| |
| |||||||
Log-Analyse und Auswertung: UPS Phishing Mail geöffnet uns auf Link geklicktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2015, 21:14
| #1 |
 |  UPS Phishing Mail geöffnet uns auf Link geklickt Hallo zusammen, ich habe heute eine Phishing Mail von UPS erhalten und ohne die Mail genauer anzuschauen auf den Link geklickt. Es wurde eine ZIP-Datei heruntergeladen. Ob sie automatisch installiert wurde kann ich nicht sagen. Normalerweise sehe ich mir die Mails immer genau an. Aber ich erwarte gerade ein Paket aus den USA und habe deswegen erst beim klicken an eine Phishing Mail gedacht. Da war es schon zuspät. Ich habe FRST und Gamer drüber laufen lassen und die Logs gespeichert. Beim Gamer wurde etwas gefunden. Könnt Ihr mir helfen was ich zu tun habe? Ich benutze den Rechner zum Arbeiten und bin somit momentan aufgeschmissen. Danke! Hier ist das Log vom FRST ---------------------------------------------------------------------------------- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 19-03-2015 20:15:25 Running from C:\Users\Schüle\Eigene Dateien\Downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE () C:\Program Files\Common Files\AAV\aavus.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () C:\Users\Schüle\Documents\Downloads\Defogger (4).exe (Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [ccApp] => c:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation) HKLM\...\Run: [osCheck] => c:\Program Files\Norton 360\osCheck.exe [988512 2008-02-25] (Symantec Corporation) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2009-03-31] (Symantec Corporation) BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll [2008-09-11] (Symantec Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) Toolbar: HKLM - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31] (Symantec Corporation) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31] (Symantec Corporation) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11] FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08] FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22] CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22] CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22] CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09] CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed] R2 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation) R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation) R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation) S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-21] (Symantec Corporation) R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed] R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S3 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation) R2 LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-09-11] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation) R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-03-16] (Symantec Corporation) R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys [272432 2009-03-18] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed] R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2009-03-17] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-01-31] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-01-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-01-31] (Symantec Corporation) R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-04-16] (Symantec Corporation) R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation) R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation) R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH) S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090612.003\NAVENG.SYS [X] S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090612.003\NAVEX15.SYS [X] S3 Netaapl; system32\DRIVERS\netaapl.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:22 - 2015-03-19 20:15 - 00000000 ____D () C:\FRST 2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable 2015-03-19 14:23 - 2015-03-19 16:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 14:22 - 2015-03-19 14:22 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-19 14:22 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 14:22 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 14:22 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp 2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp 2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt 2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt# 2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt 2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp 2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp 2015-02-20 19:13 - 2015-02-20 23:43 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\BOM 2015-02-20 19:13 - 2015-02-20 19:14 - 00000000 ____D () C:\Program Files\Biet-O-Matic 2015-02-20 19:13 - 2015-02-20 19:13 - 00000836 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk 2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2015-02-20 19:13 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\system32\Inetde.dll 2015-02-20 19:13 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx 2015-02-20 19:13 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winskde.dll 2015-02-20 19:13 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\stdftde.dll 2015-02-20 19:13 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Mscmcde.dll 2015-02-20 19:13 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Tabctde.dll 2015-02-20 19:13 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\system32\Tabctl32.ocx 2015-02-19 17:10 - 2015-02-19 17:10 - 00000000 ____D () C:\Users\Schüle\Desktop\Neuer Ordner 2015-02-19 16:59 - 2015-02-19 16:59 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-19 16:59 - 2015-02-19 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-19 16:58 - 2015-02-19 16:58 - 00000000 ____D () C:\Program Files\iPod 2015-02-19 16:57 - 2015-02-19 16:59 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-02-19 16:57 - 2015-02-19 16:59 - 00000000 ____D () C:\Program Files\iTunes 2015-02-17 21:43 - 2015-02-17 21:43 - 00142656 _____ () C:\Windows\Minidump\Mini021715-02.dmp 2015-02-17 21:40 - 2015-02-17 21:40 - 00142656 _____ () C:\Windows\Minidump\Mini021715-01.dmp 2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 20:14 - 2009-03-06 11:09 - 01612840 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 20:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-19 20:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-19 19:46 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-19 19:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle 2015-03-19 16:01 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-03-19 16:00 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-19 15:59 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-03-19 15:59 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001 2015-03-19 15:59 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-03-19 15:59 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-19 15:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 14:46 - 2008-01-21 03:47 - 00109740 _____ () C:\Windows\PFRO.log 2015-03-19 13:33 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump 2015-03-19 13:32 - 2010-12-17 14:30 - 140545670 _____ () C:\Windows\MEMORY.DMP 2015-03-19 00:36 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat 2015-03-18 15:10 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc 2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss 2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia 2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log 2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15 2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird 2015-02-19 16:58 - 2009-05-13 21:52 - 00000000 ____D () C:\Program Files\Common Files\Apple ==================== Files in the root of some directories ======= 2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt 2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat 2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log 2010-08-14 19:32 - 2015-03-19 15:59 - 0027934 _____ () C:\ProgramData\nvModes.001 2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Schüle\AppData\Local\Temp\avguidx.dll C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Schüle\AppData\Local\Temp\symlcsv1.exe C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Schüle\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Schüle\AppData\Local\Temp\ytb.exe C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-19 16:05 ==================== End Of Log ============================ --- --- --- --- --- --- ---------------------------------------------------------------------------------- und das vom Gamer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-19 20:50:06
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000069 Hitachi_ rev.FB4O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\SCHLE~1\AppData\Local\Temp\awdirkoc.sys
---- System - GMER 2.1 ----
SSDT 86C40D48 ZwAlertResumeThread
SSDT 86C40E28 ZwAlertThread
SSDT 86ACB358 ZwAllocateVirtualMemory
SSDT 86AC5338 ZwAlpcConnectPort
SSDT 865B2888 ZwCreateMutant
SSDT 86960348 ZwCreateThread
SSDT 86CC3710 ZwDebugActiveProcess
SSDT 865B3648 ZwFreeVirtualMemory
SSDT 86C3B7D8 ZwImpersonateAnonymousToken
SSDT 86CC2A30 ZwImpersonateThread
SSDT 865B3568 ZwMapViewOfSection
SSDT 86C3DAB0 ZwOpenEvent
SSDT 86ACB428 ZwOpenProcessToken
SSDT 86C3AAF8 ZwOpenThreadToken
SSDT 869B4B48 ZwResumeThread
SSDT 86C3AA18 ZwSetContextThread
SSDT 865B03E0 ZwSetInformationProcess
SSDT 86C3C8F8 ZwSetInformationThread
SSDT 865B32C8 ZwSuspendProcess
SSDT 86C40F70 ZwSuspendThread
SSDT 86C3D8A8 ZwTerminateProcess
SSDT 86C3C818 ZwTerminateThread
SSDT 865B04D0 ZwUnmapViewOfSection
SSDT 86C3C0F0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 350 820BD974 8 Bytes [48, 0D, C4, 86, 28, 0E, C4, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 820BD988 4 Bytes [58, B3, AC, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 370 820BD994 4 Bytes [38, 53, AC, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 428 820BDA4C 4 Bytes [88, 28, 5B, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 454 820BDA78 4 Bytes [48, 03, 96, 86]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DC04340, 0x3EDF57, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtCreateFile + 6 77A17C7E 4 Bytes [28, 38, B0, 00] {SUB [EAX], BH; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtCreateFile + B 77A17C83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtMapViewOfSection + 6 77A183CE 4 Bytes [28, 3B, B0, 00] {SUB [EBX], BH; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtMapViewOfSection + B 77A183D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenFile + 6 77A1845E 4 Bytes [68, 38, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenFile + B 77A18463 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcess + 6 77A184DE 4 Bytes [A8, 39, B0, 00] {TEST AL, 0x39; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcess + B 77A184E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessToken + 6 77A184EE 4 Bytes CALL 76A2352C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessToken + B 77A184F3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessTokenEx + 6 77A184FE 4 Bytes [A8, 3A, B0, 00] {TEST AL, 0x3a; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessTokenEx + B 77A18503 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThread + 6 77A1854E 4 Bytes [68, 39, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThread + B 77A18553 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadToken + 6 77A1855E 4 Bytes [68, 3A, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadToken + B 77A18563 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadTokenEx + 6 77A1856E 4 Bytes CALL 76A235AD C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadTokenEx + B 77A18573 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryAttributesFile + 6 77A185FE 4 Bytes [A8, 38, B0, 00] {TEST AL, 0x38; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryAttributesFile + B 77A18603 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryFullAttributesFile + 6 77A186AE 4 Bytes CALL 76A236EB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryFullAttributesFile + B 77A186B3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationFile + 6 77A18B8E 4 Bytes [28, 39, B0, 00] {SUB [ECX], BH; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationFile + B 77A18B93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationThread + 6 77A18BDE 4 Bytes [28, 3A, B0, 00] {SUB [EDX], BH; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationThread + B 77A18BE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtUnmapViewOfSection + 6 77A18E7E 4 Bytes [68, 3B, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtUnmapViewOfSection + B 77A18E83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtCreateFile + 6 77A17C7E 4 Bytes [28, D0, C4, 00] {SUB AL, DL; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtCreateFile + B 77A17C83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtMapViewOfSection + 6 77A183CE 4 Bytes [28, D3, C4, 00] {SUB BL, DL; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtMapViewOfSection + B 77A183D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenFile + 6 77A1845E 4 Bytes [68, D0, C4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenFile + B 77A18463 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcess + 6 77A184DE 4 Bytes [A8, D1, C4, 00] {TEST AL, 0xd1; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcess + B 77A184E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessToken + 6 77A184EE 4 Bytes CALL 76A249C4 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessToken + B 77A184F3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessTokenEx + 6 77A184FE 4 Bytes [A8, D2, C4, 00] {TEST AL, 0xd2; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessTokenEx + B 77A18503 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThread + 6 77A1854E 4 Bytes [68, D1, C4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThread + B 77A18553 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadToken + 6 77A1855E 4 Bytes [68, D2, C4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadToken + B 77A18563 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadTokenEx + 6 77A1856E 4 Bytes CALL 76A24A45 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadTokenEx + B 77A18573 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryAttributesFile + 6 77A185FE 4 Bytes [A8, D0, C4, 00] {TEST AL, 0xd0; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryAttributesFile + B 77A18603 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryFullAttributesFile + 6 77A186AE 4 Bytes CALL 76A24B83 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryFullAttributesFile + B 77A186B3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationFile + 6 77A18B8E 4 Bytes [28, D1, C4, 00] {SUB CL, DL; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationFile + B 77A18B93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationThread + 6 77A18BDE 4 Bytes [28, D2, C4, 00] {SUB DL, DL; LES EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationThread + B 77A18BE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtUnmapViewOfSection + 6 77A18E7E 4 Bytes [68, D3, C4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtUnmapViewOfSection + B 77A18E83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + 6 77A183CE 4 Bytes [18, 20, C9, 74]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + B 77A183D3 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 843A2A90
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
------------------------------------------------------------------------------------
Geändert von ga-bwler (19.03.2015 um 21:22 Uhr) |
|
19.03.2015, 21:17
| #2 |
| /// the machine /// TB-Ausbilder    | UPS Phishing Mail geöffnet uns auf Link geklickt Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Addition.txt fehlt noch.
__________________ |
|
19.03.2015, 21:41
| #3 | ||
| | UPS Phishing Mail geöffnet uns auf Link geklicktZitat:
ich habe die Email im Webmail angeklickt (also nicht komlett geöffnet) und im Vorschaufenster auf die Kontrollnummer 1x geklickt. Daraufhin wurde eine Zip-Datei heruntergeladen. Diese habe ich auch in den Downloads gefunden aber natürlich nicht mehr angeklickt. Der Laptop ist bereits etwas älter, deshalb noch Vista. Der alte Rechner hat sich verabschiedet deshalb bin ich momentan auf den Laptop angewiesn. Der neue ist aber bereits bestellt und ich muss nur eine kurze Zeit überbrücken. Also nicht so schlimm.  Die addition.txt von FRST werde ich auch posten. Zitat:
aber wo finde ich die addition.txt? In der Anleitung heisst es diese wird auf dem Desktop gespeichert. Da ist aber nichts. Grüße |
|
20.03.2015, 06:48
| #4 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Das steht in der Anleitung, korrekt. ABer da steht auch du sollst FRST auf dem Desktop speichern. Hast du nicht gemacht, deshalb schau mal im Download Ordner 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2015, 20:53
| #5 | |
| | UPS Phishing Mail geöffnet uns auf Link geklicktZitat:
ich hoffe das ist die Datei Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 20-03-2015 20:49:35 Running from C:\Users\Schüle\Eigene Dateien\Downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\Common Files\AAV\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11] FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08] FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22] CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22] CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22] CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09] CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22] |
|
21.03.2015, 11:22
| #6 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Nee. Dann anders: FRST öffnen, Haken setzen bei Addition und scannen, es öffnen sich automatisch 2 Logs. Beide hier in Codetags in den Thread posten.
