok
20:35:04.0946 0x0348  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0946 0x0348  NetTcpActivator - ok
20:35:04.0961 0x0348  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0961 0x0348  NetTcpPortSharing - ok
20:35:04.0993 0x0348  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:35:04.0993 0x0348  nfrd960 - ok
20:35:05.0040 0x0348  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:35:05.0055 0x0348  NlaSvc - ok
20:35:05.0149 0x0348  [ 7B273501C59D52978B761F82BEBADB06, 696BFE74E63BB0F97C6884EADABC67B5A2FAA9D9057BED8B7E1E336064B0F6E7 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:35:05.0165 0x0348  NMIndexingService - ok
20:35:05.0211 0x0348  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:35:05.0211 0x0348  Npfs - ok
20:35:05.0243 0x0348  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
20:35:05.0243 0x0348  nsi - ok
20:35:05.0258 0x0348  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:35:05.0258 0x0348  nsiproxy - ok
20:35:05.0352 0x0348  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:35:05.0430 0x0348  Ntfs - ok
20:35:05.0446 0x0348  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:35:05.0461 0x0348  ntrigdigi - ok
20:35:05.0493 0x0348  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
20:35:05.0493 0x0348  Null - ok
20:35:05.0524 0x0348  [ 7D960340BE5B0E008BB94E4C3B991339, 81A90003BDC4AAC7E2D7C98CD70CAD4AB36758581A7C8E0C7CA460754758ED3A ] nvatabus        C:\Windows\system32\drivers\nvatabus.sys
20:35:05.0540 0x0348  nvatabus - ok
20:35:05.0899 0x0348  [ 0AD2E0A3933AAC2A392F0C6A68E2D2F8, EDAACC7114B8A4F880A6BB074FE3FE7E6CA8550E9CCEF4360BDD846CD085B7A6 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:35:06.0165 0x0348  nvlddmkm - ok
20:35:06.0227 0x0348  [ 52F54C59A0EC7920C23638313E99E43C, C27BF4463372D05B72E8665A5D2A7F621E63C56C498530822B66BEFFEAAD008B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:35:06.0227 0x0348  nvraid - ok
20:35:06.0243 0x0348  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:35:06.0243 0x0348  nvstor - ok
20:35:06.0258 0x0348  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:35:06.0258 0x0348  nv_agp - ok
20:35:06.0274 0x0348  NwlnkFlt - ok
20:35:06.0290 0x0348  NwlnkFwd - ok
20:35:06.0321 0x0348  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:35:06.0321 0x0348  ohci1394 - ok
20:35:06.0383 0x0348  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:35:06.0415 0x0348  p2pimsvc - ok
20:35:06.0446 0x0348  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:35:06.0461 0x0348  p2psvc - ok
20:35:06.0493 0x0348  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
20:35:06.0493 0x0348  Parport - ok
20:35:06.0508 0x0348  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:35:06.0524 0x0348  partmgr - ok
20:35:06.0524 0x0348  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:35:06.0524 0x0348  Parvdm - ok
20:35:06.0555 0x0348  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:35:06.0555 0x0348  PcaSvc - ok
20:35:06.0602 0x0348  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
20:35:06.0602 0x0348  pci - ok
20:35:06.0618 0x0348  [ 3B1901E401473E03EB8C874271E50C26, 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:35:06.0618 0x0348  pciide - ok
20:35:06.0649 0x0348  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:35:06.0649 0x0348  pcmcia - ok
20:35:06.0696 0x0348  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:35:06.0743 0x0348  PEAUTH - ok
20:35:06.0836 0x0348  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
20:35:06.0899 0x0348  pla - ok
20:35:06.0946 0x0348  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:35:06.0961 0x0348  PlugPlay - ok
20:35:07.0008 0x0348  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:35:07.0024 0x0348  PNRPAutoReg - ok
20:35:07.0071 0x0348  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:35:07.0086 0x0348  PNRPsvc - ok
20:35:07.0133 0x0348  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:35:07.0149 0x0348  PolicyAgent - ok
20:35:07.0180 0x0348  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:35:07.0180 0x0348  PptpMiniport - ok
20:35:07.0196 0x0348  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
20:35:07.0211 0x0348  Processor - ok
20:35:07.0243 0x0348  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:35:07.0243 0x0348  ProfSvc - ok
20:35:07.0258 0x0348  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:07.0258 0x0348  ProtectedStorage - ok
