| |
| |||||||
Log-Analyse und Auswertung: dhl trojaner- Vista - gewerblich - war schon aktivWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
18.03.2015, 18:56
| #1 |
| |  dhl trojaner- Vista - gewerblich - war schon aktiv Hallo es geht um einen gewerblich genützten Rechner, Vista serviceapck 2, Avira prof. da eine packetsendung erwartet wird hat jemand angeklickt. Die Bank gab Bescheid weil der Trojaner "ein Formular nicht richtig ausgefüllt hat" hier nun die logfiles etc. Namen wurden durch *** überschrieben Danke und gruesse avira: Code:
ATTFilter
Avira Professional Security
Erstellungsdatum der Reportdatei: Mittwoch, 18. März 2015 12:00
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : B***** GmbH
Seriennummer : 2228591928-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PC101
Versionsinformationen:
BUILD.DAT : 14.0.8.532 94015 Bytes 24.02.2015 09:43:00
AVSCAN.EXE : 14.0.8.532 1015032 Bytes 04.03.2015 08:33:22
AVSCANRC.DLL : 14.0.8.450 65272 Bytes 04.03.2015 08:33:23
LUKE.DLL : 14.0.8.532 59696 Bytes 04.03.2015 08:33:39
AVSCPLR.DLL : 14.0.8.450 93488 Bytes 04.03.2015 08:33:24
REPAIR.DLL : 14.0.8.532 365360 Bytes 04.03.2015 08:33:21
REPAIR.RDF : 1.0.6.46 805594 Bytes 17.03.2015 12:42:23
AVREG.DLL : 14.0.8.532 264496 Bytes 04.03.2015 08:33:20
AVLODE.DLL : 14.0.8.532 583472 Bytes 04.03.2015 08:33:19
AVLODE.RDF : 14.0.4.54 78895 Bytes 05.12.2014 14:47:46
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:55
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:41:56
XBV00165.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:04
XBV00166.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:04
XBV00167.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00168.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00169.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00170.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00171.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00172.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00173.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00174.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00175.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00176.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00177.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00178.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00179.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00180.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00181.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00182.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00183.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00184.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00185.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00186.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00187.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00188.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00189.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00190.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00191.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00192.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00193.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00194.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00195.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00196.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:05
XBV00197.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00198.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00199.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00200.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00201.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00202.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00203.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00204.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00205.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00206.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00207.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00208.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00209.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00210.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00211.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00212.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00213.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00214.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00215.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00216.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00217.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00218.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00219.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00220.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00221.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00222.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00223.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00224.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00225.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00226.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:06
XBV00227.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00228.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00229.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00230.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00231.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00232.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00233.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00234.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00235.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00236.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00237.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00238.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00239.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00240.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00241.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00242.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00243.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00244.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00245.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00246.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00247.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00248.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00249.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00250.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00251.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00252.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00253.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00254.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00255.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:42:07
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:33:38
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 17:33:41
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:14:32
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:50:08
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:11:56
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 11:47:26
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:23:31
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 10:41:55
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 09:49:39
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 10:46:09
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:52:01
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 10:51:13
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 11:52:32
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 11:49:10
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 04:33:07
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 11:42:00
XBV00042.VDF : 8.11.213.202 3584 Bytes 05.03.2015 11:42:00
XBV00043.VDF : 8.11.213.204 2048 Bytes 05.03.2015 11:42:00
XBV00044.VDF : 8.11.213.230 40960 Bytes 05.03.2015 14:42:04
XBV00045.VDF : 8.11.214.2 29184 Bytes 05.03.2015 04:40:27
XBV00046.VDF : 8.11.214.28 25088 Bytes 05.03.2015 04:40:28
XBV00047.VDF : 8.11.214.30 14848 Bytes 05.03.2015 04:40:28
XBV00048.VDF : 8.11.214.32 3072 Bytes 05.03.2015 04:40:28
XBV00049.VDF : 8.11.214.34 2048 Bytes 06.03.2015 04:40:28
XBV00050.VDF : 8.11.214.38 39424 Bytes 06.03.2015 06:40:29
XBV00051.VDF : 8.11.214.40 6656 Bytes 06.03.2015 08:40:29
XBV00052.VDF : 8.11.214.42 4608 Bytes 06.03.2015 08:40:29
XBV00053.VDF : 8.11.214.44 5120 Bytes 06.03.2015 10:40:29
XBV00054.VDF : 8.11.214.46 23552 Bytes 06.03.2015 11:40:35
XBV00055.VDF : 8.11.214.48 3072 Bytes 06.03.2015 13:40:29
XBV00056.VDF : 8.11.214.50 25600 Bytes 06.03.2015 13:40:29
XBV00057.VDF : 8.11.214.72 2048 Bytes 06.03.2015 13:40:29
XBV00058.VDF : 8.11.214.92 48128 Bytes 06.03.2015 04:48:15
XBV00059.VDF : 8.11.214.112 12800 Bytes 06.03.2015 04:48:15
XBV00060.VDF : 8.11.214.114 2560 Bytes 06.03.2015 04:48:15
XBV00061.VDF : 8.11.214.136 32256 Bytes 06.03.2015 04:48:15
XBV00062.VDF : 8.11.214.138 2048 Bytes 06.03.2015 04:48:15
XBV00063.VDF : 8.11.214.140 2048 Bytes 07.03.2015 04:48:15
XBV00064.VDF : 8.11.214.144 34304 Bytes 07.03.2015 10:48:12
XBV00065.VDF : 8.11.214.146 2048 Bytes 07.03.2015 10:48:12
XBV00066.VDF : 8.11.214.168 33792 Bytes 07.03.2015 04:42:32
XBV00067.VDF : 8.11.214.188 71168 Bytes 08.03.2015 04:42:32
XBV00068.VDF : 8.11.214.190 2048 Bytes 08.03.2015 04:42:32
XBV00069.VDF : 8.11.214.192 2048 Bytes 08.03.2015 04:42:32
XBV00070.VDF : 8.11.214.212 2048 Bytes 08.03.2015 04:42:32
XBV00071.VDF : 8.11.214.232 28672 Bytes 08.03.2015 04:42:32
XBV00072.VDF : 8.11.214.252 69120 Bytes 09.03.2015 06:42:33
XBV00073.VDF : 8.11.215.14 3584 Bytes 09.03.2015 07:42:32
XBV00074.VDF : 8.11.215.32 7168 Bytes 09.03.2015 09:42:32
XBV00075.VDF : 8.11.215.50 12800 Bytes 09.03.2015 12:42:35
XBV00076.VDF : 8.11.215.52 5120 Bytes 09.03.2015 12:42:35
XBV00077.VDF : 8.11.215.70 17920 Bytes 09.03.2015 15:42:36
XBV00078.VDF : 8.11.215.90 2048 Bytes 09.03.2015 15:42:36
XBV00079.VDF : 8.11.215.110 2048 Bytes 09.03.2015 15:42:36
XBV00080.VDF : 8.11.215.132 29696 Bytes 09.03.2015 04:50:19
XBV00081.VDF : 8.11.215.134 11264 Bytes 09.03.2015 04:50:19
XBV00082.VDF : 8.11.215.136 11264 Bytes 09.03.2015 04:50:19
XBV00083.VDF : 8.11.215.138 12288 Bytes 10.03.2015 06:50:19
XBV00084.VDF : 8.11.215.140 35840 Bytes 10.03.2015 06:50:19
XBV00085.VDF : 8.11.215.158 6144 Bytes 10.03.2015 08:50:22
XBV00086.VDF : 8.11.215.174 5632 Bytes 10.03.2015 08:50:22
XBV00087.VDF : 8.11.215.190 8704 Bytes 10.03.2015 09:50:23
XBV00088.VDF : 8.11.215.206 19968 Bytes 10.03.2015 11:50:18
XBV00089.VDF : 8.11.215.222 12800 Bytes 10.03.2015 13:50:23
XBV00090.VDF : 8.11.215.226 2048 Bytes 10.03.2015 13:50:23
XBV00091.VDF : 8.11.215.230 14336 Bytes 10.03.2015 15:50:22
XBV00092.VDF : 8.11.215.234 26112 Bytes 10.03.2015 04:44:55
XBV00093.VDF : 8.11.215.236 11776 Bytes 10.03.2015 04:44:55
XBV00094.VDF : 8.11.215.240 22016 Bytes 11.03.2015 07:44:57
XBV00095.VDF : 8.11.215.242 2048 Bytes 11.03.2015 07:44:57