__________________ --> UPS Phishing Mail geöffnet uns auf Link geklickt |
|
22.03.2015, 10:10
| #7 | |
| | UPS Phishing Mail geöffnet uns auf Link geklicktZitat:
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Schüle at 2015-03-22 10:05:28
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Amicron-Faktura 11.0 © Amicron Software (HKLM\...\Amicron-Faktura 11.0) (Version: - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.4.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Comodo BackUp (HKLM\...\Comodo BackUp) (Version: 1.0.4.337 - COMODO)
DELISprint (HKLM\...\{9480CCD5-BB18-4DF3-AB18-04198B30DD62}) (Version: 5.6.7.0 - DPD)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
EOS USB WIA Driver (HKLM\...\EOS USB WIA Driver) (Version: 6.0.1.5 - Canon Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Firebird 2.5.2.26540 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hardcopy (C:\Program Files\Hardcopy) (HKLM\...\Hardcopy(C__Program Files_Hardcopy)) (Version: 17.0.15 - )
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
InfoBibliothek (HKLM\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version: - Akademische Arbeitsgemeinschaft)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MPM (HKLM\...\{7ABD82AD-E13E-4673-A450-0890D43C8F9D}) (Version: 1.00.0000 - Hewlett-Packard)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Nuance PDF Converter 7 (HKLM\...\{667014DE-A731-4487-9650-BD864C536F4F}) (Version: 7.00.2000 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com)
Profi cash (HKLM\...\Profi cash) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5680 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Converter (Version: - ) Hidden
Schnapper 1.6.150 (HKLM\...\Schnapper) (Version: 1.6.150 - Robert Beer)
Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Steuersparer 2010 (HKLM\...\{9B954367-8314-4E94-9FFC-D6EFF7C6B674}) (Version: 17.00.6531 - Buhl Data Service GmbH)
Steuersparer 2011 (HKLM\...\{538E852C-1064-46EF-9B24-6EC9B1494792}) (Version: 18.00.6933 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.01.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.11.0000 - Akademische Arbeitsgemeinschaft Verlag)
SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 -> No File Path
==================== Restore Points =========================
20-02-2015 19:02:29 Geplanter Prüfpunkt
22-02-2015 12:37:10 Geplanter Prüfpunkt
13-03-2015 06:21:17 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {171DF220-EF09-449C-8AA2-BB5DF0D5E2F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {22B8F97D-5736-4520-9C6B-67C75987854C} - System32\Tasks\{743FC91F-421D-4A8B-BACA-40B6CBC289E5} => pcalua.exe -a c:\Users\Schüle\Documents\Downloads\amicron-faktura11(2).exe
Task: {369C4F35-53F5-45DB-81B4-7131B1554ACC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schüle => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {4C7044E2-6D55-4F72-8668-4F71B6BFA3BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {534DF986-986C-4568-85A6-245C4D6E03C8} - System32\Tasks\{A1B029EC-5A50-478D-A54D-9810DC94C25D} => pcalua.exe -a C:\PROGRA~1\AMICRO~1.0\UNWISE.EXE -c C:\PROGRA~1\AMICRO~1.0\Install.log
Task: {66197C39-E854-490C-B9B5-3E82B27101FB} - System32\Tasks\{88C66690-BBA1-4297-A840-26D69C048E4A} => pcalua.exe -a C:\Users\Schüle\Downloads\setup_kadmos_irfanview_de.exe -d C:\Users\Schüle\Downloads
Task: {91062CE2-CC24-442B-827A-EE9B2F8EB474} - System32\Tasks\{4CE875CE-371C-4A2B-A945-F691B3351578} => pcalua.exe -a "C:\Users\Schüle\Eigene Dateien\Downloads\AF11-Setup.exe" -d "C:\Users\Schüle\Eigene Dateien\Downloads"
Task: {D01C3D6B-91E9-444C-BE2C-7D3E7E848B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {E24C6F7B-BFD0-4BA5-BE79-EB1B319BE31E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-13 20:05 - 2014-09-10 16:24 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2009-04-25 21:25 - 2009-01-16 02:44 - 00057344 _____ () C:\Program Files\Hardcopy\HcDLL2_28_Win32.dll
2011-08-28 22:19 - 2011-08-28 22:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-25 21:25 - 2009-03-20 07:54 - 00443904 _____ () C:\Program Files\Hardcopy\HcDllS.dll
2009-04-25 21:25 - 2003-11-20 12:18 - 00045056 _____ () C:\Program Files\Hardcopy\hardcopy.dll
2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files\Common Files\AAV\aavus.exe
2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-03-06 11:15 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-03-06 11:15 - 2009-03-06 11:15 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-07-29 12:55 - 2008-07-29 12:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2015-03-13 11:51 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-13 11:51 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img33.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-768814543-1293272205-1146082735-500 - Administrator - Disabled)
Gast (S-1-5-21-768814543-1293272205-1146082735-501 - Limited - Disabled)
Schüle (S-1-5-21-768814543-1293272205-1146082735-1000 - Administrator - Enabled) => C:\Users\Schüle
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2015 09:58:58 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilite to launch the server thread. errno : 1053
Error: (03/22/2015 09:58:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 11:28:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SCHÜLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\RVV54KH8\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9532
Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9532
Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/20/2015 09:02:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 11.3.2015.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 2fc
Anfangszeit: 01d06346fb1a0f7b
Zeitpunkt der Beendigung: 16
Error: (03/20/2015 08:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 10:36:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (03/19/2015 08:34:27 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
System errors:
=============
Error: (03/22/2015 10:00:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053
Error: (03/22/2015 10:00:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst
Error: (03/22/2015 09:59:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain
Error: (03/22/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Firebird Server - DefaultInstance%%1053
Error: (03/22/2015 09:58:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Firebird Server - DefaultInstance
Error: (03/22/2015 09:58:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Service Host
Error: (03/22/2015 09:58:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (03/22/2015 09:56:23 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (03/20/2015 10:32:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (03/20/2015 09:34:58 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber USB hat eine ungültige ID für das untergeordnete Gerät (E69739L1N283935) zurückgegeben.
Microsoft Office Sessions:
=========================
Error: (07/21/2013 03:24:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-03-22 10:05:15.621
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:05:15.325
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:05:15.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:05:14.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:46.241
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:45.944
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:45.632
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:45.351
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:44.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-22 10:04:44.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 53%
Total physical RAM: 2813.5 MB
Available physical RAM: 1313.77 MB
Total Pagefile: 5869.49 MB
Available Pagefile: 3941.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.39 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:14.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.94 GB) NTFS
Drive e: (UNTITLED_DISC) (CDROM) (Total:1.42 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 22-03-2015 10:03:29 Running from C:\Users\Schüle\Eigene Dateien\Downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE () C:\Program Files\Common Files\AAV\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11] FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08] FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22] CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22] CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22] CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09] CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed] R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed] S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH) S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Netaapl; system32\DRIVERS\netaapl.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 22:37 - 2015-03-19 22:37 - 00001004 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-03-19 22:36 - 2015-03-19 22:36 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Avira 2015-03-19 22:36 - 2015-03-19 22:36 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-19 22:35 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-19 22:35 - 2015-03-19 22:35 - 00001849 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-03-19 22:33 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\Avira 2015-03-19 22:33 - 2015-03-19 22:37 - 00000000 ____D () C:\Program Files\Avira 2015-03-19 22:33 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2015-03-19 22:33 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-19 22:33 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-19 22:33 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-19 22:17 - 2015-03-19 22:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini 2015-03-19 20:50 - 2015-03-19 20:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt 2015-03-19 20:50 - 2015-03-19 20:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt# 2015-03-19 20:16 - 2015-03-19 20:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt 2015-03-19 16:22 - 2015-03-22 10:03 - 00000000 ____D () C:\FRST 2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable 2015-03-19 14:23 - 2015-03-22 10:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 14:22 - 2015-03-19 14:22 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-19 14:22 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 14:22 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 14:22 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp 2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp 2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt 2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt# 2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt 2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp 2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp 2015-02-20 19:13 - 2015-02-20 23:43 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\BOM 2015-02-20 19:13 - 2015-02-20 19:14 - 00000000 ____D () C:\Program Files\Biet-O-Matic 2015-02-20 19:13 - 2015-02-20 19:13 - 00000836 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk 2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2015-02-20 19:13 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\system32\Inetde.dll 2015-02-20 19:13 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx 2015-02-20 19:13 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winskde.dll 2015-02-20 19:13 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\stdftde.dll 2015-02-20 19:13 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Mscmcde.dll 2015-02-20 19:13 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Tabctde.dll 2015-02-20 19:13 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\system32\Tabctl32.ocx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 10:04 - 2009-03-06 11:09 - 01648317 _____ () C:\Windows\WindowsUpdate.log 2015-03-22 10:00 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-03-22 09:56 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-03-22 09:56 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-22 09:56 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001 2015-03-22 09:56 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-03-22 09:56 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-22 09:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-22 09:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-22 09:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-20 23:30 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-20 22:46 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-20 22:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\ProgramData\Symantec 2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-03-20 20:42 - 2008-01-21 03:47 - 00325414 _____ () C:\Windows\PFRO.log 2015-03-19 20:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle 2015-03-19 13:33 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump 2015-03-19 13:32 - 2010-12-17 14:30 - 140545670 _____ () C:\Windows\MEMORY.DMP 2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat 2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc 2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss 2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia 2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log 2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15 2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird ==================== Files in the root of some directories ======= 2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt 2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat 2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log 2015-03-19 22:17 - 2015-03-19 22:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini 2010-08-14 19:32 - 2015-03-22 09:56 - 0027934 _____ () C:\ProgramData\nvModes.001 2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Schüle\AppData\Local\Temp\avgnt.exe C:\Users\Schüle\AppData\Local\Temp\avguidx.dll C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Schüle\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Schüle\AppData\Local\Temp\ytb.exe C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-22 10:06 ==================== End Of Log ============================ |