20:35:07.0290 0x0348  [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] ProtexisLicensing c:\Windows\system32\PSIService.exe
20:35:07.0305 0x0348  ProtexisLicensing - ok
20:35:07.0336 0x0348  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:35:07.0336 0x0348  PSched - ok
20:35:07.0415 0x0348  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:35:07.0461 0x0348  ql2300 - ok
20:35:07.0477 0x0348  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:35:07.0493 0x0348  ql40xx - ok
20:35:07.0540 0x0348  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
20:35:07.0555 0x0348  QWAVE - ok
20:35:07.0571 0x0348  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:35:07.0571 0x0348  QWAVEdrv - ok
20:35:07.0586 0x0348  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:35:07.0586 0x0348  RasAcd - ok
20:35:07.0618 0x0348  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
20:35:07.0633 0x0348  RasAuto - ok
20:35:07.0649 0x0348  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:07.0649 0x0348  Rasl2tp - ok
20:35:07.0696 0x0348  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
20:35:07.0711 0x0348  RasMan - ok
20:35:07.0727 0x0348  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:07.0743 0x0348  RasPppoe - ok
20:35:07.0758 0x0348  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:35:07.0758 0x0348  RasSstp - ok
20:35:07.0790 0x0348  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:35:07.0805 0x0348  rdbss - ok
20:35:07.0821 0x0348  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:07.0821 0x0348  RDPCDD - ok
20:35:07.0868 0x0348  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:35:07.0883 0x0348  rdpdr - ok
20:35:07.0899 0x0348  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:35:07.0899 0x0348  RDPENCDD - ok
20:35:07.0961 0x0348  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:35:07.0961 0x0348  RDPWD - ok
20:35:08.0290 0x0348  [ 04F11302AB2AF61EFA696D8EDF6EE757, 15CEB71E54CF3B580EC5BCB6C0DE7C14560E4F4A157846C873D382D9CC06C585 ] ReimageRealTimeProtector C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
20:35:08.0430 0x0348  ReimageRealTimeProtector - ok
20:35:08.0493 0x0348  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:35:08.0493 0x0348  RemoteAccess - ok
20:35:08.0524 0x0348  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:35:08.0540 0x0348  RemoteRegistry - ok
20:35:08.0571 0x0348  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
20:35:08.0571 0x0348  RpcLocator - ok
20:35:08.0602 0x0348  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
20:35:08.0618 0x0348  RpcSs - ok
20:35:08.0649 0x0348  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:35:08.0665 0x0348  rspndr - ok
20:35:08.0680 0x0348  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
20:35:08.0680 0x0348  SamSs - ok
20:35:08.0696 0x0348  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:35:08.0711 0x0348  sbp2port - ok
20:35:08.0743 0x0348  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:35:08.0743 0x0348  SCardSvr - ok
20:35:08.0805 0x0348  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
20:35:08.0836 0x0348  Schedule - ok
20:35:08.0868 0x0348  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:35:08.0868 0x0348  SCPolicySvc - ok
20:35:08.0899 0x0348  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:35:08.0915 0x0348  SDRSVC - ok
20:35:08.0930 0x0348  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:35:08.0930 0x0348  secdrv - ok
20:35:08.0946 0x0348  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
20:35:08.0946 0x0348  seclogon - ok
20:35:08.0977 0x0348  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
20:35:08.0993 0x0348  SENS - ok
20:35:09.0024 0x0348  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:35:09.0024 0x0348  Serenum - ok
20:35:09.0040 0x0348  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:35:09.0055 0x0348  Serial - ok
20:35:09.0071 0x0348  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:35:09.0071 0x0348  sermouse - ok
20:35:09.0133 0x0348  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:35:09.0149 0x0348  SessionEnv - ok
20:35:09.0180 0x0348  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:35:09.0180 0x0348  sffdisk - ok
20:35:09.0196 0x0348  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:35:09.0196 0x0348  sffp_mmc - ok
20:35:09.0211 0x0348  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:35:09.0211 0x0348  sffp_sd - ok