XBV00096.VDF : 8.11.215.244 2048 Bytes 11.03.2015 07:44:57
XBV00097.VDF : 8.11.216.4 7680 Bytes 11.03.2015 10:44:55
XBV00098.VDF : 8.11.216.20 12800 Bytes 11.03.2015 10:44:55
XBV00099.VDF : 8.11.216.36 19968 Bytes 11.03.2015 12:44:54
XBV00100.VDF : 8.11.216.52 2560 Bytes 11.03.2015 15:44:54
XBV00101.VDF : 8.11.216.54 22016 Bytes 11.03.2015 17:44:55
XBV00102.VDF : 8.11.216.56 8192 Bytes 11.03.2015 05:30:52
XBV00103.VDF : 8.11.216.58 4608 Bytes 11.03.2015 05:30:52
XBV00104.VDF : 8.11.216.60 16896 Bytes 11.03.2015 05:30:52
XBV00105.VDF : 8.11.216.76 14336 Bytes 11.03.2015 05:30:52
XBV00106.VDF : 8.11.216.90 30208 Bytes 11.03.2015 05:30:52
XBV00107.VDF : 8.11.216.104 5632 Bytes 12.03.2015 05:30:52
XBV00108.VDF : 8.11.216.118 6656 Bytes 12.03.2015 06:30:50
XBV00109.VDF : 8.11.216.120 24576 Bytes 12.03.2015 06:30:50
XBV00110.VDF : 8.11.216.122 16896 Bytes 12.03.2015 05:52:20
XBV00111.VDF : 8.11.216.124 2048 Bytes 12.03.2015 05:52:20
XBV00112.VDF : 8.11.216.138 16896 Bytes 12.03.2015 05:52:20
XBV00113.VDF : 8.11.216.140 2048 Bytes 12.03.2015 05:52:20
XBV00114.VDF : 8.11.216.154 3584 Bytes 12.03.2015 05:52:20
XBV00115.VDF : 8.11.216.168 2048 Bytes 12.03.2015 05:52:20
XBV00116.VDF : 8.11.216.182 70144 Bytes 12.03.2015 05:52:20
XBV00117.VDF : 8.11.216.196 2048 Bytes 13.03.2015 05:52:20
XBV00118.VDF : 8.11.216.200 46080 Bytes 13.03.2015 05:52:20
XBV00119.VDF : 8.11.216.214 11776 Bytes 13.03.2015 07:52:19
XBV00120.VDF : 8.11.216.228 4096 Bytes 13.03.2015 08:52:16
XBV00121.VDF : 8.11.216.242 2560 Bytes 13.03.2015 11:52:17
XBV00122.VDF : 8.11.216.254 2560 Bytes 13.03.2015 11:52:17
XBV00123.VDF : 8.11.217.10 7680 Bytes 13.03.2015 15:52:18
XBV00124.VDF : 8.11.217.14 2048 Bytes 13.03.2015 15:52:18
XBV00125.VDF : 8.11.217.16 24576 Bytes 13.03.2015 04:37:16
XBV00126.VDF : 8.11.217.22 17408 Bytes 13.03.2015 04:37:16
XBV00127.VDF : 8.11.217.24 2048 Bytes 13.03.2015 04:37:16
XBV00128.VDF : 8.11.217.26 2048 Bytes 13.03.2015 04:37:16
XBV00129.VDF : 8.11.217.28 15872 Bytes 13.03.2015 04:37:16
XBV00130.VDF : 8.11.217.42 84480 Bytes 14.03.2015 04:43:49
XBV00131.VDF : 8.11.217.54 2048 Bytes 14.03.2015 04:43:49
XBV00132.VDF : 8.11.217.66 2048 Bytes 14.03.2015 04:43:49
XBV00133.VDF : 8.11.217.78 19456 Bytes 14.03.2015 04:43:49
XBV00134.VDF : 8.11.217.90 71680 Bytes 15.03.2015 04:43:49
XBV00135.VDF : 8.11.217.102 2048 Bytes 15.03.2015 04:43:49
XBV00136.VDF : 8.11.217.124 6656 Bytes 15.03.2015 04:43:49
XBV00137.VDF : 8.11.217.136 76800 Bytes 16.03.2015 06:43:48
XBV00138.VDF : 8.11.217.146 3584 Bytes 16.03.2015 09:43:48
XBV00139.VDF : 8.11.217.156 3584 Bytes 16.03.2015 09:43:48
XBV00140.VDF : 8.11.217.166 4096 Bytes 16.03.2015 09:43:48
XBV00141.VDF : 8.11.217.176 12288 Bytes 16.03.2015 11:43:45
XBV00142.VDF : 8.11.217.186 13312 Bytes 16.03.2015 04:42:16
XBV00143.VDF : 8.11.217.188 24064 Bytes 16.03.2015 04:42:16
XBV00144.VDF : 8.11.217.194 7680 Bytes 16.03.2015 04:42:16
XBV00145.VDF : 8.11.217.198 31232 Bytes 16.03.2015 04:42:16
XBV00146.VDF : 8.11.217.208 13824 Bytes 16.03.2015 06:42:12
XBV00147.VDF : 8.11.217.216 7680 Bytes 16.03.2015 06:42:13
XBV00148.VDF : 8.11.217.224 2048 Bytes 17.03.2015 06:42:13
XBV00149.VDF : 8.11.217.232 23552 Bytes 17.03.2015 06:42:13
XBV00150.VDF : 8.11.217.240 7168 Bytes 17.03.2015 07:42:18
XBV00151.VDF : 8.11.217.242 9216 Bytes 17.03.2015 09:42:14
XBV00152.VDF : 8.11.217.244 13824 Bytes 17.03.2015 09:42:14
XBV00153.VDF : 8.11.217.252 4608 Bytes 17.03.2015 13:42:18
XBV00154.VDF : 8.11.218.4 10240 Bytes 17.03.2015 13:42:18
XBV00155.VDF : 8.11.218.6 12800 Bytes 17.03.2015 13:42:18
XBV00156.VDF : 8.11.218.16 14848 Bytes 17.03.2015 04:42:50
XBV00157.VDF : 8.11.218.20 2048 Bytes 17.03.2015 04:42:50
XBV00158.VDF : 8.11.218.28 4096 Bytes 17.03.2015 04:42:50
XBV00159.VDF : 8.11.218.30 25600 Bytes 17.03.2015 04:42:50
XBV00160.VDF : 8.11.218.32 2048 Bytes 17.03.2015 04:42:50
XBV00161.VDF : 8.11.218.34 18432 Bytes 17.03.2015 04:42:50
XBV00162.VDF : 8.11.218.38 26112 Bytes 18.03.2015 06:42:51
XBV00163.VDF : 8.11.218.46 4096 Bytes 18.03.2015 08:42:49
XBV00164.VDF : 8.11.218.52 3584 Bytes 18.03.2015 09:42:55
LOCAL001.VDF : 8.11.218.52 124751872 Bytes 18.03.2015 09:43:20
Engineversion : 8.3.30.2
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:09:08
AESCRIPT.DLL : 8.2.2.58 560248 Bytes 17.03.2015 10:42:27
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 10:42:58
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 11:33:12
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 13:52:17
AEPACK.DLL : 8.4.0.62 793456 Bytes 20.02.2015 16:11:22
AEOFFICE.DLL : 8.3.1.14 354216 Bytes 10.03.2015 11:50:17
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 10.03.2015 11:50:18
AEHEUR.DLL : 8.1.4.1578 8137584 Bytes 06.03.2015 11:40:35
AEHELP.DLL : 8.3.1.0 278728 Bytes 12.06.2014 10:23:19
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 11:52:10
AEEXP.DLL : 8.4.2.70 255904 Bytes 06.02.2015 10:51:48
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 13:41:52
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 11:50:18
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 14:51:28
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 13:41:51
AVWINLL.DLL : 14.0.8.532 25904 Bytes 04.03.2015 08:33:13
AVPREF.DLL : 14.0.8.532 52984 Bytes 04.03.2015 08:33:20
AVREP.DLL : 14.0.8.532 220464 Bytes 04.03.2015 08:33:21
AVARKT.DLL : 14.0.8.532 228088 Bytes 04.03.2015 08:33:15
AVEVTLOG.DLL : 14.0.8.532 184568 Bytes 04.03.2015 08:33:16
SQLITE3.DLL : 14.0.8.532 453936 Bytes 04.03.2015 08:33:42
AVSMTP.DLL : 14.0.8.532 79096 Bytes 04.03.2015 08:33:24
NETNT.DLL : 14.0.8.532 16120 Bytes 04.03.2015 08:33:40
RCIMAGE.DLL : 14.0.8.450 5069616 Bytes 04.03.2015 08:33:13
RCTEXT.DLL : 14.0.8.502 76080 Bytes 04.03.2015 08:33:14
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 18. März 2015 12:00
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SFAutomat.Exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'WkDetect.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\B*****\AppData\Local\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}.exe
[FUND] Ist das Trojanische Pferd TR/Visucius.21
Die Registry wurde durchsucht ( '3093' Dateien ).
Beginne mit der Desinfektion:
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}> wurde erfolgreich entfernt.
C:\Users\B*****\AppData\Local\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}.exe
[FUND] Ist das Trojanische Pferd TR/Visucius.21
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5188f85a.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2550521-3271785228-4015257772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AB2A998-B2E3-E50D-4321-DA7E310B1D40}> wurde erfolgreich repariert.
Ende des Suchlaufs: Mittwoch, 18. März 2015 12:04
Benötigte Zeit: 00:50 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
3686 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
3685 Dateien ohne Befall
28 Archive wurden durchsucht
0 Warnungen
1 Hinweise
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-18 18:45:04
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000052 360320AS_____________________________ rev.AM___ 335,35GB
Running: Gmer-19357.exe; Driver: C:\Users\B*****\AppData\Local\Temp\pgldapog.sys
---- System - GMER 2.1 ----
SSDT 8A240E2E ZwCreateSection
SSDT 8A240E06 ZwCreateSymbolicLinkObject
SSDT 8A240E0B ZwLoadDriver
SSDT 8A240E01 ZwOpenSection
SSDT 8A240E38 ZwRequestWaitReplyPort
SSDT 8A240E33 ZwSetContextThread
SSDT 8A240E3D ZwSetSecurityObject
SSDT 8A240E10 ZwSetSystemInformation
SSDT 8A240E42 ZwSystemDebugControl
SSDT 8A240DCF ZwTerminateProcess
SSDT 8A240DCA ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820ED7D8 4 Bytes [2E, 0E, 24, 8A] {PUSH CS; AND AL, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 21D 820ED7E0 4 Bytes [06, 0E, 24, 8A] {PUSH ES; PUSH CS; AND AL, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 37D 820ED940 4 Bytes [0B, 0E, 24, 8A] {OR ECX, [ESI]; AND AL, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 3FD 820ED9C0 4 Bytes [01, 0E, 24, 8A] {ADD [ESI], ECX; AND AL, 0x8a}
.text ntkrnlpa.exe!KeSetEvent + 539 820EDAFC 4 Bytes [38, 0E, 24, 8A] {CMP [ESI], CL; AND AL, 0x8a}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C405340, 0x33F6F7, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!EnableWindow 770ACD8B 5 Bytes JMP 6D8CA2AC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxParamW 770D10B0 5 Bytes JMP 6D82190B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxIndirectParamW 770D2EF5 5 Bytes JMP 6DA1EA9A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxParamA 770E8152 5 Bytes JMP 6DA1EA35 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!DialogBoxIndirectParamA 770E847D 5 Bytes JMP 6DA1EAFF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxIndirectA 770FD4D9 5 Bytes JMP 6DA1E9BC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxIndirectW 770FD5D3 5 Bytes JMP 6DA1E943 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxExA 770FD639 5 Bytes JMP 6DA1E8DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1876] USER32.dll!MessageBoxExW 770FD65D 5 Bytes JMP 6DA1E87B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] ntdll.dll!RtlExitUserThread 77821CFB 5 Bytes JMP 6DA1F0EC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] kernel32.dll!TerminateThread 75F644DB 5 Bytes JMP 6DA1F105 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] kernel32.dll!CreateThread 75F6CBEE 5 Bytes JMP 6D8874FB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogParamW 770A72A2 5 Bytes JMP 6DA1EE04 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!GetAsyncKeyState 770A863C 5 Bytes JMP 6D86DEC5 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetWindowsHookExW 770A87AD 5 Bytes JMP 6D8C298C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CallNextHookEx 770A8E3B 5 Bytes JMP 6D8E7CCF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!UnhookWindowsHookEx 770A98DB 5 Bytes JMP 6D90E230 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!EnableWindow 770ACD8B 5 Bytes JMP 6D8CA2AC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DefWindowProcA 770ADB88 7 Bytes JMP 6D88972D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExA 770ADC2A 5 Bytes JMP 6D89354B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateWindowExW 770B1305 5 Bytes JMP 6D8F005B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!GetKeyState 770B8CB1 5 Bytes JMP 6D86DD9B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DefWindowProcW 770C03B4 7 Bytes JMP 6D8E7D32 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!IsDialogMessageW 770C0745 5 Bytes JMP 6DA1F5D7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogParamA 770C17AA 5 Bytes JMP 6DA1EDCC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!IsDialogMessage 770C1847 5 Bytes JMP 6DA1F5AF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogIndirectParamA 770C26F1 5 Bytes JMP 6DA1EE3C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!CreateDialogIndirectParamW 770C9A62 5 Bytes JMP 6DA1EE74 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetKeyboardState 770D0987 5 Bytes JMP 6DA1FEC9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamW 770D10B0 5 Bytes JMP 6D82190B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamW 770D2EF5 5 Bytes JMP 6DA1EA9A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SendInput 770D2F75 5 Bytes JMP 6DA1FE71 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!EndDialog 770D326E 5 Bytes JMP 6DA1F883 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!SetCursorPos 770E6FB2 5 Bytes JMP 6DA1FF4A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxParamA 770E8152 5 Bytes JMP 6DA1EA35 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!DialogBoxIndirectParamA 770E847D 5 Bytes JMP 6DA1EAFF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectA 770FD4D9 5 Bytes JMP 6DA1E9BC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxIndirectW 770FD5D3 5 Bytes JMP 6DA1E943 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExA 770FD639 5 Bytes JMP 6DA1E8DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!MessageBoxExW 770FD65D 5 Bytes JMP 6DA1E87B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] USER32.dll!keybd_event 770FD972 5 Bytes JMP 6DA1FE2E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] SHELL32.dll!SHRestricted + D95 766088D8 4 Bytes [CF, 01, 0E, 6D] {IRET ; ADD [ESI], ECX; INS DWORD [ES:EDI], DX}