|
22.03.2015, 17:41
| #8 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.03.2015, 22:33
| #9 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt Hallo, ich habe die Dateien mit Revo Uninstaller gelöscht. Beim Versuch Malewarebytes laufen zu lassen bekommen ich immer die folgende Fehlermeldung " Error. This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue" |
|
23.03.2015, 15:47
| #10 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Du hast MBAM schon installiert, das starten und einen Rootkitscan machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 23:10
| #11 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt Hier der Report von TDSSKiller (Teil1) Code:
ATTFilter 23:02:46.0584 0x02f4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:02:51.0561 0x02f4 ============================================================
23:02:51.0561 0x02f4 Current date / time: 2015/03/23 23:02:51.0561
23:02:51.0561 0x02f4 SystemInfo:
23:02:51.0561 0x02f4
23:02:51.0561 0x02f4 OS Version: 6.0.6001 ServicePack: 1.0
23:02:51.0561 0x02f4 Product type: Workstation
23:02:51.0561 0x02f4 ComputerName: SCHÜLE-LAPTOP
23:02:51.0561 0x02f4 UserName: Schüle
23:02:51.0561 0x02f4 Windows directory: C:\Windows
23:02:51.0561 0x02f4 System windows directory: C:\Windows
23:02:51.0561 0x02f4 Processor architecture: Intel x86
23:02:51.0561 0x02f4 Number of processors: 2
23:02:51.0561 0x02f4 Page size: 0x1000
23:02:51.0561 0x02f4 Boot type: Normal boot
23:02:51.0561 0x02f4 ============================================================
23:02:51.0842 0x02f4 KLMD registered as C:\Windows\system32\drivers\80761252.sys
23:02:52.0216 0x02f4 System UUID: {A274B5F9-6E83-03DD-5EFB-2837A373F852}
23:02:53.0262 0x02f4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:02:53.0262 0x02f4 ============================================================
23:02:53.0262 0x02f4 \Device\Harddisk0\DR0:
23:02:53.0262 0x02f4 MBR partitions:
23:02:53.0262 0x02f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
23:02:53.0262 0x02f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x12017000
23:02:53.0262 0x02f4 ============================================================
23:02:53.0293 0x02f4 C: <-> \Device\Harddisk0\DR0\Partition1
23:02:53.0340 0x02f4 D: <-> \Device\Harddisk0\DR0\Partition2
23:02:53.0340 0x02f4 ============================================================
23:02:53.0340 0x02f4 Initialize success
23:02:53.0340 0x02f4 ============================================================
23:03:08.0541 0x0768 ============================================================
23:03:08.0541 0x0768 Scan started
23:03:08.0541 0x0768 Mode: Manual;
23:03:08.0541 0x0768 ============================================================
23:03:08.0541 0x0768 KSN ping started
23:03:09.0119 0x0768 KSN ping finished: true
23:03:09.0743 0x0768 ================ Scan system memory ========================
23:03:09.0743 0x0768 System memory - ok
23:03:09.0743 0x0768 ================ Scan services =============================
23:03:09.0930 0x0768 [ F73DB97453B47B805B73A98023961505, 483F82A46AD73B3736F63CC5B473E0D47D04F1B4A3B40A49024165ACC2CC98FD ] AAV UpdateService C:\Program Files\Common Files\AAV\aavus.exe
23:03:09.0945 0x0768 AAV UpdateService - ok
23:03:10.0179 0x0768 [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:03:10.0195 0x0768 ACPI - ok
23:03:10.0304 0x0768 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:10.0351 0x0768 AdobeFlashPlayerUpdateSvc - ok
23:03:10.0413 0x0768 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:03:10.0429 0x0768 adp94xx - ok
23:03:10.0476 0x0768 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:03:10.0476 0x0768 adpahci - ok
23:03:10.0507 0x0768 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:03:10.0507 0x0768 adpu160m - ok
23:03:10.0523 0x0768 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:03:10.0523 0x0768 adpu320 - ok
23:03:10.0569 0x0768 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:03:10.0569 0x0768 AeLookupSvc - ok
23:03:10.0647 0x0768 [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD C:\Windows\system32\drivers\afd.sys
23:03:10.0663 0x0768 AFD - ok
23:03:10.0710 0x0768 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:03:10.0725 0x0768 agp440 - ok
23:03:10.0757 0x0768 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:03:10.0757 0x0768 aic78xx - ok
23:03:10.0788 0x0768 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
23:03:10.0788 0x0768 ALG - ok
23:03:10.0819 0x0768 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
23:03:10.0819 0x0768 aliide - ok
23:03:10.0850 0x0768 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:03:10.0866 0x0768 amdagp - ok
23:03:10.0881 0x0768 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
23:03:10.0897 0x0768 amdide - ok
23:03:10.0913 0x0768 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:03:10.0928 0x0768 AmdK7 - ok
23:03:10.0959 0x0768 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:03:10.0959 0x0768 AmdK8 - ok
23:03:11.0178 0x0768 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:03:11.0225 0x0768 AntiVirSchedulerService - ok
23:03:11.0287 0x0768 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:03:11.0318 0x0768 AntiVirService - ok
23:03:11.0349 0x0768 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
23:03:11.0365 0x0768 Appinfo - ok
23:03:11.0474 0x0768 [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:11.0490 0x0768 Apple Mobile Device - ok
23:03:11.0505 0x0768 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
23:03:11.0505 0x0768 arc - ok
23:03:11.0552 0x0768 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:03:11.0552 0x0768 arcsas - ok
23:03:11.0583 0x0768 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:11.0583 0x0768 AsyncMac - ok
23:03:11.0615 0x0768 [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi C:\Windows\system32\drivers\atapi.sys
23:03:11.0615 0x0768 atapi - ok
23:03:11.0661 0x0768 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:11.0677 0x0768 AudioEndpointBuilder - ok
23:03:11.0693 0x0768 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:03:11.0708 0x0768 Audiosrv - ok
23:03:11.0739 0x0768 [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:03:11.0771 0x0768 avgntflt - ok
23:03:11.0833 0x0768 [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:03:11.0864 0x0768 avipbb - ok
23:03:12.0051 0x0768 [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
23:03:12.0067 0x0768 Avira.OE.ServiceHost - ok
23:03:12.0114 0x0768 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:03:12.0129 0x0768 avkmgr - ok
23:03:12.0176 0x0768 [ 6FB43F0DADB3FDC287D080C19666AF8D, D2AA2172CEAF5954E4F04728D1BC9EA7C47A20E8918E876287FC766895FB617A ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:03:12.0192 0x0768 b57nd60x - ok
23:03:12.0270 0x0768 [ C38077D14ADF896EE1E1DBBCBCF77E14, 93CAEB3C124277D4C9D4E4622AB2213ECC60AAFFA754197297583431EDAE0472 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:03:12.0301 0x0768 BCM43XX - ok
23:03:12.0332 0x0768 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
23:03:12.0332 0x0768 Beep - ok
23:03:12.0379 0x0768 [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE C:\Windows\System32\bfe.dll
23:03:12.0395 0x0768 BFE - ok
23:03:12.0441 0x0768 [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS C:\Windows\System32\qmgr.dll
23:03:12.0473 0x0768 BITS - ok
23:03:12.0504 0x0768 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:03:12.0504 0x0768 blbdrive - ok
23:03:12.0597 0x0768 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:12.0644 0x0768 Bonjour Service - ok
23:03:12.0753 0x0768 [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:03:12.0753 0x0768 bowser - ok
23:03:12.0816 0x0768 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:03:12.0831 0x0768 BrFiltLo - ok
23:03:12.0863 0x0768 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:03:12.0863 0x0768 BrFiltUp - ok
23:03:12.0894 0x0768 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
23:03:12.0925 0x0768 Browser - ok
23:03:12.0987 0x0768 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:03:13.0003 0x0768 Brserid - ok
23:03:13.0034 0x0768 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:03:13.0034 0x0768 BrSerWdm - ok
23:03:13.0081 0x0768 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:03:13.0097 0x0768 BrUsbMdm - ok
23:03:13.0128 0x0768 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:03:13.0128 0x0768 BrUsbSer - ok
23:03:13.0159 0x0768 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:03:13.0175 0x0768 BTHMODEM - ok
23:03:13.0237 0x0768 [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
23:03:13.0253 0x0768 BUNAgentSvc - ok
23:03:13.0315 0x0768 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:03:13.0315 0x0768 cdfs - ok
23:03:13.0362 0x0768 [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:03:13.0362 0x0768 cdrom - ok
23:03:13.0409 0x0768 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc C:\Windows\System32\certprop.dll
23:03:13.0409 0x0768 CertPropSvc - ok
23:03:13.0424 0x0768 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
23:03:13.0440 0x0768 circlass - ok
23:03:13.0518 0x0768 [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS C:\Windows\system32\CLFS.sys
23:03:13.0565 0x0768 CLFS - ok
23:03:13.0674 0x0768 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:13.0705 0x0768 clr_optimization_v2.0.50727_32 - ok
23:03:13.0783 0x0768 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:13.0783 0x0768 clr_optimization_v4.0.30319_32 - ok
23:03:13.0845 0x0768 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:03:13.0845 0x0768 CmBatt - ok
23:03:13.0877 0x0768 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:03:13.0877 0x0768 cmdide - ok
23:03:14.0033 0x0768 [ B80751FE12E2FEF90AA0960AE7358E89, 906D83FB63BD1814731E92257B8FD5381225EA4CFA76D91045F2C00278F5A58E ] ComodoBackupService C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
23:03:14.0173 0x0768 ComodoBackupService - ok
23:03:14.0204 0x0768 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:03:14.0220 0x0768 Compbatt - ok
23:03:14.0220 0x0768 COMSysApp - ok
23:03:14.0235 0x0768 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:03:14.0251 0x0768 crcdisk - ok
23:03:14.0267 0x0768 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:03:14.0282 0x0768 Crusoe - ok
23:03:14.0345 0x0768 [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:03:14.0345 0x0768 CryptSvc - ok
23:03:14.0485 0x0768 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:03:14.0516 0x0768 DcomLaunch - ok
23:03:14.0594 0x0768 [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:03:14.0610 0x0768 DfsC - ok
23:03:14.0813 0x0768 [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR C:\Windows\system32\DFSR.exe
23:03:14.0922 0x0768 DFSR - ok
23:03:15.0031 0x0768 [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:03:15.0047 0x0768 Dhcp - ok
23:03:15.0109 0x0768 [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk C:\Windows\system32\drivers\disk.sys
23:03:15.0109 0x0768 disk - ok
23:03:15.0156 0x0768 DKbFltr - ok
23:03:15.0249 0x0768 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:03:15.0249 0x0768 Dnscache - ok
23:03:15.0312 0x0768 [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc C:\Windows\System32\dot3svc.dll
23:03:15.0343 0x0768 dot3svc - ok
23:03:15.0421 0x0768 [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:03:15.0437 0x0768 Dot4 - ok
23:03:15.0468 0x0768 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:03:15.0468 0x0768 Dot4Print - ok
23:03:15.0499 0x0768 [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:03:15.0499 0x0768 dot4usb - ok
23:03:15.0546 0x0768 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
23:03:15.0561 0x0768 DPS - ok
23:03:15.0608 0x0768 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:03:15.0608 0x0768 drmkaud - ok
23:03:15.0749 0x0768 [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:03:15.0780 0x0768 DXGKrnl - ok
23:03:15.0842 0x0768 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:03:15.0858 0x0768 E1G60 - ok
23:03:15.0889 0x0768 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
23:03:15.0920 0x0768 EapHost - ok
23:03:15.0983 0x0768 [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:03:15.0983 0x0768 Ecache - ok
23:03:16.0061 0x0768 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:03:16.0107 0x0768 ehRecvr - ok
23:03:16.0139 0x0768 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
23:03:16.0170 0x0768 ehSched - ok
23:03:16.0201 0x0768 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
23:03:16.0201 0x0768 ehstart - ok
23:03:16.0263 0x0768 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:03:16.0263 0x0768 elxstor - ok
23:03:16.0326 0x0768 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:03:16.0357 0x0768 EMDMgmt - ok
23:03:16.0388 0x0768 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:03:16.0388 0x0768 ErrDev - ok