20:35:09.0227 0x0348  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:09.0227 0x0348  sfloppy - ok
20:35:09.0290 0x0348  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:35:09.0305 0x0348  SharedAccess - ok
20:35:09.0352 0x0348  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:09.0368 0x0348  ShellHWDetection - ok
20:35:09.0399 0x0348  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:35:09.0399 0x0348  sisagp - ok
20:35:09.0430 0x0348  [ B8A2F8DCDC75F19962D975727F393920, 54C2E44D5D675ED2FEAAC0A2053CCEFB2DF7EA326C07C36D80CF190EFE32A7D0 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:35:09.0430 0x0348  SiSRaid2 - ok
20:35:09.0461 0x0348  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:35:09.0461 0x0348  SiSRaid4 - ok
20:35:09.0680 0x0348  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
20:35:09.0805 0x0348  slsvc - ok
20:35:09.0852 0x0348  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:35:09.0868 0x0348  SLUINotify - ok
20:35:09.0883 0x0348  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:35:09.0883 0x0348  Smb - ok
20:35:09.0915 0x0348  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:35:09.0930 0x0348  SNMPTRAP - ok
20:35:09.0946 0x0348  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:35:09.0961 0x0348  spldr - ok
20:35:09.0977 0x0348  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
20:35:09.0993 0x0348  Spooler - ok
20:35:10.0024 0x0348  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:35:10.0040 0x0348  srv - ok
20:35:10.0071 0x0348  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:35:10.0071 0x0348  srv2 - ok
20:35:10.0102 0x0348  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:35:10.0102 0x0348  srvnet - ok
20:35:10.0149 0x0348  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:35:10.0149 0x0348  SSDPSRV - ok
20:35:10.0196 0x0348  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:35:10.0196 0x0348  ssmdrv - ok
20:35:10.0243 0x0348  [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
20:35:10.0243 0x0348  SSPORT - ok
20:35:10.0290 0x0348  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:35:10.0290 0x0348  SstpSvc - ok
20:35:10.0352 0x0348  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
20:35:10.0383 0x0348  stisvc - ok
20:35:10.0399 0x0348  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:35:10.0415 0x0348  swenum - ok
20:35:10.0461 0x0348  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
20:35:10.0477 0x0348  swprv - ok
20:35:10.0508 0x0348  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:35:10.0508 0x0348  Symc8xx - ok
20:35:10.0540 0x0348  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:35:10.0540 0x0348  Sym_hi - ok
20:35:10.0571 0x0348  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:35:10.0571 0x0348  Sym_u3 - ok
20:35:10.0633 0x0348  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
20:35:10.0665 0x0348  SysMain - ok
20:35:10.0696 0x0348  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:10.0696 0x0348  TabletInputService - ok
20:35:10.0743 0x0348  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:35:10.0758 0x0348  TapiSrv - ok
20:35:10.0790 0x0348  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
20:35:10.0805 0x0348  TBS - ok
20:35:10.0868 0x0348  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:35:10.0930 0x0348  Tcpip - ok
20:35:10.0993 0x0348  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:35:11.0024 0x0348  Tcpip6 - ok
20:35:11.0071 0x0348  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:35:11.0071 0x0348  tcpipreg - ok
20:35:11.0102 0x0348  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:35:11.0102 0x0348  TDPIPE - ok
20:35:11.0133 0x0348  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:35:11.0133 0x0348  TDTCP - ok
20:35:11.0180 0x0348  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:35:11.0180 0x0348  tdx - ok
20:35:11.0211 0x0348  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:35:11.0211 0x0348  TermDD - ok
20:35:11.0258 0x0348  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
20:35:11.0290 0x0348  TermService - ok
20:35:11.0352 0x0348  [ 8C80A73A5D77B2208CA91E4FA269981D, 41F9A0B8C262D5AF4F5F4BFCF387AA859E2FEF77C3D429FFF8763B0C2A314952 ] TestHandler     C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
20:35:11.0368 0x0348  TestHandler - ok
20:35:11.0399 0x0348  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