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] SHELL32.dll!SHRestricted + D9D 766088E0 8 Bytes [E0, 61, 0D, 6D, 79, F7, 0D, ...] {LOOPNZ 0x63; OR EAX, 0xdf7796d; INS DWORD [ES:EDI], DX}
.text C:\Program Files\Internet Explorer\iexplore.exe[2928] ole32.dll!OleLoadFromStream 776B1E80 5 Bytes JMP 6DA1F2E1 C:\Windows\system32\IEFRAME.dll
---- EOF - GMER 2.1 ----
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:15 on 18/03/2015 (B******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by B***** at 2015-03-18 17:29:47
Running from C:\Users\B*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.8.532 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Dropbox (HKU\S-1-5-21-2550521-3271785228-4015257772-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.0.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDCleaner (HKLM\...\HDCleaner) (Version: - )
IBM iSeries Access für Windows (HKLM\...\ClientAccessExpress) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Standard (HKLM\...\{91120407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6.0 (HKLM\...\{D0AC6844-79D4-11D4-AFEE-00C04F443448}) (Version: 06.00.0000 - Microsoft Corporation)
Mozilla Firefox 6.0.2 (x86 de) (HKLM\...\Mozilla Firefox 6.0.2 (x86 de)) (Version: 6.0.2 - Mozilla)
Mozilla Thunderbird (7.0.1) (HKLM\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571031}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org Installer 1.0 (HKLM\...\{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}) (Version: 1.0.9221 - Sun Microsystems)
Praktische Arbeitshilfe (HKLM\...\{FF2E73E1-D8D5-48BC-9517-A3CB199B0B86}) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM\...\Samsung ML-1670 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SFirm (HKLM\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.5.250.5 - Star Finanz GmbH)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
TransDATA Professional, Version 2.1.4 (HKLM\...\TransDATA Professional_is1) (Version: - AvenDATA GmbH)
VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version: - Corel Corporation)
WordPerfect Office X3 (Version: 13.3 - Corel Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{52AFBCC2-EBAB-94C6-1603-BBB04F86678D}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{53B45807-A53D-57BC-9471-5C0C2D3EC539}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{7B43291D-AFF3-DDC8-C9C7-CDADB4C79744}\InprocServer32 -> C:\Windows\system32\msaatext.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2550521-3271785228-4015257772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\B*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
27-02-2015 06:15:32 Geplanter Prüfpunkt
28-02-2015 06:49:19 Geplanter Prüfpunkt
02-03-2015 06:14:33 Geplanter Prüfpunkt
03-03-2015 06:06:56 Geplanter Prüfpunkt
04-03-2015 05:53:41 Geplanter Prüfpunkt
05-03-2015 06:19:16 Geplanter Prüfpunkt
06-03-2015 06:14:10 Geplanter Prüfpunkt
07-03-2015 06:08:53 Geplanter Prüfpunkt
09-03-2015 06:08:12 Geplanter Prüfpunkt
10-03-2015 06:11:00 Geplanter Prüfpunkt
11-03-2015 06:17:22 Geplanter Prüfpunkt
12-03-2015 06:33:53 Windows Update
13-03-2015 06:12:55 Geplanter Prüfpunkt
14-03-2015 06:15:05 Geplanter Prüfpunkt
16-03-2015 06:09:22 Geplanter Prüfpunkt
17-03-2015 06:02:43 Geplanter Prüfpunkt
18-03-2015 06:16:55 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00D91678-EE1A-44CC-BA22-C2A15CAF5295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {1B6CE553-D69A-43A6-9371-726A16608C6E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {4D0F48CF-60B2-40B7-89FB-B9FEDCAB41A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {6BC3BA74-F132-4973-9EF3-3D7E084F292A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7043DF74-532B-4FA4-915C-E34E5FC1092F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D757272E-EBDF-4478-B3AA-9104901672A7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - B***** => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by B***** (administrator) on PC101 on 18-03-2015 17:32:17
Running from C:\Users\B*****\Desktop
Loaded Profiles: B****** (Available profiles: B******)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PSIService.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft® Corporation) C:\Program Files\Microsoft Works\WkDetect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\B*****\Desktop\2 - FRST.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [recinfo87] => c:\RecInfo\RecInfo.exe [2768896 2007-09-14] ()
HKLM\...\Run: [SfWinStartInfo] => C:\SFIRM32\sfWinStartupInfo.exe [144544 2012-07-24] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [311350 2000-07-12] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-07-21] (Microsoft® Corporation)
HKLM\...\Run: [Client Access Service] => C:\Program Files\IBM\Client Access\cwbsvstr.exe [20531 2006-12-04] (IBM Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [294912 2008-01-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2550521-3271785228-4015257772-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2550521-3271785228-4015257772-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{B75D10ED-54E4-416D-9F67-1189758B6648}: [NameServer] 192.168.124.1
FireFox:
========
FF ProfilePath: C:\Users\Breckle\AppData\Roaming\Mozilla\Firefox\Profiles\669y21ee.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-13]
CHR Extension: (Google Drive) - C:\Users\B*****AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]
CHR Extension: (YouTube) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\B*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-13]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\B*****\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [804600 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [65585 2006-12-04] (IBM Corporation) [File not signed]
R2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [6912 2006-02-07] (JMicron )
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [47872 2007-04-03] (JMicron Technology Corp.) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-18 17:29 - 2015-03-18 17:32 - 00013197 _____ () C:\Users\B*****\Desktop\FRST.txt
2015-03-18 17:29 - 2015-03-18 17:30 - 00012458 _____ () C:\Users\B*****\Desktop\Addition.txt
2015-03-18 17:26 - 2015-03-18 13:10 - 01135104 _____ (Farbar) C:\Users\B*****Desktop\2 - FRST.exe
2015-03-18 17:26 - 2015-03-18 13:09 - 00050477 _____ () C:\Users\B*****\Desktop\1 - Defogger.exe
2015-03-18 17:26 - 2015-03-18 13:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\B*****\Desktop\tdsskiller.exe
2015-03-18 17:26 - 2015-03-18 12:58 - 16502728 _____ (Malwarebytes Corp.) C:\Users\B*****\Desktop\mbar-1.09.1.1004.exe
2015-03-18 17:25 - 2015-03-18 17:16 - 00000476 _____ () C:\Users\B*****\Desktop\defogger_disable.log
2015-03-18 17:25 - 2015-03-18 14:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\B*****\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-18 17:25 - 2015-03-18 13:13 - 00000239 _____ () C:\Users\B*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url
2015-03-18 17:25 - 2015-03-18 12:01 - 00000218 _____ () C:\Users\B*****\Desktop\Entfernen von DHL-Trojaner - Seite 4 - Trojaner-Board.url
2015-03-18 17:17 - 2015-03-18 17:32 - 00000000 ____D () C:\FRST
2015-03-18 17:15 - 2015-03-18 17:15 - 00000000 _____ () C:\Users\B*****\defogger_reenable
2015-03-18 14:45 - 2015-03-18 14:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 14:44 - 2015-03-18 14:44 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-18 14:44 - 2015-03-18 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-18 14:44 - 2015-03-18 14:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-18 14:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 14:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 14:44 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 14:01 - 2015-03-18 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-18 14:00 - 2015-03-18 14:29 - 00000000 ____D () C:\Users\B*****\Desktop\mbar
2015-03-18 13:45 - 2015-03-18 17:17 - 00000000 ____D () C:\Users\B*****\Desktop\dhl scheisse
2015-03-12 06:56 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 06:56 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 06:56 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 06:42 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 06:40 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:27 - 2015-03-18 16:23 - 00000000 ____D () C:\Users\B*****\Desktop\FSC
2015-03-11 05:52 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 05:52 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 05:52 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 05:52 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 05:52 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 05:52 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 05:52 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 05:52 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 05:52 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 05:52 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 05:52 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 05:52 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 05:52 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 05:52 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 05:52 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 16:06 - 2015-03-04 16:06 - 00000000 ____D () C:\Users\B*****\AppData\Local\elfopatch
2015-03-04 13:31 - 2015-03-04 13:31 - 00028084 _____ () C:\Users\B*****\UStVA2015_01_Januar_B*****_GmbH_Benninger_Bettsysteme.elfo
2015-03-04 13:24 - 2015-03-04 13:24 - 00022148 _____ () C:\Users\B*****\UStVA2015_02_Februar_Friedrich_B*****.elfo
2015-03-03 06:49 - 2015-03-03 06:49 - 00020836 _____ () C:\Users\B*****\UStVA2015_02_Februar_Grundstücksgemeinschaft_B*****.elfo