23:03:16.0466 0x0768 [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
23:03:16.0466 0x0768 ETService - ok
23:03:16.0513 0x0768 [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem C:\Windows\system32\es.dll
23:03:16.0529 0x0768 EventSystem - ok
23:03:16.0575 0x0768 [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat C:\Windows\system32\drivers\exfat.sys
23:03:16.0591 0x0768 exfat - ok
23:03:16.0607 0x0768 [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:03:16.0622 0x0768 fastfat - ok
23:03:16.0638 0x0768 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:03:16.0638 0x0768 fdc - ok
23:03:16.0669 0x0768 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
23:03:16.0669 0x0768 fdPHost - ok
23:03:16.0700 0x0768 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
23:03:16.0700 0x0768 FDResPub - ok
23:03:16.0731 0x0768 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:03:16.0731 0x0768 FileInfo - ok
23:03:16.0778 0x0768 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:03:16.0778 0x0768 Filetrace - ok
23:03:16.0887 0x0768 [ 6B82884EED135613E3E560204DB4242D, A56FF600CBFC02B0E5E7C0180F3221E3BEF3102DC6877074FBFA90502F886478 ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
23:03:16.0903 0x0768 FirebirdGuardianDefaultInstance - ok
23:03:17.0215 0x0768 [ ECD2FFCFE1C21C00E0DE0B0866EDDF38, 1DA942358F97518E68057093C86157A441140517F1B04AB75E20C44F2CED7563 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
23:03:17.0340 0x0768 FirebirdServerDefaultInstance - ok
23:03:17.0371 0x0768 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:17.0371 0x0768 flpydisk - ok
23:03:17.0433 0x0768 [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:03:17.0433 0x0768 FltMgr - ok
23:03:17.0527 0x0768 [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:17.0543 0x0768 FontCache3.0.0.0 - ok
23:03:17.0574 0x0768 [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:03:17.0574 0x0768 Fs_Rec - ok
23:03:17.0605 0x0768 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:03:17.0605 0x0768 gagp30kx - ok
23:03:17.0652 0x0768 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:03:17.0652 0x0768 GEARAspiWDM - ok
23:03:17.0777 0x0768 [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc C:\Windows\System32\gpsvc.dll
23:03:17.0808 0x0768 gpsvc - ok
23:03:17.0901 0x0768 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:17.0901 0x0768 gupdate - ok
23:03:17.0933 0x0768 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:17.0948 0x0768 gupdatem - ok
23:03:18.0011 0x0768 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:18.0011 0x0768 HdAudAddService - ok
23:03:18.0042 0x0768 [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:18.0042 0x0768 HDAudBus - ok
23:03:18.0073 0x0768 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:03:18.0073 0x0768 HidBth - ok
23:03:18.0104 0x0768 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
23:03:18.0104 0x0768 HidIr - ok
23:03:18.0135 0x0768 [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv C:\Windows\system32\hidserv.dll
23:03:18.0135 0x0768 hidserv - ok
23:03:18.0182 0x0768 [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:03:18.0182 0x0768 HidUsb - ok
23:03:18.0229 0x0768 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
23:03:18.0229 0x0768 hkmsvc - ok
23:03:18.0291 0x0768 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:03:18.0307 0x0768 HpCISSs - ok
23:03:18.0369 0x0768 [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:03:18.0385 0x0768 HTTP - ok
23:03:18.0432 0x0768 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:03:18.0447 0x0768 i2omp - ok
23:03:18.0479 0x0768 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:18.0479 0x0768 i8042prt - ok
23:03:18.0525 0x0768 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:03:18.0525 0x0768 iaStorV - ok
23:03:18.0635 0x0768 [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:03:18.0791 0x0768 idsvc - ok
23:03:18.0822 0x0768 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:03:18.0822 0x0768 iirsp - ok
23:03:18.0869 0x0768 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT C:\Windows\System32\ikeext.dll
23:03:18.0884 0x0768 IKEEXT - ok
23:03:18.0947 0x0768 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15 C:\Windows\system32\drivers\int15.sys
23:03:18.0962 0x0768 int15 - ok
23:03:19.0118 0x0768 [ FE912E4A9719A9792669DEBB403CB9B1, C3C7F4B98B6EC5266AF29B9AC8373424D8A5035CDFF60DB85DB336819BFE8F39 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:03:19.0290 0x0768 IntcAzAudAddService - ok
23:03:19.0337 0x0768 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
23:03:19.0337 0x0768 intelide - ok
23:03:19.0383 0x0768 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:03:19.0383 0x0768 intelppm - ok
23:03:19.0415 0x0768 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:03:19.0446 0x0768 IPBusEnum - ok
23:03:19.0477 0x0768 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:19.0477 0x0768 IpFilterDriver - ok
23:03:19.0524 0x0768 [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:03:19.0539 0x0768 iphlpsvc - ok
23:03:19.0555 0x0768 IpInIp - ok
23:03:19.0586 0x0768 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:03:19.0586 0x0768 IPMIDRV - ok
23:03:19.0617 0x0768 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:03:19.0617 0x0768 IPNAT - ok
23:03:19.0680 0x0768 [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:03:19.0711 0x0768 iPod Service - ok
23:03:19.0742 0x0768 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:03:19.0742 0x0768 IRENUM - ok
23:03:19.0805 0x0768 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:03:19.0805 0x0768 isapnp - ok
23:03:19.0851 0x0768 [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:03:19.0867 0x0768 iScsiPrt - ok
23:03:19.0914 0x0768 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:03:19.0914 0x0768 iteatapi - ok
23:03:19.0929 0x0768 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:03:19.0929 0x0768 iteraid - ok
23:03:19.0976 0x0768 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:03:20.0007 0x0768 IviRegMgr - ok
23:03:20.0039 0x0768 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:20.0054 0x0768 kbdclass - ok
23:03:20.0070 0x0768 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:20.0070 0x0768 kbdhid - ok
23:03:20.0085 0x0768 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso C:\Windows\system32\lsass.exe
23:03:20.0085 0x0768 KeyIso - ok
23:03:20.0117 0x0768 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:03:20.0132 0x0768 KSecDD - ok
23:03:20.0179 0x0768 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:03:20.0195 0x0768 KtmRm - ok
23:03:20.0241 0x0768 [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:03:20.0241 0x0768 LanmanServer - ok
23:03:20.0289 0x0768 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:20.0289 0x0768 LanmanWorkstation - ok
23:03:20.0367 0x0768 [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:03:20.0367 0x0768 LightScribeService - ok
23:03:20.0398 0x0768 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:03:20.0414 0x0768 lltdio - ok
23:03:20.0445 0x0768 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:03:20.0476 0x0768 lltdsvc - ok
23:03:20.0492 0x0768 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:03:20.0508 0x0768 lmhosts - ok
23:03:20.0539 0x0768 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:03:20.0539 0x0768 LSI_FC - ok
23:03:20.0554 0x0768 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:03:20.0570 0x0768 LSI_SAS - ok
23:03:20.0601 0x0768 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:03:20.0601 0x0768 LSI_SCSI - ok
23:03:20.0632 0x0768 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
23:03:20.0632 0x0768 luafv - ok
23:03:20.0710 0x0768 [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
23:03:20.0710 0x0768 mbamchameleon - ok
23:03:20.0773 0x0768 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:03:20.0773 0x0768 MBAMSwissArmy - ok
23:03:20.0835 0x0768 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:03:20.0851 0x0768 Mcx2Svc - ok
23:03:20.0898 0x0768 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
23:03:20.0898 0x0768 megasas - ok
23:03:20.0960 0x0768 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:03:20.0976 0x0768 MegaSR - ok
23:03:21.0007 0x0768 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
23:03:21.0007 0x0768 MMCSS - ok
23:03:21.0038 0x0768 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
23:03:21.0038 0x0768 Modem - ok
23:03:21.0069 0x0768 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:03:21.0069 0x0768 monitor - ok
23:03:21.0116 0x0768 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:03:21.0116 0x0768 mouclass - ok
23:03:21.0132 0x0768 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:03:21.0132 0x0768 mouhid - ok
23:03:21.0163 0x0768 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:03:21.0163 0x0768 MountMgr - ok
23:03:21.0241 0x0768 [ 8446B9C86C11F94502BC55321637FDE9, D04BAF2FB69526BB6B4182FB7284F61E311CEB313142C3A46BD2741D515457CF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:03:21.0256 0x0768 MozillaMaintenance - ok
23:03:21.0289 0x0768 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:03:21.0320 0x0768 mpio - ok
23:03:21.0351 0x0768 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:03:21.0351 0x0768 mpsdrv - ok
23:03:21.0413 0x0768 [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:03:21.0429 0x0768 MpsSvc - ok
23:03:21.0491 0x0768 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:03:21.0491 0x0768 Mraid35x - ok
23:03:21.0523 0x0768 [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:03:21.0523 0x0768 MRxDAV - ok
23:03:21.0585 0x0768 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:21.0585 0x0768 mrxsmb - ok
23:03:21.0632 0x0768 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:21.0632 0x0768 mrxsmb10 - ok
23:03:21.0663 0x0768 [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:21.0679 0x0768 mrxsmb20 - ok
23:03:21.0694 0x0768 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
23:03:21.0694 0x0768 msahci - ok
23:03:21.0725 0x0768 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:03:21.0741 0x0768 msdsm - ok
23:03:21.0772 0x0768 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
23:03:21.0788 0x0768 MSDTC - ok
23:03:21.0835 0x0768 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:03:21.0835 0x0768 Msfs - ok
23:03:21.0866 0x0768 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:03:21.0866 0x0768 msisadrv - ok
23:03:21.0897 0x0768 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:03:21.0928 0x0768 MSiSCSI - ok
23:03:21.0928 0x0768 msiserver - ok
23:03:21.0975 0x0768 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:03:21.0975 0x0768 MSKSSRV - ok
23:03:22.0006 0x0768 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:22.0006 0x0768 MSPCLOCK - ok
23:03:22.0037 0x0768 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:03:22.0037 0x0768 MSPQM - ok
23:03:22.0084 0x0768 [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:03:22.0100 0x0768 MsRPC - ok
23:03:22.0131 0x0768 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:22.0147 0x0768 mssmbios - ok
23:03:22.0162 0x0768 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:03:22.0162 0x0768 MSTEE - ok
23:03:22.0193 0x0768 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup C:\Windows\system32\Drivers\mup.sys
23:03:22.0209 0x0768 Mup - ok
23:03:22.0256 0x0768 [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent C:\Windows\system32\qagentRT.dll
23:03:22.0271 0x0768 napagent - ok
23:03:22.0319 0x0768 [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:03:22.0335 0x0768 NativeWifiP - ok
23:03:22.0397 0x0768 [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:03:22.0413 0x0768 NDIS - ok
23:03:22.0428 0x0768 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:22.0428 0x0768 NdisTapi - ok
23:03:22.0460 0x0768 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:22.0460 0x0768 Ndisuio - ok
23:03:22.0475 0x0768 [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:22.0491 0x0768 NdisWan - ok
23:03:22.0522 0x0768 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:03:22.0522 0x0768 NDProxy - ok
23:03:22.0569 0x0768 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:03:22.0584 0x0768 Net Driver HPZ12 - ok
23:03:22.0600 0x0768 Netaapl - ok
23:03:22.0631 0x0768 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:03:22.0631 0x0768 NetBIOS - ok
23:03:22.0662 0x0768 [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:03:22.0694 0x0768 netbt - ok
23:03:22.0709 0x0768 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon C:\Windows\system32\lsass.exe
23:03:22.0709 0x0768 Netlogon - ok
23:03:22.0740 0x0768 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
23:03:22.0756 0x0768 Netman - ok
23:03:22.0787 0x0768 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
23:03:22.0787 0x0768 netprofm - ok
23:03:22.0850 0x0768 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:03:22.0881 0x0768 NetTcpPortSharing - ok
23:03:22.0912 0x0768 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:03:22.0912 0x0768 nfrd960 - ok
23:03:22.0943 0x0768 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
23:03:22.0959 0x0768 NlaSvc - ok
23:03:22.0974 0x0768 [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:03:22.0990 0x0768 Npfs - ok
23:03:23.0021 0x0768 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
23:03:23.0021 0x0768 nsi - ok
23:03:23.0052 0x0768 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:03:23.0068 0x0768 nsiproxy - ok