20:35:11.0415 0x0348  Themes - ok
20:35:11.0430 0x0348  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:35:11.0430 0x0348  THREADORDER - ok
20:35:11.0461 0x0348  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
20:35:11.0477 0x0348  TrkWks - ok
20:35:11.0524 0x0348  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:11.0540 0x0348  TrustedInstaller - ok
20:35:11.0586 0x0348  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:11.0586 0x0348  tssecsrv - ok
20:35:11.0618 0x0348  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:35:11.0618 0x0348  tunmp - ok
20:35:11.0633 0x0348  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:35:11.0633 0x0348  tunnel - ok
20:35:11.0680 0x0348  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:35:11.0680 0x0348  uagp35 - ok
20:35:11.0727 0x0348  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:35:11.0727 0x0348  udfs - ok
20:35:11.0790 0x0348  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:35:11.0790 0x0348  UI0Detect - ok
20:35:11.0821 0x0348  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:35:11.0821 0x0348  uliagpkx - ok
20:35:11.0868 0x0348  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:35:11.0868 0x0348  uliahci - ok
20:35:11.0915 0x0348  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:35:11.0915 0x0348  UlSata - ok
20:35:11.0930 0x0348  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:35:11.0946 0x0348  ulsata2 - ok
20:35:11.0961 0x0348  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:35:11.0961 0x0348  umbus - ok
20:35:11.0993 0x0348  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
20:35:12.0008 0x0348  upnphost - ok
20:35:12.0102 0x0348  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService     C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:35:12.0149 0x0348  UPnPService - ok
20:35:12.0180 0x0348  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:12.0196 0x0348  usbccgp - ok
20:35:12.0211 0x0348  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:35:12.0227 0x0348  usbcir - ok
20:35:12.0243 0x0348  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:35:12.0243 0x0348  usbehci - ok
20:35:12.0290 0x0348  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:35:12.0305 0x0348  usbhub - ok
20:35:12.0321 0x0348  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:35:12.0321 0x0348  usbohci - ok
20:35:12.0368 0x0348  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:35:12.0368 0x0348  usbprint - ok
20:35:12.0383 0x0348  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:12.0399 0x0348  USBSTOR - ok
20:35:12.0415 0x0348  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:35:12.0415 0x0348  usbuhci - ok
20:35:12.0446 0x0348  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
20:35:12.0446 0x0348  UxSms - ok
20:35:12.0493 0x0348  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
20:35:12.0524 0x0348  vds - ok
20:35:12.0555 0x0348  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:12.0555 0x0348  vga - ok
20:35:12.0571 0x0348  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:35:12.0571 0x0348  VgaSave - ok
20:35:12.0602 0x0348  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:35:12.0602 0x0348  viaagp - ok
20:35:12.0618 0x0348  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:35:12.0618 0x0348  ViaC7 - ok
20:35:12.0649 0x0348  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
20:35:12.0649 0x0348  viaide - ok
20:35:12.0680 0x0348  [ 9F3F276C7300ED211129757A411B605F, 240C4A2C2F581A1DDEDB44F770D172779C16652F02EA63F5F5F7B14DCCFF9885 ] viamraid        C:\Windows\system32\drivers\viamraid.sys
20:35:12.0696 0x0348  viamraid - ok
20:35:12.0711 0x0348  [ AA3E6722843540B9C8EC5257E3D4B675, A3C24654978A604837F85D88C2A6ACB9C552728673213A3BB79A1B7ECE33C7E5 ] ViBus           C:\Windows\system32\DRIVERS\ViBus.sys
20:35:12.0711 0x0348  ViBus - ok
20:35:12.0727 0x0348  [ A1B7CFFE5F09B825FBA506C4DE9FDAC7, C238802B5BA4E99ED57F84C8417DF3C8269527340D20DA0AFC0050E9A611E7EE ] ViPrt           C:\Windows\system32\DRIVERS\ViPrt.sys
20:35:12.0727 0x0348  ViPrt - ok
20:35:12.0758 0x0348  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:35:12.0758 0x0348  volmgr - ok
20:35:12.0805 0x0348  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:35:12.0821 0x0348  volmgrx - ok
20:35:12.0836 0x0348  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:35:12.0852 0x0348  volsnap - ok