2015-03-03 06:46 - 2015-03-03 06:46 - 00020004 _____ () C:\Users\B*****\UStVA2015_02_Februar_B*****_GBR.elfo
2015-02-17 09:58 - 2015-02-17 09:58 - 00034816 _____ () C:\Users\B*****\Desktop\Kopie von Kfz_Kurzfragebogen.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-18 17:22 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:22 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 17:17 - 2013-10-23 17:00 - 00000000 ___RD () C:\Users\B*****\Dropbox
2015-03-18 17:15 - 2007-10-12 16:43 - 00000000 ____D () C:\Users\B*****
2015-03-18 16:56 - 2013-11-13 13:57 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 16:49 - 2014-08-10 14:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 16:23 - 2007-10-12 16:33 - 01425066 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 15:45 - 2013-10-23 16:57 - 00000000 ____D () C:\Users\B*****\AppData\Roaming\Dropbox
2015-03-18 15:19 - 2007-10-12 21:16 - 00000000 ____D () C:\SFIRM32
2015-03-18 15:16 - 2013-11-13 13:57 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 15:16 - 2007-09-17 16:13 - 00359112 _____ () C:\Windows\PFRO.log
2015-03-18 15:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 15:15 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-18 13:46 - 2006-11-02 11:33 - 01564930 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 11:16 - 2011-07-15 13:55 - 00000000 ____D () C:\Scan
2015-03-17 16:20 - 2007-10-12 17:00 - 00000000 ____D () C:\Users\B*****\Desktop\Listen,Größe Dormiente
2015-03-17 11:38 - 2009-02-25 12:18 - 00000000 ____D () C:\Users\B*****\Desktop\Kundenspezifische Aufkleber
2015-03-16 13:08 - 2013-10-23 16:58 - 00000000 ____D () C:\Users\B*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-16 11:29 - 2007-10-12 18:44 - 00000000 ____D () C:\Program Files\Praktische Arbeitshilfe
2015-03-13 16:40 - 2013-12-20 10:49 - 00000000 ____D () C:\Users\B*****\Desktop\Rhenus Speditionsauftrag
2015-03-13 06:51 - 2007-10-12 17:00 - 00000000 ____D () C:\Users\B*****\Desktop\Toll collect
2015-03-12 07:10 - 2006-11-02 13:47 - 00360048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:56 - 2013-08-16 04:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 06:45 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 14:56 - 2007-10-12 16:59 - 00000000 ____D () C:\Users\B*****\Desktop\Buchhaltung
2015-03-10 13:06 - 2007-10-12 16:59 - 00000000 ____D () C:\Users\B*****\Desktop\JPEG BILDER
2015-03-04 16:06 - 2007-10-12 18:42 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-04 09:33 - 2013-05-30 18:16 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 09:33 - 2013-05-30 18:16 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-17 12:13 - 2009-02-09 15:21 - 00102424 _____ () C:\Users\B*****\AppData\Roaming\GDIPFONTCACHEV1.DAT
==================== Files in the root of some directories =======
2007-10-12 18:33 - 2007-10-12 18:33 - 0024206 _____ () C:\Users\B*****\AppData\Roaming\UserTile.png
2007-10-13 13:37 - 2014-01-11 13:08 - 0014336 _____ () C:\Users\B*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-10-12 18:41 - 2007-10-12 18:41 - 0000305 _____ () C:\ProgramData\addr_file.html
Some content of TEMP:
====================
C:\Users\B*****\AppData\Local\Temp\APNSetup.exe
C:\Users\B*****\AppData\Local\Temp\avgnt.exe
C:\Users\B*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr1fqpi.dll
C:\Users\B*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\B*****\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\B*****\AppData\Local\Temp\shmcapture_3944_1.exe
C:\Users\B*****\AppData\Local\Temp\shmcapture_5136_1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-18 15:22
==================== End Of Log ============================
|
|
18.03.2015, 19:02
| #2 |
| /// the machine /// TB-Ausbilder    | dhl trojaner- Vista - gewerblich - war schon aktiv__________________
__________________ |
|
18.03.2015, 19:10
| #3 |
| | dhl trojaner- Vista - gewerblich - war schon aktiv wir sind ein ein Unternehmen mit 2 Verwaltungsangestellten, entsprechend groß ist auch unsere IT Abteilung
__________________herzlichen Dank für die freundliche Hilfe Gruesse |
|
19.03.2015, 10:56
| #4 |
| | dhl trojaner- Vista - gewerblich - war schon aktiv Herzlichen Dank der freundlichen Antwort [QUOTE=HerrOK;1443422] 2 Verwaltungsangestellten, entsprechend groß ist auch unsere IT Abteilung /QUOTE] war durchaus ernst gemeint, wobei das Ergebniss dasselbe ist 2 Verwalter sind 2mal Teilzeit plus Scheffin. "IT-Zahl" entsprechend der "Angestelltenzahl" ergibt Null. die logfiles kann ich erst am Abend spät posten, ein Durchlauf gestern Abend (die 2 Versionen Malwarebites und TDSS) ergaben keine Funde. zur Zeit (seit gestern spät Abends) läuft ein Antivir Suchlauf. Wobei leider nebenbei noch auf dem Rechner einige wenige Arbeiten gemacht werden müssen. gruesse |
|
19.03.2015, 09:47
| #5 | |
| /// the machine /// TB-Ausbilder | dhl trojaner- Vista - gewerblich - war schon aktivZitat:
 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.03.2015, 21:00
| #6 |
| /// the machine /// TB-Ausbilder | dhl trojaner- Vista - gewerblich - war schon aktiv Ok 
__________________ --> dhl trojaner- Vista - gewerblich - war schon aktiv |
|
19.03.2015, 21:29
| #7 |
| | dhl trojaner- Vista - gewerblich - war schon aktiv bin etwas verunsichert. Der Antivirsuchlauf geht seit gestern Abend und ist jetzt (21.27h) auf knapp 20%. Bis morgen geb ich ihm noch....  |
|
20.03.2015, 06:46
| #8 |
| /// the machine /// TB-Ausbilder | dhl trojaner- Vista - gewerblich - war schon aktiv Dann schalte den Mist ab, der Scan bringt doch eh nix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 12:24
| #9 |
| | dhl trojaner- Vista - gewerblich - war schon aktiv so nun hier die logfile von mbar -- KEINE FUNDE-- wie auch schon beim früheren Durchlauf tdss kommt noch antivir hat folgende gefunden und in Quarantäne gesperrt: TR/geldag.1 TR/Rogue.A.D.605605 TR/Visucius.21 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.22.05
rootkit: v2015.02.25.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
B***** :: PC101 [administrator]
22.03.2015 19:52:09
mbar-log-2015-03-22 (19-52-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 35
Time elapsed: 1 minute(s), 1 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:33:30.0540 0x0b8c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:33:37.0055 0x0b8c ============================================================
20:33:37.0055 0x0b8c Current date / time: 2015/03/22 20:33:37.0055
20:33:37.0055 0x0b8c SystemInfo:
20:33:37.0055 0x0b8c
20:33:37.0055 0x0b8c OS Version: 6.0.6002 ServicePack: 2.0
20:33:37.0055 0x0b8c Product type: Workstation
20:33:37.0055 0x0b8c ComputerName: PC101
20:33:37.0055 0x0b8c UserName: B*****
20:33:37.0055 0x0b8c Windows directory: C:\Windows
20:33:37.0055 0x0b8c System windows directory: C:\Windows
20:33:37.0055 0x0b8c Processor architecture: Intel x86
20:33:37.0055 0x0b8c Number of processors: 2
20:33:37.0055 0x0b8c Page size: 0x1000
20:33:37.0055 0x0b8c Boot type: Normal boot
20:33:37.0055 0x0b8c ============================================================
20:33:51.0290 0x0b8c KLMD registered as C:\Windows\system32\drivers\07972767.sys
20:33:51.0586 0x0b8c System UUID: {240D7A20-26A4-3C41-B39D-BF6844AD97EE}
20:33:52.0305 0x0b8c !crdlk
20:33:52.0321 0x0b8c Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 ( 335.35 Gb ), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:33:52.0352 0x0b8c ============================================================
20:33:52.0352 0x0b8c \Device\Harddisk0\DR0:
20:33:52.0368 0x0b8c MBR partitions:
20:33:52.0368 0x0b8c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1B0D0000
20:33:52.0368 0x0b8c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C840800, BlocksNum 0xD672800
20:33:52.0368 0x0b8c ============================================================
20:33:52.0399 0x0b8c C: <-> \Device\Harddisk0\DR0\Partition1
20:33:52.0446 0x0b8c D: <-> \Device\Harddisk0\DR0\Partition2
20:33:52.0446 0x0b8c ============================================================
20:33:52.0446 0x0b8c Initialize success
20:33:52.0446 0x0b8c ============================================================
20:34:52.0305 0x0348 ============================================================
20:34:52.0305 0x0348 Scan started
20:34:52.0305 0x0348 Mode: Manual;
20:34:52.0305 0x0348 ============================================================
20:34:52.0305 0x0348 KSN ping started
20:34:54.0977 0x0348 KSN ping finished: true
20:34:55.0915 0x0348 ================ Scan system memory ========================
20:34:55.0915 0x0348 System memory - ok
20:34:55.0915 0x0348 ================ Scan services =============================
20:34:56.0086 0x0348 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:34:56.0102 0x0348 ACPI - ok
20:34:56.0227 0x0348 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:34:56.0227 0x0348 AdobeARMservice - ok
20:34:56.0290 0x0348 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:56.0305 0x0348 AdobeFlashPlayerUpdateSvc - ok
20:34:56.0383 0x0348 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:34:56.0399 0x0348 adp94xx - ok
20:34:56.0430 0x0348 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:34:56.0461 0x0348 adpahci - ok
20:34:56.0493 0x0348 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:34:56.0508 0x0348 adpu160m - ok
20:34:56.0540 0x0348 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:34:56.0540 0x0348 adpu320 - ok
20:34:56.0618 0x0348 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:34:56.0618 0x0348 AeLookupSvc - ok
20:34:56.0696 0x0348 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
20:34:56.0711 0x0348 AFD - ok
20:34:56.0758 0x0348 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:34:56.0758 0x0348 agp440 - ok
20:34:56.0790 0x0348 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:34:56.0790 0x0348 aic78xx - ok
20:34:56.0836 0x0348 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:34:56.0852 0x0348 ALG - ok
20:34:56.0883 0x0348 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
20:34:56.0883 0x0348 aliide - ok
20:34:56.0915 0x0348 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:34:56.0915 0x0348 amdagp - ok
20:34:56.0930 0x0348 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
20:34:56.0946 0x0348 amdide - ok
20:34:56.0961 0x0348 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:34:56.0961 0x0348 AmdK7 - ok
20:34:56.0977 0x0348 [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:34:56.0977 0x0348 AmdK8 - ok
20:34:57.0071 0x0348 [ DFAD5A9E0C900A00E8B6A8308CCA347D, 1E899D092C7C9B0F6C043D25238BFF843F59F57E3FB9C861533524693D0AB070 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:34:57.0102 0x0348 AntiVirMailService - ok
20:34:57.0165 0x0348 [ EE4CD8B219CC3C0FA73982C2791819E2, 9A7CBDD5972B9E0365C91C6ED7F286196F70DD07C1379930FA62252D943BBF00 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:34:57.0180 0x0348 AntiVirSchedulerService - ok
20:34:57.0243 0x0348 [ EE4CD8B219CC3C0FA73982C2791819E2, 9A7CBDD5972B9E0365C91C6ED7F286196F70DD07C1379930FA62252D943BBF00 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:34:57.0258 0x0348 AntiVirService - ok