23:03:23.0130 0x0768 [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:03:23.0240 0x0768 Ntfs - ok
23:03:23.0271 0x0768 [ CB76F68BA0D57C5D25B538981B1C611C, D078ADEFCF1559EA86AFBD3F6766065EE12B85CF44736A87D4140FB0C480215E ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:03:23.0286 0x0768 NTIBackupSvc - ok
23:03:23.0333 0x0768 [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:03:23.0333 0x0768 NTIDrvr - ok
23:03:23.0349 0x0768 [ DF1C10A75DF7E50195FC417F88A33227, 1551A6243236FD46F34C6F2443A3CC78D5424D9BCECB8576227A9E0AC91EC804 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:03:23.0380 0x0768 NTISchedulerSvc - ok
23:03:23.0411 0x0768 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:03:23.0427 0x0768 ntrigdigi - ok
23:03:23.0442 0x0768 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
23:03:23.0458 0x0768 Null - ok
23:03:23.0848 0x0768 [ EC0E8BC4CA37007DDB51F0DCC0C5472F, 38F04B90DDE98FCA37264CC7A71A7E42273CDFFE2C2571EB203522503B60213D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:24.0207 0x0768 nvlddmkm - ok
23:03:24.0332 0x0768 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:03:24.0363 0x0768 nvraid - ok
23:03:24.0410 0x0768 [ 736054614AB962D4EC01EF4ABCE115F1, 64AB175B70FEE31367961469603D091E01FBC8F343099005FD06B2B9314655E0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
23:03:24.0410 0x0768 nvsmu - ok
23:03:24.0441 0x0768 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:03:24.0456 0x0768 nvstor - ok
23:03:24.0503 0x0768 [ 1199B2052F7861C1D39C2318E70904C9, A3CAE98D7A4023487D6A118D070AFE00A2B8113DF89828F173C69255B2F3C267 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:03:24.0503 0x0768 nvstor32 - ok
23:03:24.0550 0x0768 [ 6A4BB2DDFA34BC3C4D20478B1F0E335C, 22DA3DFB91A0BA1A468F18C560FE636D3E99456E3499A55B52B6B3E3F1CCBB5E ] nvsvc C:\Windows\system32\nvvsvc.exe
23:03:24.0581 0x0768 nvsvc - ok
23:03:24.0628 0x0768 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:03:24.0644 0x0768 nv_agp - ok
23:03:24.0659 0x0768 NwlnkFlt - ok
23:03:24.0675 0x0768 NwlnkFwd - ok
23:03:24.0768 0x0768 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:03:24.0815 0x0768 odserv - ok
23:03:24.0862 0x0768 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:03:24.0878 0x0768 ohci1394 - ok
23:03:24.0940 0x0768 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:24.0971 0x0768 ose - ok
23:03:25.0034 0x0768 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:03:25.0080 0x0768 p2pimsvc - ok
23:03:25.0127 0x0768 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc C:\Windows\system32\p2psvc.dll
23:03:25.0158 0x0768 p2psvc - ok
23:03:25.0205 0x0768 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
23:03:25.0221 0x0768 Parport - ok
23:03:25.0236 0x0768 [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:03:25.0252 0x0768 partmgr - ok
23:03:25.0283 0x0768 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:03:25.0283 0x0768 Parvdm - ok
23:03:25.0314 0x0768 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
23:03:25.0330 0x0768 PcaSvc - ok
23:03:25.0346 0x0768 [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci C:\Windows\system32\drivers\pci.sys
23:03:25.0361 0x0768 pci - ok
23:03:25.0377 0x0768 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
23:03:25.0392 0x0768 pciide - ok
23:03:25.0424 0x0768 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:03:25.0439 0x0768 pcmcia - ok
23:03:25.0502 0x0768 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:03:25.0564 0x0768 PEAUTH - ok
23:03:25.0689 0x0768 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
23:03:25.0736 0x0768 pla - ok
23:03:25.0767 0x0768 [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:03:25.0782 0x0768 PlugPlay - ok
23:03:25.0845 0x0768 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:03:25.0860 0x0768 Pml Driver HPZ12 - ok
23:03:25.0938 0x0768 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:03:25.0985 0x0768 PNRPAutoReg - ok
23:03:26.0016 0x0768 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:03:26.0048 0x0768 PNRPsvc - ok
23:03:26.0094 0x0768 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:03:26.0110 0x0768 PolicyAgent - ok
23:03:26.0141 0x0768 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:03:26.0157 0x0768 PptpMiniport - ok
23:03:26.0172 0x0768 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:03:26.0172 0x0768 Processor - ok
23:03:26.0204 0x0768 [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:03:26.0219 0x0768 ProfSvc - ok
23:03:26.0235 0x0768 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:26.0235 0x0768 ProtectedStorage - ok
23:03:26.0250 0x0768 [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:03:26.0266 0x0768 PSched - ok
23:03:26.0360 0x0768 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:03:26.0438 0x0768 ql2300 - ok
23:03:26.0469 0x0768 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:03:26.0484 0x0768 ql40xx - ok
23:03:26.0531 0x0768 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
23:03:26.0547 0x0768 QWAVE - ok
23:03:26.0562 0x0768 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:03:26.0578 0x0768 QWAVEdrv - ok
23:03:26.0609 0x0768 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:03:26.0625 0x0768 RasAcd - ok
23:03:26.0640 0x0768 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
23:03:26.0656 0x0768 RasAuto - ok
23:03:26.0687 0x0768 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:26.0703 0x0768 Rasl2tp - ok
23:03:26.0734 0x0768 [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan C:\Windows\System32\rasmans.dll
23:03:26.0765 0x0768 RasMan - ok
23:03:26.0781 0x0768 [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:26.0796 0x0768 RasPppoe - ok
23:03:26.0812 0x0768 [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:03:26.0828 0x0768 RasSstp - ok
23:03:26.0859 0x0768 [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:03:26.0890 0x0768 rdbss - ok
23:03:26.0921 0x0768 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:26.0921 0x0768 RDPCDD - ok
23:03:26.0968 0x0768 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:03:26.0999 0x0768 rdpdr - ok
23:03:26.0999 0x0768 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:03:27.0015 0x0768 RDPENCDD - ok
23:03:27.0062 0x0768 [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:03:27.0093 0x0768 RDPWD - ok
23:03:27.0140 0x0768 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
23:03:27.0140 0x0768 regi - ok
23:03:27.0186 0x0768 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
23:03:27.0202 0x0768 RemoteAccess - ok
23:03:27.0264 0x0768 [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:03:27.0296 0x0768 RemoteRegistry - ok
23:03:27.0311 0x0768 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
23:03:27.0327 0x0768 RpcLocator - ok
23:03:27.0358 0x0768 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs C:\Windows\system32\rpcss.dll
23:03:27.0374 0x0768 RpcSs - ok
23:03:27.0405 0x0768 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:03:27.0420 0x0768 rspndr - ok
23:03:27.0436 0x0768 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs C:\Windows\system32\lsass.exe
23:03:27.0436 0x0768 SamSs - ok
23:03:27.0467 0x0768 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:03:27.0483 0x0768 sbp2port - ok
23:03:27.0514 0x0768 [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:03:27.0545 0x0768 SCardSvr - ok
23:03:27.0592 0x0768 [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule C:\Windows\system32\schedsvc.dll
23:03:27.0639 0x0768 Schedule - ok
23:03:27.0654 0x0768 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:03:27.0654 0x0768 SCPolicySvc - ok
23:03:27.0701 0x0768 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:03:27.0717 0x0768 SDRSVC - ok
23:03:27.0732 0x0768 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:03:27.0748 0x0768 secdrv - ok
23:03:27.0764 0x0768 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
23:03:27.0764 0x0768 seclogon - ok
23:03:27.0779 0x0768 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
23:03:27.0779 0x0768 SENS - ok
23:03:27.0826 0x0768 [ CB3E852B818946F396E35A976EE6B552, 2CA45BEBD2F607E66F13DBD23DE7FB4E0C74F9B93A649B270E96A97000B650CA ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
23:03:27.0842 0x0768 Ser2pl - ok
23:03:27.0842 0x0768 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:03:27.0857 0x0768 Serenum - ok
23:03:27.0888 0x0768 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
23:03:27.0904 0x0768 Serial - ok
23:03:27.0935 0x0768 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:03:27.0935 0x0768 sermouse - ok
23:03:28.0013 0x0768 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
23:03:28.0013 0x0768 SessionEnv - ok
23:03:28.0044 0x0768 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:03:28.0060 0x0768 sffdisk - ok
23:03:28.0091 0x0768 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:03:28.0107 0x0768 sffp_mmc - ok
23:03:28.0122 0x0768 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:03:28.0138 0x0768 sffp_sd - ok
23:03:28.0154 0x0768 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:03:28.0169 0x0768 sfloppy - ok
23:03:28.0200 0x0768 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:03:28.0216 0x0768 SharedAccess - ok
23:03:28.0247 0x0768 [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:28.0263 0x0768 ShellHWDetection - ok
23:03:28.0294 0x0768 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:03:28.0310 0x0768 sisagp - ok
23:03:28.0325 0x0768 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:03:28.0341 0x0768 SiSRaid2 - ok
23:03:28.0372 0x0768 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:03:28.0373 0x0768 SiSRaid4 - ok
23:03:28.0529 0x0768 [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc C:\Windows\system32\SLsvc.exe
23:03:28.0669 0x0768 slsvc - ok
23:03:28.0701 0x0768 [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:03:28.0732 0x0768 SLUINotify - ok
23:03:28.0747 0x0768 [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:03:28.0763 0x0768 Smb - ok
23:03:28.0794 0x0768 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:03:28.0794 0x0768 SNMPTRAP - ok
23:03:28.0841 0x0768 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
23:03:28.0841 0x0768 spldr - ok
23:03:28.0888 0x0768 [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler C:\Windows\System32\spoolsv.exe
23:03:28.0903 0x0768 Spooler - ok
23:03:28.0981 0x0768 [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:03:29.0013 0x0768 srv - ok
23:03:29.0044 0x0768 [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:03:29.0059 0x0768 srv2 - ok
23:03:29.0106 0x0768 [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:03:29.0122 0x0768 srvnet - ok
23:03:29.0184 0x0768 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:03:29.0200 0x0768 SSDPSRV - ok
23:03:29.0247 0x0768 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:03:29.0262 0x0768 ssmdrv - ok
23:03:29.0309 0x0768 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:03:29.0325 0x0768 SstpSvc - ok
23:03:29.0356 0x0768 [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc C:\Windows\System32\wiaservc.dll
23:03:29.0387 0x0768 stisvc - ok
23:03:29.0434 0x0768 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:03:29.0449 0x0768 swenum - ok
23:03:29.0496 0x0768 [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv C:\Windows\System32\swprv.dll
23:03:29.0496 0x0768 swprv - ok
23:03:29.0527 0x0768 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:03:29.0543 0x0768 Symc8xx - ok
23:03:29.0559 0x0768 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:03:29.0574 0x0768 Sym_hi - ok
23:03:29.0605 0x0768 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:03:29.0621 0x0768 Sym_u3 - ok
23:03:29.0668 0x0768 [ BF7AA84D5AF0FAA0978C840E63B17DBF, ED07F47BCD96B524F3E4EE01DB46D26FDB790167B7BA7C7097D75E10FE1144A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:03:29.0683 0x0768 SynTP - ok
23:03:29.0730 0x0768 [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain C:\Windows\system32\sysmain.dll
23:03:29.0761 0x0768 SysMain - ok
23:03:29.0793 0x0768 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:29.0808 0x0768 TabletInputService - ok
23:03:29.0855 0x0768 [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:03:29.0871 0x0768 TapiSrv - ok
23:03:29.0886 0x0768 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
23:03:29.0902 0x0768 TBS - ok
23:03:30.0011 0x0768 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:03:30.0073 0x0768 Tcpip - ok
23:03:30.0136 0x0768 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:03:30.0167 0x0768 Tcpip6 - ok
23:03:30.0214 0x0768 [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:03:30.0229 0x0768 tcpipreg - ok
23:03:30.0261 0x0768 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:03:30.0261 0x0768 TDPIPE - ok
23:03:30.0292 0x0768 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:03:30.0307 0x0768 TDTCP - ok
23:03:30.0323 0x0768 [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:03:30.0339 0x0768 tdx - ok
23:03:30.0666 0x0768 [ F01CC856780524410EA86C07C39E5B77, 01C62D94D7FB7E411BAC2E2996BC09EBBDC0F3E03C62D06E1121DCB169AD6326 ] TeamViewer9 C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:03:31.0150 0x0768 TeamViewer9 - ok
23:03:31.0212 0x0768 [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:03:31.0212 0x0768 teamviewervpn - ok
23:03:31.0243 0x0768 [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:03:31.0259 0x0768 TermDD - ok
23:03:31.0306 0x0768 [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService C:\Windows\System32\termsrv.dll
23:03:31.0337 0x0768 TermService - ok