20:35:12.0883 0x0348  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:35:12.0883 0x0348  vsmraid - ok
20:35:12.0977 0x0348  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
20:35:13.0040 0x0348  VSS - ok
20:35:13.0071 0x0348  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
20:35:13.0086 0x0348  W32Time - ok
20:35:13.0118 0x0348  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:35:13.0133 0x0348  WacomPen - ok
20:35:13.0165 0x0348  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:35:13.0165 0x0348  Wanarp - ok
20:35:13.0180 0x0348  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:35:13.0180 0x0348  Wanarpv6 - ok
20:35:13.0227 0x0348  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:35:13.0258 0x0348  wcncsvc - ok
20:35:13.0290 0x0348  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:13.0290 0x0348  WcsPlugInService - ok
20:35:13.0321 0x0348  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
20:35:13.0321 0x0348  Wd - ok
20:35:13.0383 0x0348  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:35:13.0446 0x0348  Wdf01000 - ok
20:35:13.0477 0x0348  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:35:13.0493 0x0348  WdiServiceHost - ok
20:35:13.0524 0x0348  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:35:13.0524 0x0348  WdiSystemHost - ok
20:35:13.0555 0x0348  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
20:35:13.0571 0x0348  WebClient - ok
20:35:13.0618 0x0348  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:35:13.0633 0x0348  Wecsvc - ok
20:35:13.0649 0x0348  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:35:13.0665 0x0348  wercplsupport - ok
20:35:13.0680 0x0348  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:35:13.0696 0x0348  WerSvc - ok
20:35:13.0743 0x0348  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:35:13.0758 0x0348  WinDefend - ok
20:35:13.0774 0x0348  WinHttpAutoProxySvc - ok
20:35:13.0836 0x0348  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:35:13.0852 0x0348  Winmgmt - ok
20:35:13.0930 0x0348  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:35:14.0008 0x0348  WinRM - ok
20:35:14.0071 0x0348  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:35:14.0102 0x0348  Wlansvc - ok
20:35:14.0133 0x0348  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:35:14.0133 0x0348  WmiAcpi - ok
20:35:14.0180 0x0348  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:35:14.0180 0x0348  wmiApSrv - ok
20:35:14.0274 0x0348  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:35:14.0321 0x0348  WMPNetworkSvc - ok
20:35:14.0368 0x0348  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:35:14.0383 0x0348  WPCSvc - ok
20:35:14.0430 0x0348  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:35:14.0430 0x0348  WPDBusEnum - ok
20:35:14.0508 0x0348  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:35:14.0571 0x0348  WPFFontCache_v0400 - ok
20:35:14.0618 0x0348  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:35:14.0618 0x0348  ws2ifsl - ok
20:35:14.0649 0x0348  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:35:14.0665 0x0348  wscsvc - ok
20:35:14.0665 0x0348  WSearch - ok
20:35:14.0790 0x0348  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:35:14.0899 0x0348  wuauserv - ok
20:35:14.0946 0x0348  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:35:14.0946 0x0348  WudfPf - ok
20:35:14.0977 0x0348  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:14.0993 0x0348  WUDFRd - ok
20:35:15.0024 0x0348  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:35:15.0024 0x0348  wudfsvc - ok
20:35:15.0040 0x0348  ================ Scan global ===============================
20:35:15.0071 0x0348  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:35:15.0118 0x0348  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:35:15.0165 0x0348  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:35:15.0227 0x0348  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:35:15.0243 0x0348  [ Global ] - ok
20:35:15.0243 0x0348  ================ Scan MBR ==================================
20:35:15.0258 0x0348  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:35:15.0477 0x0348  \Device\Harddisk0\DR0 - ok
20:35:15.0477 0x0348  ================ Scan VBR ==================================
20:35:15.0493 0x0348  [ 3C9D639152C51E2C52EE5E61AB7F50D1 ] \Device\Harddisk0\DR0\Partition1
20:35:15.0524 0x0348  \Device\Harddisk0\DR0\Partition1 - ok