20:34:57.0321 0x0348 [ 2EE6ED2CD8CEBB954B1CA2C04C8BD203, F835C59447B2EAD69BB694E16E11DE286805F1BAD17875E2CA408211F7E2F865 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:34:57.0368 0x0348 AntiVirWebService - ok
20:34:57.0399 0x0348 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
20:34:57.0415 0x0348 Appinfo - ok
20:34:57.0430 0x0348 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
20:34:57.0430 0x0348 arc - ok
20:34:57.0461 0x0348 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:34:57.0461 0x0348 arcsas - ok
20:34:57.0555 0x0348 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:34:57.0555 0x0348 aspnet_state - ok
20:34:57.0586 0x0348 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:57.0586 0x0348 AsyncMac - ok
20:34:57.0618 0x0348 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:34:57.0633 0x0348 atapi - ok
20:34:57.0680 0x0348 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:34:57.0696 0x0348 AudioEndpointBuilder - ok
20:34:57.0711 0x0348 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:34:57.0727 0x0348 Audiosrv - ok
20:34:57.0774 0x0348 [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:34:57.0774 0x0348 avgntflt - ok
20:34:57.0805 0x0348 [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:34:57.0821 0x0348 avipbb - ok
20:34:57.0852 0x0348 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:34:57.0852 0x0348 avkmgr - ok
20:34:57.0883 0x0348 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:34:57.0883 0x0348 Beep - ok
20:34:57.0930 0x0348 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:34:57.0946 0x0348 BFE - ok
20:34:58.0008 0x0348 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:34:58.0040 0x0348 BITS - ok
20:34:58.0055 0x0348 blbdrive - ok
20:34:58.0071 0x0348 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:34:58.0086 0x0348 bowser - ok
20:34:58.0102 0x0348 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:34:58.0102 0x0348 BrFiltLo - ok
20:34:58.0118 0x0348 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:34:58.0118 0x0348 BrFiltUp - ok
20:34:58.0149 0x0348 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:34:58.0149 0x0348 Browser - ok
20:34:58.0180 0x0348 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:34:58.0180 0x0348 Brserid - ok
20:34:58.0196 0x0348 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:34:58.0196 0x0348 BrSerWdm - ok
20:34:58.0211 0x0348 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:34:58.0211 0x0348 BrUsbMdm - ok
20:34:58.0227 0x0348 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:34:58.0227 0x0348 BrUsbSer - ok
20:34:58.0243 0x0348 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:34:58.0243 0x0348 BTHMODEM - ok
20:34:58.0274 0x0348 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:34:58.0290 0x0348 cdfs - ok
20:34:58.0305 0x0348 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:34:58.0321 0x0348 cdrom - ok
20:34:58.0352 0x0348 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:34:58.0352 0x0348 CertPropSvc - ok
20:34:58.0383 0x0348 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
20:34:58.0383 0x0348 circlass - ok
20:34:58.0399 0x0348 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:34:58.0430 0x0348 CLFS - ok
20:34:58.0493 0x0348 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:58.0493 0x0348 clr_optimization_v2.0.50727_32 - ok
20:34:58.0540 0x0348 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:58.0555 0x0348 clr_optimization_v4.0.30319_32 - ok
20:34:58.0571 0x0348 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:34:58.0571 0x0348 cmdide - ok
20:34:58.0602 0x0348 [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:34:58.0602 0x0348 Compbatt - ok
20:34:58.0618 0x0348 COMSysApp - ok
20:34:58.0727 0x0348 cpuz134 - ok
20:34:58.0743 0x0348 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:34:58.0758 0x0348 crcdisk - ok
20:34:58.0774 0x0348 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:34:58.0774 0x0348 Crusoe - ok
20:34:58.0805 0x0348 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:34:58.0821 0x0348 CryptSvc - ok
20:34:58.0852 0x0348 [ A3F57578DC8C3A4A6B356846EF007F41, D7E59F190EA8493D55A7B3E0C148A51BFD0CBBC3AD9DC76FA7DB9C090372CC83 ] Cwbrxd C:\Windows\CWBRXD.EXE
20:34:58.0852 0x0348 Cwbrxd - ok
20:34:58.0915 0x0348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:34:58.0946 0x0348 DcomLaunch - ok
20:34:58.0977 0x0348 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:34:58.0993 0x0348 DfsC - ok
20:34:59.0118 0x0348 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:34:59.0258 0x0348 DFSR - ok
20:34:59.0321 0x0348 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:34:59.0336 0x0348 Dhcp - ok
20:34:59.0368 0x0348 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:34:59.0368 0x0348 disk - ok
20:34:59.0399 0x0348 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:34:59.0415 0x0348 Dnscache - ok
20:34:59.0446 0x0348 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:34:59.0461 0x0348 dot3svc - ok
20:34:59.0493 0x0348 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:34:59.0508 0x0348 DPS - ok
20:34:59.0555 0x0348 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:34:59.0555 0x0348 drmkaud - ok
20:34:59.0602 0x0348 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:34:59.0649 0x0348 DXGKrnl - ok
20:34:59.0680 0x0348 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:34:59.0680 0x0348 E1G60 - ok
20:34:59.0727 0x0348 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:34:59.0727 0x0348 EapHost - ok
20:34:59.0758 0x0348 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:34:59.0774 0x0348 Ecache - ok
20:34:59.0836 0x0348 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:34:59.0852 0x0348 ehRecvr - ok
20:34:59.0883 0x0348 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:34:59.0883 0x0348 ehSched - ok
20:34:59.0899 0x0348 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:34:59.0899 0x0348 ehstart - ok
20:34:59.0946 0x0348 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:34:59.0961 0x0348 elxstor - ok
20:35:00.0024 0x0348 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:35:00.0055 0x0348 EMDMgmt - ok
20:35:00.0118 0x0348 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:35:00.0133 0x0348 EventSystem - ok
20:35:00.0165 0x0348 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:35:00.0165 0x0348 exfat - ok
20:35:00.0211 0x0348 [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:35:00.0227 0x0348 fastfat - ok
20:35:00.0243 0x0348 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:35:00.0258 0x0348 fdc - ok
20:35:00.0290 0x0348 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:35:00.0290 0x0348 fdPHost - ok
20:35:00.0321 0x0348 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:35:00.0321 0x0348 FDResPub - ok
20:35:00.0352 0x0348 [ 8787449F8EF116DB0E8E06C3555746A7, 9B0C2C160BB196AE0E43DD7C591A6B875D5862AD17B048DAEC43CF1BA271DFA4 ] FET5X86V C:\Windows\system32\DRIVERS\fetnd5bv.sys
20:35:00.0352 0x0348 FET5X86V - ok
20:35:00.0415 0x0348 [ 403BEDAD0226653BA8D05AEFC3F04A0C, 78A6559943199C2D33D43B452BDE708CC096F755D7536FF056AB8AF09C1FCF0C ] FETND6V C:\Windows\system32\DRIVERS\fetnd6v.sys
20:35:00.0415 0x0348 FETND6V - ok
20:35:00.0446 0x0348 [ B2B2C38E916184FF8523C7439DDD417F, 85B02622146478F488650771E28A311F55A503CC4F7154061E526DB0C4675FF7 ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
20:35:00.0446 0x0348 FETNDIS - ok
20:35:00.0493 0x0348 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:35:00.0493 0x0348 FileInfo - ok
20:35:00.0524 0x0348 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:35:00.0524 0x0348 Filetrace - ok
20:35:00.0555 0x0348 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:00.0555 0x0348 flpydisk - ok
20:35:00.0602 0x0348 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:35:00.0602 0x0348 FltMgr - ok
20:35:00.0680 0x0348 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:35:00.0727 0x0348 FontCache - ok
20:35:00.0790 0x0348 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:35:00.0790 0x0348 FontCache3.0.0.0 - ok
20:35:00.0821 0x0348 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:35:00.0836 0x0348 Fs_Rec - ok
20:35:00.0852 0x0348 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:35:00.0852 0x0348 gagp30kx - ok
20:35:00.0915 0x0348 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:35:00.0961 0x0348 gpsvc - ok
20:35:01.0040 0x0348 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:01.0040 0x0348 gupdate - ok
20:35:01.0055 0x0348 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:01.0071 0x0348 gupdatem - ok
20:35:01.0102 0x0348 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:01.0118 0x0348 HdAudAddService - ok
20:35:01.0165 0x0348 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:35:01.0211 0x0348 HDAudBus - ok
20:35:01.0243 0x0348 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:35:01.0243 0x0348 HidBth - ok
20:35:01.0258 0x0348 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
20:35:01.0258 0x0348 HidIr - ok
20:35:01.0305 0x0348 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:35:01.0305 0x0348 hidserv - ok
20:35:01.0336 0x0348 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:35:01.0336 0x0348 HidUsb - ok
20:35:01.0368 0x0348 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:35:01.0368 0x0348 hkmsvc - ok
20:35:01.0383 0x0348 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:35:01.0399 0x0348 HpCISSs - ok
20:35:01.0446 0x0348 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:35:01.0477 0x0348 HTTP - ok
20:35:01.0493 0x0348 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:35:01.0493 0x0348 i2omp - ok
20:35:01.0555 0x0348 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:35:01.0555 0x0348 i8042prt - ok
20:35:01.0586 0x0348 [ 294110966CEDD127629C5BE48367C8CF, A05049B96BBD2E4FAF01AF69A69F9B0B96E610EB66E68A45051FEF7E67DD846A ] iaStor C:\Windows\system32\drivers\iastor.sys
20:35:01.0602 0x0348 iaStor - ok
20:35:01.0633 0x0348 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:35:01.0649 0x0348 iaStorV - ok
20:35:01.0727 0x0348 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:35:01.0774 0x0348 idsvc - ok
20:35:01.0821 0x0348 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:35:01.0821 0x0348 iirsp - ok
20:35:01.0868 0x0348 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
20:35:01.0899 0x0348 IKEEXT - ok
20:35:02.0024 0x0348 [ 6F62BAFE6150F3952F877051C65786FE, 331E16BF61AC77592CCB02237C807E1B1E7253EB7EF70FC4EBACEFACB72903A3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:35:02.0133 0x0348 IntcAzAudAddService - ok
20:35:02.0165 0x0348 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
20:35:02.0180 0x0348 intelide - ok
20:35:02.0211 0x0348 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:35:02.0211 0x0348 intelppm - ok
20:35:02.0258 0x0348 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:35:02.0258 0x0348 IPBusEnum - ok
20:35:02.0290 0x0348 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:02.0290 0x0348 IpFilterDriver - ok