23:03:31.0353 0x0768 [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes C:\Windows\system32\shsvcs.dll
23:03:31.0368 0x0768 Themes - ok
23:03:31.0384 0x0768 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
23:03:31.0399 0x0768 THREADORDER - ok
23:03:31.0431 0x0768 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
23:03:31.0431 0x0768 TrkWks - ok
23:03:31.0493 0x0768 [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:31.0493 0x0768 TrustedInstaller - ok
23:03:31.0555 0x0768 [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:31.0571 0x0768 tssecsrv - ok
23:03:31.0602 0x0768 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:03:31.0602 0x0768 tunmp - ok
23:03:31.0618 0x0768 [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:03:31.0633 0x0768 tunnel - ok
23:03:31.0649 0x0768 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:03:31.0665 0x0768 uagp35 - ok
23:03:31.0696 0x0768 [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:03:31.0696 0x0768 UBHelper - ok
23:03:31.0727 0x0768 [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:03:31.0758 0x0768 udfs - ok
23:03:31.0805 0x0768 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:03:31.0821 0x0768 UI0Detect - ok
23:03:31.0852 0x0768 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:03:31.0867 0x0768 uliagpkx - ok
23:03:31.0883 0x0768 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:03:31.0914 0x0768 uliahci - ok
23:03:31.0977 0x0768 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:03:31.0992 0x0768 UlSata - ok
23:03:32.0023 0x0768 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:03:32.0039 0x0768 ulsata2 - ok
23:03:32.0070 0x0768 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:03:32.0070 0x0768 umbus - ok
23:03:32.0101 0x0768 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
23:03:32.0117 0x0768 upnphost - ok
23:03:32.0164 0x0768 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:03:32.0179 0x0768 USBAAPL - ok
23:03:32.0211 0x0768 [ AFB10A231254A1920C3BB4A0D02E1CA6, 8B9748B9935812ED7F318733D9F1390379EEC27F81F95C181548A11E13AD51D2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:32.0226 0x0768 usbccgp - ok
23:03:32.0257 0x0768 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:03:32.0273 0x0768 usbcir - ok
23:03:32.0304 0x0768 [ 44245742C4ED2EAFD69020583424455B, 143E7ADD24C2839D90916533B51AAB221DC0CEB088C0496BB7054CDC553C3A20 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:03:32.0320 0x0768 usbehci - ok
23:03:32.0351 0x0768 [ DB39B3F83AF77BCA019D7DF6AADDBDAE, D3FAD71C8BA3850D7AF732DC76550E4A2C83A250A7E11480A915E458676BD36E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:03:32.0382 0x0768 usbhub - ok
23:03:32.0413 0x0768 [ 5FEE2A4AAAEBCD2E6576E7C90959B3FD, B5BC6BAA54A229A6AB3324F080EC441B27E2F8AE6E08A0DE3A19EA2CF9C228F6 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:03:32.0429 0x0768 usbohci - ok
23:03:32.0460 0x0768 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:03:32.0476 0x0768 usbprint - ok
23:03:32.0538 0x0768 [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:03:32.0554 0x0768 usbscan - ok
23:03:32.0585 0x0768 [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:32.0601 0x0768 USBSTOR - ok
23:03:32.0647 0x0768 [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:03:32.0663 0x0768 usbuhci - ok
23:03:32.0710 0x0768 [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:03:32.0725 0x0768 usbvideo - ok
23:03:32.0757 0x0768 [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms C:\Windows\System32\uxsms.dll
23:03:32.0757 0x0768 UxSms - ok
23:03:32.0803 0x0768 [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds C:\Windows\System32\vds.exe
23:03:32.0819 0x0768 vds - ok
23:03:32.0897 0x0768 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:32.0913 0x0768 vga - ok
23:03:32.0944 0x0768 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:03:32.0959 0x0768 VgaSave - ok
23:03:33.0006 0x0768 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:03:33.0022 0x0768 viaagp - ok
23:03:33.0037 0x0768 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:03:33.0038 0x0768 ViaC7 - ok
23:03:33.0070 0x0768 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
23:03:33.0085 0x0768 viaide - ok
23:03:33.0116 0x0768 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:03:33.0132 0x0768 volmgr - ok
23:03:33.0179 0x0768 [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:03:33.0210 0x0768 volmgrx - ok
23:03:33.0226 0x0768 [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:03:33.0241 0x0768 volsnap - ok
23:03:33.0288 0x0768 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:03:33.0304 0x0768 vsmraid - ok
23:03:33.0569 0x0768 [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS C:\Windows\system32\vssvc.exe
23:03:33.0694 0x0768 VSS - ok
23:03:33.0756 0x0768 [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time C:\Windows\system32\w32time.dll
23:03:33.0787 0x0768 W32Time - ok
23:03:33.0818 0x0768 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:03:33.0834 0x0768 WacomPen - ok
23:03:33.0865 0x0768 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:03:33.0896 0x0768 Wanarp - ok
23:03:33.0928 0x0768 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:03:33.0928 0x0768 Wanarpv6 - ok
23:03:33.0990 0x0768 [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:03:34.0052 0x0768 wcncsvc - ok
23:03:34.0084 0x0768 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:34.0099 0x0768 WcsPlugInService - ok
23:03:34.0115 0x0768 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
23:03:34.0146 0x0768 Wd - ok
23:03:34.0286 0x0768 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:03:34.0349 0x0768 Wdf01000 - ok
23:03:34.0396 0x0768 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:03:34.0411 0x0768 WdiServiceHost - ok
23:03:34.0427 0x0768 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:03:34.0442 0x0768 WdiSystemHost - ok
23:03:34.0489 0x0768 [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient C:\Windows\System32\webclnt.dll
23:03:34.0505 0x0768 WebClient - ok
23:03:34.0552 0x0768 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:03:34.0567 0x0768 Wecsvc - ok
23:03:34.0614 0x0768 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:03:34.0630 0x0768 wercplsupport - ok
23:03:34.0708 0x0768 [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc C:\Windows\System32\WerSvc.dll
23:03:34.0708 0x0768 WerSvc - ok
23:03:34.0879 0x0768 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:03:34.0910 0x0768 WinDefend - ok
23:03:34.0926 0x0768 WinHttpAutoProxySvc - ok
23:03:35.0051 0x0768 [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:03:35.0113 0x0768 Winmgmt - ok
23:03:35.0238 0x0768 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
23:03:35.0316 0x0768 WinRM - ok
23:03:35.0456 0x0768 [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:03:35.0503 0x0768 Wlansvc - ok
23:03:35.0534 0x0768 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:03:35.0534 0x0768 WmiAcpi - ok
23:03:35.0612 0x0768 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:03:35.0659 0x0768 wmiApSrv - ok
23:03:35.0924 0x0768 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:36.0018 0x0768 WMPNetworkSvc - ok
23:03:36.0065 0x0768 [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:03:36.0080 0x0768 WPCSvc - ok
23:03:36.0127 0x0768 [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:03:36.0127 0x0768 WPDBusEnum - ok
23:03:36.0190 0x0768 [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:03:36.0205 0x0768 WpdUsb - ok
23:03:36.0502 0x0768 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:36.0533 0x0768 WPFFontCache_v0400 - ok
23:03:36.0580 0x0768 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:03:36.0595 0x0768 ws2ifsl - ok
23:03:36.0642 0x0768 [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc C:\Windows\System32\wscsvc.dll
23:03:36.0658 0x0768 wscsvc - ok
23:03:36.0658 0x0768 WSearch - ok
23:03:37.0126 0x0768 [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv C:\Windows\system32\wuaueng.dll
23:03:37.0266 0x0768 wuauserv - ok
23:03:37.0328 0x0768 [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:37.0344 0x0768 WUDFRd - ok
23:03:37.0391 0x0768 [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:03:37.0406 0x0768 wudfsvc - ok
23:03:37.0438 0x0768 ================ Scan global ===============================
23:03:37.0469 0x0768 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:03:37.0594 0x0768 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:03:37.0609 0x0768 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:03:37.0718 0x0768 [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
23:03:37.0734 0x0768 [ Global ] - ok
23:03:37.0734 0x0768 ================ Scan MBR ==================================
23:03:37.0765 0x0768 [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0
23:03:41.0150 0x0768 \Device\Harddisk0\DR0 - ok
23:03:41.0150 0x0768 ================ Scan VBR ==================================
23:03:41.0166 0x0768 [ 43D87206C057BCE97569830AF6F4007B ] \Device\Harddisk0\DR0\Partition1
23:03:41.0213 0x0768 \Device\Harddisk0\DR0\Partition1 - ok
23:03:41.0244 0x0768 [ 0983BC0F70EBA7ECAEB0375F4B675ACD ] \Device\Harddisk0\DR0\Partition2
23:03:41.0275 0x0768 \Device\Harddisk0\DR0\Partition2 - ok
23:03:41.0291 0x0768
|
|
23.03.2015, 23:18
| #12 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt (Teil2) Code:
ATTFilter ================ Scan generic autorun ======================
23:03:41.0384 0x0768 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:03:41.0462 0x0768 Windows Defender - ok
23:03:41.0868 0x0768 [ C459786D07FEAD5717DD1AC287BB2519, 05858DD2145B7822959FCB0B8132A1D0BD3CA05DEF40F85008EB0C1F02FE29EF ] C:\Windows\RtHDVCpl.exe
23:03:42.0055 0x0768 RtHDVCpl - ok
23:03:42.0242 0x0768 [ 19D93154C82FE39A99B269CED1056A92, 1E3EE58A7B5F24402A26A4DE0BF0C4F4D14629BB22174A7D81E305486584C1F2 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:03:42.0289 0x0768 SynTPEnh - ok
23:03:42.0320 0x0768 [ 6882D187F65ECA79110848A68FDEB2BF, 1BE59945F6D5040E9675DC31C27AD230D4C2C02B84BD4E16AB459D04D9B9E7B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
23:03:42.0336 0x0768 BkupTray - ok
23:03:42.0383 0x0768 [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:03:42.0398 0x0768 Adobe Reader Speed Launcher - ok
23:03:42.0414 0x0768 NvCplDaemon - ok
23:03:42.0414 0x0768 NvMediaCenter - ok
23:03:42.0445 0x0768 [ E3CC162D68C5443C98FA67D34D1EDFDF, 5BBD2706373CF6A07E6BA0ADC4BA9DC4152A6D3599FBC3F8FA96365949AE8F73 ] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
23:03:42.0461 0x0768 WarReg_PopUp - ok
23:03:42.0523 0x0768 [ 5676E75F98FF8E0F81DFF604A09288BB, 4A0F928EC4A76EF479DA418E613D560DDF0BC1BAE11F28214B181129781392E6 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
23:03:42.0539 0x0768 TkBellExe - ok
23:03:42.0554 0x0768 Seagull Drivers - ok
23:03:42.0601 0x0768 [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:03:42.0632 0x0768 SunJavaUpdateSched - ok
23:03:42.0679 0x0768 [ CA1930CFDA3D4FCEDA5ADD18EB8A3B34, 91A8DC83D6A3F79F17680FF1E7714876199EC73DE8766E2A17FC657D765DFE84 ] C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe
23:03:42.0710 0x0768 PDF7 Registry Controller - ok
23:03:42.0757 0x0768 [ 8F28FBD3B4D76E8A7FD5C6931F33A108, 417B62C25437BA7A266FEB2E4948AC01A0E36ECE04F2373C7BBCD3F8C20090C4 ] C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe
23:03:42.0788 0x0768 Nuance PDF Converter 7-reminder - ok
23:03:42.0866 0x0768 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
23:03:42.0913 0x0768 QuickTime Task - ok
23:03:42.0976 0x0768 [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
23:03:43.0007 0x0768 iTunesHelper - ok
23:03:43.0178 0x0768 [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
23:03:43.0241 0x0768 avgnt - ok
23:03:43.0366 0x0768 [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
23:03:43.0366 0x0768 Avira Systray - ok
23:03:43.0522 0x0768 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:43.0646 0x0768 Sidebar - ok
23:03:43.0662 0x0768 WindowsWelcomeCenter - ok
23:03:43.0740 0x0768 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:43.0771 0x0768 Sidebar - ok
23:03:43.0771 0x0768 WindowsWelcomeCenter - ok
23:03:43.0834 0x0768 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:03:43.0865 0x0768 ehTray.exe - ok
23:03:43.0880 0x0768 TomTomHOME.exe - ok
23:03:43.0958 0x0768 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
23:03:43.0990 0x0768 ISUSPM - ok
23:03:44.0005 0x0768 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:03:44.0036 0x0768 WMPNSCFG - ok
23:03:44.0036 0x0768 Waiting for KSN requests completion. In queue: 19
23:03:45.0222 0x0768 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41010 ( enabled : outofdate )
23:03:45.0284 0x0768 Win FW state via NFP2: enabled
23:03:45.0550 0x0768 ============================================================
23:03:45.0550 0x0768 Scan finished
23:03:45.0550 0x0768 ============================================================
23:03:45.0565 0x0758 Detected object count: 0
23:03:45.0565 0x0758 Actual detected object count: 0
23:04:45.0030 0x14e0 ============================================================
23:04:45.0030 0x14e0 Scan started
23:04:45.0030 0x14e0 Mode: Manual; SigCheck; TDLFS;
23:04:45.0030 0x14e0 ============================================================
23:04:45.0030 0x14e0 KSN ping started
23:04:45.0248 0x14e0 KSN ping finished: true
23:04:45.0685 0x14e0 ================ Scan system memory ========================
23:04:45.0685 0x14e0 System memory - ok
23:04:45.0685 0x14e0 ================ Scan services =============================