20:35:15.0524 0x0348  [ FA887DC50D3082A584D697C8DC0AB4E6 ] \Device\Harddisk0\DR0\Partition2
20:35:15.0540 0x0348  \Device\Harddisk0\DR0\Partition2 - ok
20:35:15.0540 0x0348  ================ Scan generic autorun ======================
20:35:15.0649 0x0348  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
20:35:15.0696 0x0348  Windows Defender - ok
20:35:15.0930 0x0348  [ A659F31AC25418738351E5BDF4C85780, 771CB4EEFAA83DD7319165483869688C69D76349526953FDE5D973945B6CC337 ] C:\Windows\RtHDVCpl.exe
20:35:16.0243 0x0348  RtHDVCpl - ok
20:35:16.0383 0x0348  [ 3A9DE49EF4BED133B49B53A6016C945B, A8997BC00ABFF5649141C3521CCAB869BECC326EBB849900E2E379BD32241917 ] c:\RecInfo\RecInfo.exe
20:35:16.0477 0x0348  recinfo87 - ok
20:35:16.0540 0x0348  [ E1D9F07E9C2326BD5601088A696AE50D, 00EB3577AD124978514447E72D52D3E4FE69A7D4F121724EA957F42FCBA1BCCC ] C:\SFIRM32\sfWinStartupInfo.exe
20:35:16.0696 0x0348  SfWinStartInfo - ok
20:35:16.0727 0x0348  [ B095A0801BFF93BF50A6D02FDC8E1834, 461827669073807821FBEDF856FC23B82E682F40004B4A6786A29440122E62D6 ] C:\Program Files\Microsoft Works\wkfud.exe
20:35:16.0727 0x0348  WorksFUD - ok
20:35:16.0774 0x0348  [ 9704788592E8EEAEE0101E4EF1920CBC, 866E4CB1940453488A73D118413757201E73E46E2014E98C23290B3781480CE2 ] C:\Program Files\Microsoft Works\WksSb.exe
20:35:16.0790 0x0348  Microsoft Works Portfolio - ok
20:35:16.0805 0x0348  [ FAC2EFDA52558D9D64115F649B6A333E, 97C1EB878FDFC3AB7FC201EE1584E333D9DDEAFBCB4A50383B6E40F97E1CDFD5 ] C:\Program Files\Microsoft Works\WkDetect.exe
20:35:16.0805 0x0348  Microsoft Works Update Detection - ok
20:35:16.0836 0x0348  [ 9C509FFFE391A3C9B11F07D6BB0CD98F, B8FAA37682E1C8D865A464F03FB52FD19378351029F8528708464E4584BB2641 ] C:\Program Files\IBM\Client Access\cwbsvstr.exe
20:35:16.0836 0x0348  Client Access Service - ok
20:35:16.0915 0x0348  [ 4CB8FD50DDA9D28A68A7A27D06768B40, 9F19C2B517041EB0AE342DF857C619FAEECAFB05455D8225EDD23572D0241532 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:35:16.0946 0x0348  avgnt - ok
20:35:17.0055 0x0348  [ D373E15EB5E2E463EF01CF7BD8D7A1DF, C3422CC25E3591F3A65CE58CE1187A93AA6F71D2976BB67A604473E3C998BEE1 ] C:\Windows\Skytel.exe
20:35:17.0149 0x0348  Skytel - ok
20:35:17.0165 0x0348  NvSvc - ok
20:35:17.0180 0x0348  NvCplDaemon - ok
20:35:17.0180 0x0348  NvMediaCenter - ok
20:35:17.0274 0x0348  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:35:17.0321 0x0348  Adobe ARM - ok
20:35:17.0430 0x0348  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:35:17.0493 0x0348  Sidebar - ok
20:35:17.0508 0x0348  WindowsWelcomeCenter - ok
20:35:17.0571 0x0348  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:35:17.0618 0x0348  Sidebar - ok
20:35:17.0633 0x0348  WindowsWelcomeCenter - ok
20:35:17.0633 0x0348  Waiting for KSN requests completion. In queue: 322
20:35:18.0633 0x0348  Waiting for KSN requests completion. In queue: 322
20:35:19.0633 0x0348  Waiting for KSN requests completion. In queue: 8
20:35:20.0680 0x0348  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.8.532 ), 0x41000 ( enabled : updated )
20:35:20.0758 0x0348  Win FW state via NFP2: enabled
20:35:23.0149 0x0348  ============================================================
20:35:23.0149 0x0348  Scan finished
20:35:23.0149 0x0348  ============================================================
20:35:23.0165 0x0128  Detected object count: 0
20:35:23.0165 0x0128  Actual detected object count: 0

es gibt weitere Entwicklungen (23.3.2015 gegen 12.00h):
heut Vormittag erhöhtes Spamaufkommen. Eine Mailbox wurde vom Provider gesperrt vermutlich wegen genau dieses Problems.

schrauber · 23.03.2015, 18:36

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

18.03.2015, 19:02	#2
schrauber /// the machine /// TB-Ausbilder	dhl trojaner- Vista - gewerblich - war schon aktiv Hi, Regeln für gewerbliche Rechner gelesen? http://www.trojaner-board.de/108422-...-anfragen.html __________________ __________________

19.03.2015, 21:00	#6
schrauber /// the machine /// TB-Ausbilder	dhl trojaner- Vista - gewerblich - war schon aktiv Ok __________________ --> dhl trojaner- Vista - gewerblich - war schon aktiv

20.03.2015, 06:46	#8
schrauber /// the machine /// TB-Ausbilder	dhl trojaner- Vista - gewerblich - war schon aktiv Dann schalte den Mist ab, der Scan bringt doch eh nix. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

dhl trojaner- Vista - gewerblich - war schon aktiv

Log-Analyse und Auswertung: dhl trojaner- Vista - gewerblich - war schon aktiv