20:35:02.0321 0x0348 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:35:02.0336 0x0348 iphlpsvc - ok
20:35:02.0352 0x0348 IpInIp - ok
20:35:02.0383 0x0348 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:35:02.0383 0x0348 IPMIDRV - ok
20:35:02.0415 0x0348 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:35:02.0415 0x0348 IPNAT - ok
20:35:02.0446 0x0348 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:35:02.0446 0x0348 IRENUM - ok
20:35:02.0477 0x0348 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:35:02.0477 0x0348 isapnp - ok
20:35:02.0508 0x0348 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:35:02.0524 0x0348 iScsiPrt - ok
20:35:02.0540 0x0348 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:35:02.0540 0x0348 iteatapi - ok
20:35:02.0555 0x0348 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:35:02.0555 0x0348 iteraid - ok
20:35:02.0602 0x0348 [ C995C0E8B4503FAC38793BB0236AD246, 5147C90053C8DBAFA9A7E4457A03AA2BCF5EC1A7367526FD102D4B542CC357B0 ] JGOGO C:\Windows\system32\drivers\jgogo.sys
20:35:02.0602 0x0348 JGOGO - ok
20:35:02.0618 0x0348 [ 6568289BC2E9CA3E8082817F0933685B, FF4B60F872740EB464DF5CCF4242480B43A874E9344D5EEAD52D15079B46F963 ] JRAID C:\Windows\system32\drivers\jraid.sys
20:35:02.0618 0x0348 JRAID - ok
20:35:02.0649 0x0348 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:35:02.0649 0x0348 kbdclass - ok
20:35:02.0680 0x0348 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:35:02.0680 0x0348 kbdhid - ok
20:35:02.0696 0x0348 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:35:02.0696 0x0348 KeyIso - ok
20:35:02.0774 0x0348 [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:35:02.0790 0x0348 KSecDD - ok
20:35:02.0836 0x0348 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:35:02.0868 0x0348 KtmRm - ok
20:35:02.0899 0x0348 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:35:02.0915 0x0348 LanmanServer - ok
20:35:02.0961 0x0348 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:02.0961 0x0348 LanmanWorkstation - ok
20:35:03.0008 0x0348 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:35:03.0008 0x0348 lltdio - ok
20:35:03.0024 0x0348 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:35:03.0040 0x0348 lltdsvc - ok
20:35:03.0071 0x0348 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:35:03.0071 0x0348 lmhosts - ok
20:35:03.0102 0x0348 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:35:03.0118 0x0348 LSI_FC - ok
20:35:03.0133 0x0348 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:35:03.0133 0x0348 LSI_SAS - ok
20:35:03.0149 0x0348 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:35:03.0165 0x0348 LSI_SCSI - ok
20:35:03.0180 0x0348 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:35:03.0196 0x0348 luafv - ok
20:35:03.0211 0x0348 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:35:03.0227 0x0348 Mcx2Svc - ok
20:35:03.0243 0x0348 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
20:35:03.0258 0x0348 megasas - ok
20:35:03.0290 0x0348 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:35:03.0290 0x0348 MMCSS - ok
20:35:03.0305 0x0348 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:35:03.0305 0x0348 Modem - ok
20:35:03.0352 0x0348 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:35:03.0352 0x0348 monitor - ok
20:35:03.0383 0x0348 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:35:03.0383 0x0348 mouclass - ok
20:35:03.0399 0x0348 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:35:03.0399 0x0348 mouhid - ok
20:35:03.0446 0x0348 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:35:03.0446 0x0348 MountMgr - ok
20:35:03.0477 0x0348 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
20:35:03.0477 0x0348 mpio - ok
20:35:03.0524 0x0348 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:35:03.0524 0x0348 mpsdrv - ok
20:35:03.0571 0x0348 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:35:03.0602 0x0348 MpsSvc - ok
20:35:03.0633 0x0348 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:35:03.0633 0x0348 Mraid35x - ok
20:35:03.0680 0x0348 [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:35:03.0680 0x0348 MRxDAV - ok
20:35:03.0727 0x0348 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:03.0727 0x0348 mrxsmb - ok
20:35:03.0758 0x0348 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:03.0774 0x0348 mrxsmb10 - ok
20:35:03.0805 0x0348 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:03.0805 0x0348 mrxsmb20 - ok
20:35:03.0836 0x0348 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
20:35:03.0836 0x0348 msahci - ok
20:35:03.0852 0x0348 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:35:03.0868 0x0348 msdsm - ok
20:35:03.0883 0x0348 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:35:03.0899 0x0348 MSDTC - ok
20:35:03.0946 0x0348 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:35:03.0946 0x0348 Msfs - ok
20:35:03.0961 0x0348 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:35:03.0961 0x0348 msisadrv - ok
20:35:03.0993 0x0348 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:35:04.0008 0x0348 MSiSCSI - ok
20:35:04.0008 0x0348 msiserver - ok
20:35:04.0040 0x0348 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:35:04.0040 0x0348 MSKSSRV - ok
20:35:04.0071 0x0348 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:04.0071 0x0348 MSPCLOCK - ok
20:35:04.0086 0x0348 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:35:04.0086 0x0348 MSPQM - ok
20:35:04.0133 0x0348 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:35:04.0149 0x0348 MsRPC - ok
20:35:04.0180 0x0348 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:35:04.0196 0x0348 mssmbios - ok
20:35:04.0227 0x0348 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:35:04.0227 0x0348 MSTEE - ok
20:35:04.0258 0x0348 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:35:04.0258 0x0348 Mup - ok
20:35:04.0305 0x0348 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:35:04.0321 0x0348 napagent - ok
20:35:04.0352 0x0348 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:35:04.0352 0x0348 NativeWifiP - ok
20:35:04.0415 0x0348 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:35:04.0446 0x0348 NDIS - ok
20:35:04.0493 0x0348 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:04.0493 0x0348 NdisTapi - ok
20:35:04.0524 0x0348 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:04.0524 0x0348 Ndisuio - ok
20:35:04.0555 0x0348 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:04.0571 0x0348 NdisWan - ok
20:35:04.0586 0x0348 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:35:04.0586 0x0348 NDProxy - ok
20:35:04.0618 0x0348 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:35:04.0618 0x0348 NetBIOS - ok
20:35:04.0649 0x0348 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:35:04.0649 0x0348 netbt - ok
20:35:04.0665 0x0348 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:35:04.0665 0x0348 Netlogon - ok
20:35:04.0696 0x0348 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:35:04.0711 0x0348 Netman - ok
20:35:04.0790 0x0348 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0821 0x0348 NetMsmqActivator - ok
20:35:04.0821 0x0348 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0836 0x0348 NetPipeActivator - ok
20:35:04.0883 0x0348 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:35:04.0899 0x0348 netprofm - ok
20:35:04.0946 0x0348 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0946 0x0348 NetTcpActivator - ok
20:35:04.0961 0x0348 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:35:04.0961 0x0348 NetTcpPortSharing - ok
20:35:04.0993 0x0348 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:35:04.0993 0x0348 nfrd960 - ok
20:35:05.0040 0x0348 [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:35:05.0055 0x0348 NlaSvc - ok
20:35:05.0149 0x0348 [ 7B273501C59D52978B761F82BEBADB06, 696BFE74E63BB0F97C6884EADABC67B5A2FAA9D9057BED8B7E1E336064B0F6E7 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:35:05.0165 0x0348 NMIndexingService - ok
20:35:05.0211 0x0348 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:35:05.0211 0x0348 Npfs - ok
20:35:05.0243 0x0348 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:35:05.0243 0x0348 nsi - ok
20:35:05.0258 0x0348 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:35:05.0258 0x0348 nsiproxy - ok
20:35:05.0352 0x0348 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:35:05.0430 0x0348 Ntfs - ok
20:35:05.0446 0x0348 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:35:05.0461 0x0348 ntrigdigi - ok
20:35:05.0493 0x0348 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:35:05.0493 0x0348 Null - ok
20:35:05.0524 0x0348 [ 7D960340BE5B0E008BB94E4C3B991339, 81A90003BDC4AAC7E2D7C98CD70CAD4AB36758581A7C8E0C7CA460754758ED3A ] nvatabus C:\Windows\system32\drivers\nvatabus.sys
20:35:05.0540 0x0348 nvatabus - ok
20:35:05.0899 0x0348 [ 0AD2E0A3933AAC2A392F0C6A68E2D2F8, EDAACC7114B8A4F880A6BB074FE3FE7E6CA8550E9CCEF4360BDD846CD085B7A6 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:35:06.0165 0x0348 nvlddmkm - ok
20:35:06.0227 0x0348 [ 52F54C59A0EC7920C23638313E99E43C, C27BF4463372D05B72E8665A5D2A7F621E63C56C498530822B66BEFFEAAD008B ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:35:06.0227 0x0348 nvraid - ok
20:35:06.0243 0x0348 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:35:06.0243 0x0348 nvstor - ok
20:35:06.0258 0x0348 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:35:06.0258 0x0348 nv_agp - ok
20:35:06.0274 0x0348 NwlnkFlt - ok
20:35:06.0290 0x0348 NwlnkFwd - ok
20:35:06.0321 0x0348 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:35:06.0321 0x0348 ohci1394 - ok
20:35:06.0383 0x0348 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:35:06.0415 0x0348 p2pimsvc - ok
20:35:06.0446 0x0348 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:35:06.0461 0x0348 p2psvc - ok
20:35:06.0493 0x0348 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
20:35:06.0493 0x0348 Parport - ok
20:35:06.0508 0x0348 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:35:06.0524 0x0348 partmgr - ok
20:35:06.0524 0x0348 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:35:06.0524 0x0348 Parvdm - ok
20:35:06.0555 0x0348 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:35:06.0555 0x0348 PcaSvc - ok
20:35:06.0602 0x0348 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:35:06.0602 0x0348 pci - ok
20:35:06.0618 0x0348 [ 3B1901E401473E03EB8C874271E50C26, 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72 ] pciide C:\Windows\system32\drivers\pciide.sys
20:35:06.0618 0x0348 pciide - ok
20:35:06.0649 0x0348 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:35:06.0649 0x0348 pcmcia - ok
20:35:06.0696 0x0348 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:35:06.0743 0x0348 PEAUTH - ok
20:35:06.0836 0x0348 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:35:06.0899 0x0348 pla - ok
20:35:06.0946 0x0348 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:35:06.0961 0x0348 PlugPlay - ok
20:35:07.0008 0x0348 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:35:07.0024 0x0348 PNRPAutoReg - ok