23:04:45.0763 0x14e0 [ F73DB97453B47B805B73A98023961505, 483F82A46AD73B3736F63CC5B473E0D47D04F1B4A3B40A49024165ACC2CC98FD ] AAV UpdateService C:\Program Files\Common Files\AAV\aavus.exe
23:04:45.0881 0x14e0 AAV UpdateService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:45.0881 0x14e0 Detect skipped due to KSN trusted
23:04:45.0881 0x14e0 AAV UpdateService - ok
23:04:46.0037 0x14e0 [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:04:46.0099 0x14e0 ACPI - ok
23:04:46.0177 0x14e0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:46.0208 0x14e0 AdobeFlashPlayerUpdateSvc - ok
23:04:46.0271 0x14e0 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:04:46.0318 0x14e0 adp94xx - ok
23:04:46.0364 0x14e0 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:04:46.0380 0x14e0 adpahci - ok
23:04:46.0411 0x14e0 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:04:46.0427 0x14e0 adpu160m - ok
23:04:46.0458 0x14e0 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:04:46.0489 0x14e0 adpu320 - ok
23:04:46.0504 0x14e0 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:04:46.0625 0x14e0 AeLookupSvc - ok
23:04:46.0656 0x14e0 [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD C:\Windows\system32\drivers\afd.sys
23:04:46.0741 0x14e0 AFD - ok
23:04:46.0797 0x14e0 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:04:46.0798 0x14e0 agp440 - ok
23:04:46.0842 0x14e0 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:04:46.0857 0x14e0 aic78xx - ok
23:04:46.0893 0x14e0 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
23:04:46.0934 0x14e0 ALG - ok
23:04:46.0956 0x14e0 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
23:04:46.0967 0x14e0 aliide - ok
23:04:46.0990 0x14e0 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:04:47.0002 0x14e0 amdagp - ok
23:04:47.0047 0x14e0 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
23:04:47.0048 0x14e0 amdide - ok
23:04:47.0085 0x14e0 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:04:47.0164 0x14e0 AmdK7 - ok
23:04:47.0166 0x14e0 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:04:47.0216 0x14e0 AmdK8 - ok
23:04:47.0385 0x14e0 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:04:47.0431 0x14e0 AntiVirSchedulerService - ok
23:04:47.0459 0x14e0 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:04:47.0529 0x14e0 AntiVirService - ok
23:04:47.0556 0x14e0 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
23:04:47.0613 0x14e0 Appinfo - ok
23:04:47.0713 0x14e0 [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:04:47.0728 0x14e0 Apple Mobile Device - ok
23:04:47.0764 0x14e0 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
23:04:47.0764 0x14e0 arc - ok
23:04:47.0796 0x14e0 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:04:47.0811 0x14e0 arcsas - ok
23:04:47.0827 0x14e0 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:47.0885 0x14e0 AsyncMac - ok
23:04:47.0916 0x14e0 [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi C:\Windows\system32\drivers\atapi.sys
23:04:47.0932 0x14e0 atapi - ok
23:04:47.0963 0x14e0 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:04:48.0025 0x14e0 AudioEndpointBuilder - ok
23:04:48.0041 0x14e0 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:04:48.0065 0x14e0 Audiosrv - ok
23:04:48.0114 0x14e0 [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:04:48.0161 0x14e0 avgntflt - ok
23:04:48.0207 0x14e0 [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:04:48.0223 0x14e0 avipbb - ok
23:04:48.0350 0x14e0 [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
23:04:48.0381 0x14e0 Avira.OE.ServiceHost - ok
23:04:48.0412 0x14e0 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:04:48.0428 0x14e0 avkmgr - ok
23:04:48.0475 0x14e0 [ 6FB43F0DADB3FDC287D080C19666AF8D, D2AA2172CEAF5954E4F04728D1BC9EA7C47A20E8918E876287FC766895FB617A ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:04:48.0537 0x14e0 b57nd60x - ok
23:04:48.0600 0x14e0 [ C38077D14ADF896EE1E1DBBCBCF77E14, 93CAEB3C124277D4C9D4E4622AB2213ECC60AAFFA754197297583431EDAE0472 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:04:48.0705 0x14e0 BCM43XX - ok
23:04:48.0763 0x14e0 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
23:04:48.0827 0x14e0 Beep - ok
23:04:48.0880 0x14e0 [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE C:\Windows\System32\bfe.dll
23:04:48.0965 0x14e0 BFE - ok
23:04:49.0012 0x14e0 [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS C:\Windows\System32\qmgr.dll
23:04:49.0105 0x14e0 BITS - ok
23:04:49.0137 0x14e0 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:04:49.0183 0x14e0 blbdrive - ok
23:04:49.0246 0x14e0 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:04:49.0293 0x14e0 Bonjour Service - ok
23:04:49.0355 0x14e0 [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:04:49.0417 0x14e0 bowser - ok
23:04:49.0449 0x14e0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:04:49.0511 0x14e0 BrFiltLo - ok
23:04:49.0542 0x14e0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:04:49.0605 0x14e0 BrFiltUp - ok
23:04:49.0636 0x14e0 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
23:04:49.0714 0x14e0 Browser - ok
23:04:49.0761 0x14e0 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:04:49.0948 0x14e0 Brserid - ok
23:04:49.0979 0x14e0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:04:50.0042 0x14e0 BrSerWdm - ok
23:04:50.0059 0x14e0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:04:50.0166 0x14e0 BrUsbMdm - ok
23:04:50.0191 0x14e0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:04:50.0270 0x14e0 BrUsbSer - ok
23:04:50.0308 0x14e0 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:04:50.0401 0x14e0 BTHMODEM - ok
23:04:50.0478 0x14e0 [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
23:04:50.0478 0x14e0 BUNAgentSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:04:50.0478 0x14e0 Detect skipped due to KSN trusted
23:04:50.0478 0x14e0 BUNAgentSvc - ok
23:04:50.0493 0x14e0 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:04:50.0540 0x14e0 cdfs - ok
23:04:50.0571 0x14e0 [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:04:50.0603 0x14e0 cdrom - ok
23:04:50.0634 0x14e0 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc C:\Windows\System32\certprop.dll
23:04:50.0681 0x14e0 CertPropSvc - ok
23:04:50.0712 0x14e0 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
23:04:50.0743 0x14e0 circlass - ok
23:04:50.0774 0x14e0 [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS C:\Windows\system32\CLFS.sys
23:04:50.0805 0x14e0 CLFS - ok
23:04:50.0899 0x14e0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:50.0915 0x14e0 clr_optimization_v2.0.50727_32 - ok
23:04:50.0959 0x14e0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:50.0986 0x14e0 clr_optimization_v4.0.30319_32 - ok
23:04:51.0022 0x14e0 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:51.0132 0x14e0 CmBatt - ok
23:04:51.0164 0x14e0 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:04:51.0183 0x14e0 cmdide - ok
23:04:51.0327 0x14e0 [ B80751FE12E2FEF90AA0960AE7358E89, 906D83FB63BD1814731E92257B8FD5381225EA4CFA76D91045F2C00278F5A58E ] ComodoBackupService C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
23:04:51.0483 0x14e0 ComodoBackupService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:51.0483 0x14e0 Detect skipped due to KSN trusted
23:04:51.0483 0x14e0 ComodoBackupService - ok
23:04:51.0514 0x14e0 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:04:51.0529 0x14e0 Compbatt - ok
23:04:51.0545 0x14e0 COMSysApp - ok
23:04:51.0561 0x14e0 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:04:51.0576 0x14e0 crcdisk - ok
23:04:51.0607 0x14e0 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:04:51.0670 0x14e0 Crusoe - ok
23:04:51.0717 0x14e0 [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:04:51.0763 0x14e0 CryptSvc - ok
23:04:51.0826 0x14e0 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:04:51.0888 0x14e0 DcomLaunch - ok
23:04:51.0935 0x14e0 [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:04:51.0966 0x14e0 DfsC - ok
23:04:52.0153 0x14e0 [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR C:\Windows\system32\DFSR.exe
23:04:52.0294 0x14e0 DFSR - ok
23:04:52.0341 0x14e0 [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:04:52.0403 0x14e0 Dhcp - ok
23:04:52.0434 0x14e0 [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk C:\Windows\system32\drivers\disk.sys
23:04:52.0450 0x14e0 disk - ok
23:04:52.0450 0x14e0 DKbFltr - ok
23:04:52.0512 0x14e0 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:04:52.0559 0x14e0 Dnscache - ok
23:04:52.0606 0x14e0 [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc C:\Windows\System32\dot3svc.dll
23:04:52.0684 0x14e0 dot3svc - ok
23:04:52.0731 0x14e0 [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:04:52.0809 0x14e0 Dot4 - ok
23:04:52.0824 0x14e0 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:04:52.0887 0x14e0 Dot4Print - ok
23:04:52.0933 0x14e0 [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:04:53.0011 0x14e0 dot4usb - ok
23:04:53.0043 0x14e0 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
23:04:53.0105 0x14e0 DPS - ok
23:04:53.0136 0x14e0 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:04:53.0167 0x14e0 drmkaud - ok
23:04:53.0230 0x14e0 [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:04:53.0386 0x14e0 DXGKrnl - ok
23:04:53.0417 0x14e0 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:04:53.0464 0x14e0 E1G60 - ok
23:04:53.0495 0x14e0 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
23:04:53.0542 0x14e0 EapHost - ok
23:04:53.0557 0x14e0 [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:04:53.0573 0x14e0 Ecache - ok
23:04:53.0651 0x14e0 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:04:53.0667 0x14e0 ehRecvr - ok
23:04:53.0698 0x14e0 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
23:04:53.0745 0x14e0 ehSched - ok
23:04:53.0776 0x14e0 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
23:04:53.0791 0x14e0 ehstart - ok
23:04:53.0838 0x14e0 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:04:53.0854 0x14e0 elxstor - ok
23:04:53.0916 0x14e0 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:04:54.0010 0x14e0 EMDMgmt - ok
23:04:54.0025 0x14e0 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:04:54.0072 0x14e0 ErrDev - ok
23:04:54.0135 0x14e0 [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
23:04:54.0150 0x14e0 ETService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:54.0150 0x14e0 Detect skipped due to KSN trusted
23:04:54.0150 0x14e0 ETService - ok
23:04:54.0213 0x14e0 [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem C:\Windows\system32\es.dll
23:04:54.0259 0x14e0 EventSystem - ok
23:04:54.0291 0x14e0 [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat C:\Windows\system32\drivers\exfat.sys
23:04:54.0337 0x14e0 exfat - ok
23:04:54.0369 0x14e0 [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:04:54.0415 0x14e0 fastfat - ok
23:04:54.0447 0x14e0 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:04:54.0493 0x14e0 fdc - ok
23:04:54.0525 0x14e0 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
23:04:54.0571 0x14e0 fdPHost - ok
23:04:54.0571 0x14e0 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
23:04:54.0634 0x14e0 FDResPub - ok
23:04:54.0665 0x14e0 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:04:54.0681 0x14e0 FileInfo - ok
23:04:54.0712 0x14e0 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:04:54.0759 0x14e0 Filetrace - ok
23:04:54.0821 0x14e0 [ 6B82884EED135613E3E560204DB4242D, A56FF600CBFC02B0E5E7C0180F3221E3BEF3102DC6877074FBFA90502F886478 ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
23:04:54.0821 0x14e0 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
23:04:54.0821 0x14e0 Detect skipped due to KSN trusted
23:04:54.0821 0x14e0 FirebirdGuardianDefaultInstance - ok
23:04:55.0086 0x14e0 [ ECD2FFCFE1C21C00E0DE0B0866EDDF38, 1DA942358F97518E68057093C86157A441140517F1B04AB75E20C44F2CED7563 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
23:04:55.0398 0x14e0 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
23:04:55.0398 0x14e0 Detect skipped due to KSN trusted
23:04:55.0398 0x14e0 FirebirdServerDefaultInstance - ok
23:04:55.0429 0x14e0 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:04:55.0461 0x14e0 flpydisk - ok
23:04:55.0507 0x14e0 [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:04:55.0523 0x14e0 FltMgr - ok
23:04:55.0601 0x14e0 [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:04:55.0617 0x14e0 FontCache3.0.0.0 - ok
23:04:55.0648 0x14e0 [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:04:55.0679 0x14e0 Fs_Rec - ok
23:04:55.0726 0x14e0 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:04:55.0726 0x14e0 gagp30kx - ok
23:04:55.0773 0x14e0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:04:55.0773 0x14e0 GEARAspiWDM - ok
23:04:55.0851 0x14e0 [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc C:\Windows\System32\gpsvc.dll
23:04:55.0960 0x14e0 gpsvc - ok
23:04:56.0022 0x14e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:04:56.0038 0x14e0 gupdate - ok
23:04:56.0038 0x14e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:04:56.0053 0x14e0 gupdatem - ok
23:04:56.0100 0x14e0 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:04:56.0178 0x14e0 HdAudAddService - ok
23:04:56.0194 0x14e0 [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:56.0241 0x14e0 HDAudBus - ok
23:04:56.0256 0x14e0 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:04:56.0334 0x14e0 HidBth - ok
23:04:56.0350 0x14e0 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