20:35:07.0071 0x0348 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:35:07.0086 0x0348 PNRPsvc - ok
20:35:07.0133 0x0348 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:35:07.0149 0x0348 PolicyAgent - ok
20:35:07.0180 0x0348 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:35:07.0180 0x0348 PptpMiniport - ok
20:35:07.0196 0x0348 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
20:35:07.0211 0x0348 Processor - ok
20:35:07.0243 0x0348 [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc C:\Windows\system32\profsvc.dll
20:35:07.0243 0x0348 ProfSvc - ok
20:35:07.0258 0x0348 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:07.0258 0x0348 ProtectedStorage - ok
20:35:07.0290 0x0348 [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] ProtexisLicensing c:\Windows\system32\PSIService.exe
20:35:07.0305 0x0348 ProtexisLicensing - ok
20:35:07.0336 0x0348 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:35:07.0336 0x0348 PSched - ok
20:35:07.0415 0x0348 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:35:07.0461 0x0348 ql2300 - ok
20:35:07.0477 0x0348 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:35:07.0493 0x0348 ql40xx - ok
20:35:07.0540 0x0348 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:35:07.0555 0x0348 QWAVE - ok
20:35:07.0571 0x0348 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:35:07.0571 0x0348 QWAVEdrv - ok
20:35:07.0586 0x0348 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:35:07.0586 0x0348 RasAcd - ok
20:35:07.0618 0x0348 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:35:07.0633 0x0348 RasAuto - ok
20:35:07.0649 0x0348 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:07.0649 0x0348 Rasl2tp - ok
20:35:07.0696 0x0348 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:35:07.0711 0x0348 RasMan - ok
20:35:07.0727 0x0348 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:07.0743 0x0348 RasPppoe - ok
20:35:07.0758 0x0348 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:35:07.0758 0x0348 RasSstp - ok
20:35:07.0790 0x0348 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:35:07.0805 0x0348 rdbss - ok
20:35:07.0821 0x0348 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:07.0821 0x0348 RDPCDD - ok
20:35:07.0868 0x0348 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:35:07.0883 0x0348 rdpdr - ok
20:35:07.0899 0x0348 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:35:07.0899 0x0348 RDPENCDD - ok
20:35:07.0961 0x0348 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:35:07.0961 0x0348 RDPWD - ok
20:35:08.0290 0x0348 [ 04F11302AB2AF61EFA696D8EDF6EE757, 15CEB71E54CF3B580EC5BCB6C0DE7C14560E4F4A157846C873D382D9CC06C585 ] ReimageRealTimeProtector C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
20:35:08.0430 0x0348 ReimageRealTimeProtector - ok
20:35:08.0493 0x0348 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:35:08.0493 0x0348 RemoteAccess - ok
20:35:08.0524 0x0348 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:35:08.0540 0x0348 RemoteRegistry - ok
20:35:08.0571 0x0348 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:35:08.0571 0x0348 RpcLocator - ok
20:35:08.0602 0x0348 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:35:08.0618 0x0348 RpcSs - ok
20:35:08.0649 0x0348 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:35:08.0665 0x0348 rspndr - ok
20:35:08.0680 0x0348 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
20:35:08.0680 0x0348 SamSs - ok
20:35:08.0696 0x0348 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:35:08.0711 0x0348 sbp2port - ok
20:35:08.0743 0x0348 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:35:08.0743 0x0348 SCardSvr - ok
20:35:08.0805 0x0348 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
20:35:08.0836 0x0348 Schedule - ok
20:35:08.0868 0x0348 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
20:35:08.0868 0x0348 SCPolicySvc - ok
20:35:08.0899 0x0348 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:35:08.0915 0x0348 SDRSVC - ok
20:35:08.0930 0x0348 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:35:08.0930 0x0348 secdrv - ok
20:35:08.0946 0x0348 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
20:35:08.0946 0x0348 seclogon - ok
20:35:08.0977 0x0348 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
20:35:08.0993 0x0348 SENS - ok
20:35:09.0024 0x0348 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:35:09.0024 0x0348 Serenum - ok
20:35:09.0040 0x0348 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:35:09.0055 0x0348 Serial - ok
20:35:09.0071 0x0348 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:35:09.0071 0x0348 sermouse - ok
20:35:09.0133 0x0348 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
20:35:09.0149 0x0348 SessionEnv - ok
20:35:09.0180 0x0348 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:35:09.0180 0x0348 sffdisk - ok
20:35:09.0196 0x0348 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:35:09.0196 0x0348 sffp_mmc - ok
20:35:09.0211 0x0348 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:35:09.0211 0x0348 sffp_sd - ok
20:35:09.0227 0x0348 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:09.0227 0x0348 sfloppy - ok
20:35:09.0290 0x0348 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:35:09.0305 0x0348 SharedAccess - ok
20:35:09.0352 0x0348 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:09.0368 0x0348 ShellHWDetection - ok
20:35:09.0399 0x0348 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:35:09.0399 0x0348 sisagp - ok
20:35:09.0430 0x0348 [ B8A2F8DCDC75F19962D975727F393920, 54C2E44D5D675ED2FEAAC0A2053CCEFB2DF7EA326C07C36D80CF190EFE32A7D0 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:35:09.0430 0x0348 SiSRaid2 - ok
20:35:09.0461 0x0348 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:35:09.0461 0x0348 SiSRaid4 - ok
20:35:09.0680 0x0348 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
20:35:09.0805 0x0348 slsvc - ok
20:35:09.0852 0x0348 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:35:09.0868 0x0348 SLUINotify - ok
20:35:09.0883 0x0348 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:35:09.0883 0x0348 Smb - ok
20:35:09.0915 0x0348 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:35:09.0930 0x0348 SNMPTRAP - ok
20:35:09.0946 0x0348 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
20:35:09.0961 0x0348 spldr - ok
20:35:09.0977 0x0348 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
20:35:09.0993 0x0348 Spooler - ok
20:35:10.0024 0x0348 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
20:35:10.0040 0x0348 srv - ok
20:35:10.0071 0x0348 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:35:10.0071 0x0348 srv2 - ok
20:35:10.0102 0x0348 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:35:10.0102 0x0348 srvnet - ok
20:35:10.0149 0x0348 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:35:10.0149 0x0348 SSDPSRV - ok
20:35:10.0196 0x0348 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:35:10.0196 0x0348 ssmdrv - ok
20:35:10.0243 0x0348 [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
20:35:10.0243 0x0348 SSPORT - ok
20:35:10.0290 0x0348 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:35:10.0290 0x0348 SstpSvc - ok
20:35:10.0352 0x0348 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
20:35:10.0383 0x0348 stisvc - ok
20:35:10.0399 0x0348 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:35:10.0415 0x0348 swenum - ok
20:35:10.0461 0x0348 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
20:35:10.0477 0x0348 swprv - ok
20:35:10.0508 0x0348 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:35:10.0508 0x0348 Symc8xx - ok
20:35:10.0540 0x0348 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:35:10.0540 0x0348 Sym_hi - ok
20:35:10.0571 0x0348 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:35:10.0571 0x0348 Sym_u3 - ok
20:35:10.0633 0x0348 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
20:35:10.0665 0x0348 SysMain - ok
20:35:10.0696 0x0348 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:10.0696 0x0348 TabletInputService - ok
20:35:10.0743 0x0348 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:35:10.0758 0x0348 TapiSrv - ok
20:35:10.0790 0x0348 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
20:35:10.0805 0x0348 TBS - ok
20:35:10.0868 0x0348 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:35:10.0930 0x0348 Tcpip - ok
20:35:10.0993 0x0348 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:35:11.0024 0x0348 Tcpip6 - ok
20:35:11.0071 0x0348 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:35:11.0071 0x0348 tcpipreg - ok
20:35:11.0102 0x0348 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:35:11.0102 0x0348 TDPIPE - ok
20:35:11.0133 0x0348 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:35:11.0133 0x0348 TDTCP - ok
20:35:11.0180 0x0348 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:35:11.0180 0x0348 tdx - ok
20:35:11.0211 0x0348 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:35:11.0211 0x0348 TermDD - ok
20:35:11.0258 0x0348 [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService C:\Windows\System32\termsrv.dll
20:35:11.0290 0x0348 TermService - ok
20:35:11.0352 0x0348 [ 8C80A73A5D77B2208CA91E4FA269981D, 41F9A0B8C262D5AF4F5F4BFCF387AA859E2FEF77C3D429FFF8763B0C2A314952 ] TestHandler C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
20:35:11.0368 0x0348 TestHandler - ok
20:35:11.0399 0x0348 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
20:35:11.0415 0x0348 Themes - ok
20:35:11.0430 0x0348 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
20:35:11.0430 0x0348 THREADORDER - ok
20:35:11.0461 0x0348 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
20:35:11.0477 0x0348 TrkWks - ok
20:35:11.0524 0x0348 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:11.0540 0x0348 TrustedInstaller - ok
20:35:11.0586 0x0348 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:11.0586 0x0348 tssecsrv - ok
20:35:11.0618 0x0348 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:35:11.0618 0x0348 tunmp - ok
20:35:11.0633 0x0348 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:35:11.0633 0x0348 tunnel - ok
20:35:11.0680 0x0348 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:35:11.0680 0x0348 uagp35 - ok
20:35:11.0727 0x0348 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:35:11.0727 0x0348 udfs - ok
20:35:11.0790 0x0348 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:35:11.0790 0x0348 UI0Detect - ok
20:35:11.0821 0x0348 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:35:11.0821 0x0348 uliagpkx - ok
20:35:11.0868 0x0348 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:35:11.0868 0x0348 uliahci - ok
20:35:11.0915 0x0348 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:35:11.0915 0x0348 UlSata - ok
20:35:11.0930 0x0348 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:35:11.0946 0x0348 ulsata2 - ok
20:35:11.0961 0x0348 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:35:11.0961 0x0348 umbus - ok
20:35:11.0993 0x0348 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
20:35:12.0008 0x0348 upnphost - ok
20:35:12.0102 0x0348 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:35:12.0149 0x0348 UPnPService - ok
20:35:12.0180 0x0348 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:12.0196 0x0348 usbccgp - ok
20:35:12.0211 0x0348 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:35:12.0227 0x0348 usbcir - ok
20:35:12.0243 0x0348 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:35:12.0243 0x0348 usbehci - ok
20:35:12.0290 0x0348 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:35:12.0305 0x0348 usbhub - ok
20:35:12.0321 0x0348 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:35:12.0321 0x0348 usbohci - ok
20:35:12.0368 0x0348 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:35:12.0368 0x0348 usbprint - ok
20:35:12.0383 0x0348 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:12.0399 0x0348 USBSTOR - ok
20:35:12.0415 0x0348 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:35:12.0415 0x0348 usbuhci - ok
20:35:12.0446 0x0348 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
20:35:12.0446 0x0348 UxSms - ok
20:35:12.0493 0x0348 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
20:35:12.0524 0x0348 vds - ok
20:35:12.0555 0x0348 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:12.0555 0x0348 vga - ok
20:35:12.0571 0x0348 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:35:12.0571 0x0348 VgaSave - ok
20:35:12.0602 0x0348 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:35:12.0602 0x0348 viaagp - ok
20:35:12.0618 0x0348 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:35:12.0618 0x0348 ViaC7 - ok
20:35:12.0649 0x0348 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
20:35:12.0649 0x0348 viaide - ok
20:35:12.0680 0x0348 [ 9F3F276C7300ED211129757A411B605F, 240C4A2C2F581A1DDEDB44F770D172779C16652F02EA63F5F5F7B14DCCFF9885 ] viamraid C:\Windows\system32\drivers\viamraid.sys
20:35:12.0696 0x0348 viamraid - ok
20:35:12.0711 0x0348 [ AA3E6722843540B9C8EC5257E3D4B675, A3C24654978A604837F85D88C2A6ACB9C552728673213A3BB79A1B7ECE33C7E5 ] ViBus C:\Windows\system32\DRIVERS\ViBus.sys
20:35:12.0711 0x0348 ViBus - ok
20:35:12.0727 0x0348 [ A1B7CFFE5F09B825FBA506C4DE9FDAC7, C238802B5BA4E99ED57F84C8417DF3C8269527340D20DA0AFC0050E9A611E7EE ] ViPrt C:\Windows\system32\DRIVERS\ViPrt.sys
20:35:12.0727 0x0348 ViPrt - ok
20:35:12.0758 0x0348 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:35:12.0758 0x0348 volmgr - ok
20:35:12.0805 0x0348 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:35:12.0821 0x0348 volmgrx - ok
20:35:12.0836 0x0348 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:35:12.0852 0x0348 volsnap - ok
20:35:12.0883 0x0348 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:35:12.0883 0x0348 vsmraid - ok
20:35:12.0977 0x0348 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
20:35:13.0040 0x0348 VSS - ok
20:35:13.0071 0x0348 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
20:35:13.0086 0x0348 W32Time - ok
20:35:13.0118 0x0348 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:35:13.0133 0x0348 WacomPen - ok
20:35:13.0165 0x0348 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:35:13.0165 0x0348 Wanarp - ok
20:35:13.0180 0x0348 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:35:13.0180 0x0348 Wanarpv6 - ok
20:35:13.0227 0x0348 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:35:13.0258 0x0348 wcncsvc - ok
20:35:13.0290 0x0348 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:13.0290 0x0348 WcsPlugInService - ok
20:35:13.0321 0x0348 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
20:35:13.0321 0x0348 Wd - ok
20:35:13.0383 0x0348 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:35:13.0446 0x0348 Wdf01000 - ok
20:35:13.0477 0x0348 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:35:13.0493 0x0348 WdiServiceHost - ok
20:35:13.0524 0x0348 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:35:13.0524 0x0348 WdiSystemHost - ok
20:35:13.0555 0x0348 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
20:35:13.0571 0x0348 WebClient - ok
20:35:13.0618 0x0348 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:35:13.0633 0x0348 Wecsvc - ok
20:35:13.0649 0x0348 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:35:13.0665 0x0348 wercplsupport - ok
20:35:13.0680 0x0348 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
20:35:13.0696 0x0348 WerSvc - ok
20:35:13.0743 0x0348 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:35:13.0758 0x0348 WinDefend - ok
20:35:13.0774 0x0348 WinHttpAutoProxySvc - ok
20:35:13.0836 0x0348 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:35:13.0852 0x0348 Winmgmt - ok
20:35:13.0930 0x0348 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
20:35:14.0008 0x0348 WinRM - ok
20:35:14.0071 0x0348 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:35:14.0102 0x0348 Wlansvc - ok
20:35:14.0133 0x0348 [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:35:14.0133 0x0348 WmiAcpi - ok
20:35:14.0180 0x0348 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:35:14.0180 0x0348 wmiApSrv - ok
20:35:14.0274 0x0348 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:35:14.0321 0x0348 WMPNetworkSvc - ok
20:35:14.0368 0x0348 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:35:14.0383 0x0348 WPCSvc - ok
20:35:14.0430 0x0348 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:35:14.0430 0x0348 WPDBusEnum - ok
20:35:14.0508 0x0348 [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:35:14.0571 0x0348 WPFFontCache_v0400 - ok
20:35:14.0618 0x0348 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:35:14.0618 0x0348 ws2ifsl - ok
20:35:14.0649 0x0348 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
20:35:14.0665 0x0348 wscsvc - ok
20:35:14.0665 0x0348 WSearch - ok
20:35:14.0790 0x0348 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:35:14.0899 0x0348 wuauserv - ok
20:35:14.0946 0x0348 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:35:14.0946 0x0348 WudfPf - ok
20:35:14.0977 0x0348 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:14.0993 0x0348 WUDFRd - ok
20:35:15.0024 0x0348 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:35:15.0024 0x0348 wudfsvc - ok
20:35:15.0040 0x0348 ================ Scan global ===============================
20:35:15.0071 0x0348 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:35:15.0118 0x0348 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:35:15.0165 0x0348 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:35:15.0227 0x0348 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:35:15.0243 0x0348 [ Global ] - ok
20:35:15.0243 0x0348 ================ Scan MBR ==================================
20:35:15.0258 0x0348 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:35:15.0477 0x0348 \Device\Harddisk0\DR0 - ok
20:35:15.0477 0x0348 ================ Scan VBR ==================================
20:35:15.0493 0x0348 [ 3C9D639152C51E2C52EE5E61AB7F50D1 ] \Device\Harddisk0\DR0\Partition1
20:35:15.0524 0x0348 \Device\Harddisk0\DR0\Partition1 - ok
20:35:15.0524 0x0348 [ FA887DC50D3082A584D697C8DC0AB4E6 ] \Device\Harddisk0\DR0\Partition2
20:35:15.0540 0x0348 \Device\Harddisk0\DR0\Partition2 - ok
20:35:15.0540 0x0348 ================ Scan generic autorun ======================
20:35:15.0649 0x0348 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
20:35:15.0696 0x0348 Windows Defender - ok
20:35:15.0930 0x0348 [ A659F31AC25418738351E5BDF4C85780, 771CB4EEFAA83DD7319165483869688C69D76349526953FDE5D973945B6CC337 ] C:\Windows\RtHDVCpl.exe
20:35:16.0243 0x0348 RtHDVCpl - ok
20:35:16.0383 0x0348 [ 3A9DE49EF4BED133B49B53A6016C945B, A8997BC00ABFF5649141C3521CCAB869BECC326EBB849900E2E379BD32241917 ] c:\RecInfo\RecInfo.exe
20:35:16.0477 0x0348 recinfo87 - ok
20:35:16.0540 0x0348 [ E1D9F07E9C2326BD5601088A696AE50D, 00EB3577AD124978514447E72D52D3E4FE69A7D4F121724EA957F42FCBA1BCCC ] C:\SFIRM32\sfWinStartupInfo.exe
20:35:16.0696 0x0348 SfWinStartInfo - ok
20:35:16.0727 0x0348 [ B095A0801BFF93BF50A6D02FDC8E1834, 461827669073807821FBEDF856FC23B82E682F40004B4A6786A29440122E62D6 ] C:\Program Files\Microsoft Works\wkfud.exe
20:35:16.0727 0x0348 WorksFUD - ok
20:35:16.0774 0x0348 [ 9704788592E8EEAEE0101E4EF1920CBC, 866E4CB1940453488A73D118413757201E73E46E2014E98C23290B3781480CE2 ] C:\Program Files\Microsoft Works\WksSb.exe
20:35:16.0790 0x0348 Microsoft Works Portfolio - ok
20:35:16.0805 0x0348 [ FAC2EFDA52558D9D64115F649B6A333E, 97C1EB878FDFC3AB7FC201EE1584E333D9DDEAFBCB4A50383B6E40F97E1CDFD5 ] C:\Program Files\Microsoft Works\WkDetect.exe
20:35:16.0805 0x0348 Microsoft Works Update Detection - ok
20:35:16.0836 0x0348 [ 9C509FFFE391A3C9B11F07D6BB0CD98F, B8FAA37682E1C8D865A464F03FB52FD19378351029F8528708464E4584BB2641 ] C:\Program Files\IBM\Client Access\cwbsvstr.exe
20:35:16.0836 0x0348 Client Access Service - ok
20:35:16.0915 0x0348 [ 4CB8FD50DDA9D28A68A7A27D06768B40, 9F19C2B517041EB0AE342DF857C619FAEECAFB05455D8225EDD23572D0241532 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:35:16.0946 0x0348 avgnt - ok
20:35:17.0055 0x0348 [ D373E15EB5E2E463EF01CF7BD8D7A1DF, C3422CC25E3591F3A65CE58CE1187A93AA6F71D2976BB67A604473E3C998BEE1 ] C:\Windows\Skytel.exe
20:35:17.0149 0x0348 Skytel - ok
20:35:17.0165 0x0348 NvSvc - ok
20:35:17.0180 0x0348 NvCplDaemon - ok
20:35:17.0180 0x0348 NvMediaCenter - ok
20:35:17.0274 0x0348 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:35:17.0321 0x0348 Adobe ARM - ok
20:35:17.0430 0x0348 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:35:17.0493 0x0348 Sidebar - ok
20:35:17.0508 0x0348 WindowsWelcomeCenter - ok
20:35:17.0571 0x0348 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:35:17.0618 0x0348 Sidebar - ok
20:35:17.0633 0x0348 WindowsWelcomeCenter - ok
20:35:17.0633 0x0348 Waiting for KSN requests completion. In queue: 322
20:35:18.0633 0x0348 Waiting for KSN requests completion. In queue: 322
20:35:19.0633 0x0348 Waiting for KSN requests completion. In queue: 8
20:35:20.0680 0x0348 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.8.532 ), 0x41000 ( enabled : updated )
20:35:20.0758 0x0348 Win FW state via NFP2: enabled
20:35:23.0149 0x0348 ============================================================
20:35:23.0149 0x0348 Scan finished
20:35:23.0149 0x0348 ============================================================
20:35:23.0165 0x0128 Detected object count: 0
20:35:23.0165 0x0128 Actual detected object count: 0
heut Vormittag erhöhtes Spamaufkommen. Eine Mailbox wurde vom Provider gesperrt vermutlich wegen genau dieses Problems. Geändert von HerrOK (22.03.2015 um 20:44 Uhr) |
|
23.03.2015, 18:36
| #10 |
| /// the machine /// TB-Ausbilder | dhl trojaner- Vista - gewerblich - war schon aktiv hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu dhl trojaner- Vista - gewerblich - war schon aktiv |
| adware, antivir, avg, avira, browser, desktop, entfernen, firefox, flash player, helper, home, iexplore.exe, internet, internet explorer, kaspersky, programm, prozesse, registry, rundll, services.exe, software, svchost.exe, trojaner, vista, windows |
WARNUNG an die MITLESER: 
Hybrid-Darstellung