23:04:56.0412 0x14e0 HidIr - ok
23:04:56.0459 0x14e0 [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv C:\Windows\system32\hidserv.dll
23:04:56.0524 0x14e0 hidserv - ok
23:04:56.0540 0x14e0 [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:04:56.0587 0x14e0 HidUsb - ok
23:04:56.0618 0x14e0 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
23:04:56.0665 0x14e0 hkmsvc - ok
23:04:56.0712 0x14e0 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:04:56.0727 0x14e0 HpCISSs - ok
23:04:56.0790 0x14e0 [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:04:56.0899 0x14e0 HTTP - ok
23:04:56.0914 0x14e0 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:04:56.0930 0x14e0 i2omp - ok
23:04:56.0977 0x14e0 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:57.0024 0x14e0 i8042prt - ok
23:04:57.0070 0x14e0 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:04:57.0086 0x14e0 iaStorV - ok
23:04:57.0224 0x14e0 [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:04:57.0302 0x14e0 idsvc - ok
23:04:57.0349 0x14e0 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:04:57.0364 0x14e0 iirsp - ok
23:04:57.0411 0x14e0 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT C:\Windows\System32\ikeext.dll
23:04:57.0473 0x14e0 IKEEXT - ok
23:04:57.0536 0x14e0 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15 C:\Windows\system32\drivers\int15.sys
23:04:57.0551 0x14e0 int15 - ok
23:04:57.0676 0x14e0 [ FE912E4A9719A9792669DEBB403CB9B1, C3C7F4B98B6EC5266AF29B9AC8373424D8A5035CDFF60DB85DB336819BFE8F39 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:04:57.0785 0x14e0 IntcAzAudAddService - ok
23:04:57.0848 0x14e0 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
23:04:57.0848 0x14e0 intelide - ok
23:04:57.0879 0x14e0 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:04:57.0926 0x14e0 intelppm - ok
23:04:57.0988 0x14e0 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:04:58.0066 0x14e0 IPBusEnum - ok
23:04:58.0082 0x14e0 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:58.0147 0x14e0 IpFilterDriver - ok
23:04:58.0178 0x14e0 [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:04:58.0225 0x14e0 iphlpsvc - ok
23:04:58.0240 0x14e0 IpInIp - ok
23:04:58.0287 0x14e0 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:04:58.0318 0x14e0 IPMIDRV - ok
23:04:58.0319 0x14e0 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:04:58.0389 0x14e0 IPNAT - ok
23:04:58.0436 0x14e0 [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:04:58.0452 0x14e0 iPod Service - ok
23:04:58.0476 0x14e0 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:04:58.0512 0x14e0 IRENUM - ok
23:04:58.0564 0x14e0 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:04:58.0577 0x14e0 isapnp - ok
23:04:58.0644 0x14e0 [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:04:58.0645 0x14e0 iScsiPrt - ok
23:04:58.0660 0x14e0 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:04:58.0675 0x14e0 iteatapi - ok
23:04:58.0699 0x14e0 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:04:58.0712 0x14e0 iteraid - ok
23:04:58.0749 0x14e0 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:04:58.0762 0x14e0 IviRegMgr - ok
23:04:58.0814 0x14e0 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:58.0829 0x14e0 kbdclass - ok
23:04:58.0845 0x14e0 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:58.0907 0x14e0 kbdhid - ok
23:04:58.0923 0x14e0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso C:\Windows\system32\lsass.exe
23:04:58.0954 0x14e0 KeyIso - ok
23:04:59.0016 0x14e0 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:04:59.0064 0x14e0 KSecDD - ok
23:04:59.0129 0x14e0 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:04:59.0254 0x14e0 KtmRm - ok
23:04:59.0272 0x14e0 [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:04:59.0312 0x14e0 LanmanServer - ok
23:04:59.0367 0x14e0 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:04:59.0426 0x14e0 LanmanWorkstation - ok
23:04:59.0494 0x14e0 [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:04:59.0504 0x14e0 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:59.0504 0x14e0 Detect skipped due to KSN trusted
23:04:59.0504 0x14e0 LightScribeService - ok
23:04:59.0532 0x14e0 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:04:59.0576 0x14e0 lltdio - ok
23:04:59.0629 0x14e0 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:04:59.0691 0x14e0 lltdsvc - ok
23:04:59.0707 0x14e0 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:04:59.0785 0x14e0 lmhosts - ok
23:04:59.0816 0x14e0 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:04:59.0831 0x14e0 LSI_FC - ok
23:04:59.0878 0x14e0 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:04:59.0878 0x14e0 LSI_SAS - ok
23:04:59.0909 0x14e0 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:04:59.0925 0x14e0 LSI_SCSI - ok
23:04:59.0941 0x14e0 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
23:04:59.0987 0x14e0 luafv - ok
23:05:00.0034 0x14e0 [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
23:05:00.0050 0x14e0 mbamchameleon - ok
23:05:00.0062 0x14e0 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:05:00.0103 0x14e0 MBAMSwissArmy - ok
23:05:00.0134 0x14e0 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:05:00.0165 0x14e0 Mcx2Svc - ok
23:05:00.0212 0x14e0 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
23:05:00.0228 0x14e0 megasas - ok
23:05:00.0259 0x14e0 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:05:00.0297 0x14e0 MegaSR - ok
23:05:00.0344 0x14e0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
23:05:00.0406 0x14e0 MMCSS - ok
23:05:00.0422 0x14e0 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
23:05:00.0469 0x14e0 Modem - ok
23:05:00.0500 0x14e0 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:05:00.0531 0x14e0 monitor - ok
23:05:00.0562 0x14e0 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:05:00.0578 0x14e0 mouclass - ok
23:05:00.0594 0x14e0 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:05:00.0640 0x14e0 mouhid - ok
23:05:00.0656 0x14e0 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:05:00.0672 0x14e0 MountMgr - ok
23:05:00.0734 0x14e0 [ 8446B9C86C11F94502BC55321637FDE9, D04BAF2FB69526BB6B4182FB7284F61E311CEB313142C3A46BD2741D515457CF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:05:00.0750 0x14e0 MozillaMaintenance - ok
23:05:00.0765 0x14e0 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:05:00.0781 0x14e0 mpio - ok
23:05:00.0812 0x14e0 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:05:00.0843 0x14e0 mpsdrv - ok
23:05:00.0890 0x14e0 [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:05:00.0968 0x14e0 MpsSvc - ok
23:05:01.0015 0x14e0 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:05:01.0030 0x14e0 Mraid35x - ok
23:05:01.0062 0x14e0 [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:05:01.0108 0x14e0 MRxDAV - ok
23:05:01.0155 0x14e0 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:01.0233 0x14e0 mrxsmb - ok
23:05:01.0249 0x14e0 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:01.0327 0x14e0 mrxsmb10 - ok
23:05:01.0342 0x14e0 [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:01.0374 0x14e0 mrxsmb20 - ok
23:05:01.0390 0x14e0 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
23:05:01.0398 0x14e0 msahci - ok
23:05:01.0422 0x14e0 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:05:01.0435 0x14e0 msdsm - ok
23:05:01.0492 0x14e0 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
23:05:01.0539 0x14e0 MSDTC - ok
23:05:01.0570 0x14e0 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:05:01.0603 0x14e0 Msfs - ok
23:05:01.0614 0x14e0 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:05:01.0632 0x14e0 msisadrv - ok
23:05:01.0670 0x14e0 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:05:01.0729 0x14e0 MSiSCSI - ok
23:05:01.0734 0x14e0 msiserver - ok
23:05:01.0769 0x14e0 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:05:01.0814 0x14e0 MSKSSRV - ok
23:05:01.0837 0x14e0 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:01.0873 0x14e0 MSPCLOCK - ok
23:05:01.0892 0x14e0 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:05:01.0923 0x14e0 MSPQM - ok
23:05:01.0961 0x14e0 [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:05:01.0977 0x14e0 MsRPC - ok
23:05:02.0031 0x14e0 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:02.0046 0x14e0 mssmbios - ok
23:05:02.0062 0x14e0 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:05:02.0093 0x14e0 MSTEE - ok
23:05:02.0109 0x14e0 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup C:\Windows\system32\Drivers\mup.sys
23:05:02.0124 0x14e0 Mup - ok
23:05:02.0202 0x14e0 [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent C:\Windows\system32\qagentRT.dll
23:05:02.0249 0x14e0 napagent - ok
23:05:02.0280 0x14e0 [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:05:02.0312 0x14e0 NativeWifiP - ok
23:05:02.0358 0x14e0 [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:05:02.0390 0x14e0 NDIS - ok
23:05:02.0421 0x14e0 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:02.0452 0x14e0 NdisTapi - ok
23:05:02.0468 0x14e0 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:02.0484 0x14e0 Ndisuio - ok
23:05:02.0514 0x14e0 [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:02.0552 0x14e0 NdisWan - ok
23:05:02.0574 0x14e0 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:05:02.0600 0x14e0 NDProxy - ok
23:05:02.0645 0x14e0 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:05:02.0655 0x14e0 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:05:02.0655 0x14e0 Detect skipped due to KSN trusted
23:05:02.0655 0x14e0 Net Driver HPZ12 - ok
23:05:02.0663 0x14e0 Netaapl - ok
23:05:02.0690 0x14e0 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:05:02.0738 0x14e0 NetBIOS - ok
23:05:02.0776 0x14e0 [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:05:02.0818 0x14e0 netbt - ok
23:05:02.0837 0x14e0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon C:\Windows\system32\lsass.exe
23:05:02.0854 0x14e0 Netlogon - ok
23:05:02.0907 0x14e0 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
23:05:02.0954 0x14e0 Netman - ok
23:05:03.0032 0x14e0 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
23:05:03.0079 0x14e0 netprofm - ok
23:05:03.0096 0x14e0 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:05:03.0131 0x14e0 NetTcpPortSharing - ok
23:05:03.0178 0x14e0 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:05:03.0194 0x14e0 nfrd960 - ok
23:05:03.0209 0x14e0 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
23:05:03.0256 0x14e0 NlaSvc - ok
23:05:03.0272 0x14e0 [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:05:03.0318 0x14e0 Npfs - ok
23:05:03.0350 0x14e0 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
23:05:03.0381 0x14e0 nsi - ok
23:05:03.0396 0x14e0 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:05:03.0443 0x14e0 nsiproxy - ok
23:05:03.0506 0x14e0 [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:05:03.0677 0x14e0 Ntfs - ok
23:05:03.0724 0x14e0 [ CB76F68BA0D57C5D25B538981B1C611C, D078ADEFCF1559EA86AFBD3F6766065EE12B85CF44736A87D4140FB0C480215E ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:05:03.0755 0x14e0 NTIBackupSvc - ok
23:05:03.0786 0x14e0 [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:05:03.0802 0x14e0 NTIDrvr - ok
23:05:03.0833 0x14e0 [ DF1C10A75DF7E50195FC417F88A33227, 1551A6243236FD46F34C6F2443A3CC78D5424D9BCECB8576227A9E0AC91EC804 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:05:03.0849 0x14e0 NTISchedulerSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:05:03.0849 0x14e0 Detect skipped due to KSN trusted
23:05:03.0849 0x14e0 NTISchedulerSvc - ok
23:05:03.0880 0x14e0 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:05:03.0942 0x14e0 ntrigdigi - ok
23:05:03.0958 0x14e0 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
23:05:04.0020 0x14e0 Null - ok
23:05:04.0473 0x14e0 [ EC0E8BC4CA37007DDB51F0DCC0C5472F, 38F04B90DDE98FCA37264CC7A71A7E42273CDFFE2C2571EB203522503B60213D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:05.0284 0x14e0 nvlddmkm - ok
23:05:05.0378 0x14e0 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:05:05.0393 0x14e0 nvraid - ok
23:05:05.0424 0x14e0 [ 736054614AB962D4EC01EF4ABCE115F1, 64AB175B70FEE31367961469603D091E01FBC8F343099005FD06B2B9314655E0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
23:05:05.0471 0x14e0 nvsmu - ok
23:05:05.0502 0x14e0 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:05:05.0518 0x14e0 nvstor - ok
23:05:05.0549 0x14e0 [ 1199B2052F7861C1D39C2318E70904C9, A3CAE98D7A4023487D6A118D070AFE00A2B8113DF89828F173C69255B2F3C267 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:05:05.0596 0x14e0 nvstor32 - ok
23:05:05.0643 0x14e0 [ 6A4BB2DDFA34BC3C4D20478B1F0E335C, 22DA3DFB91A0BA1A468F18C560FE636D3E99456E3499A55B52B6B3E3F1CCBB5E ] nvsvc C:\Windows\system32\nvvsvc.exe
23:05:05.0690 0x14e0 nvsvc - ok
23:05:05.0736 0x14e0 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:05:05.0752 0x14e0 nv_agp - ok
23:05:05.0768 0x14e0 NwlnkFlt - ok
23:05:05.0783 0x14e0 NwlnkFwd - ok
23:05:05.0877 0x14e0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:05:05.0924 0x14e0 odserv - ok
23:05:05.0970 0x14e0 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:05:06.0033 0x14e0 ohci1394 - ok
23:05:06.0064 0x14e0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:06.0080 0x14e0 ose - ok
23:05:06.0126 0x14e0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:05:06.0236 0x14e0 p2pimsvc - ok
23:05:06.0282 0x14e0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc C:\Windows\system32\p2psvc.dll
23:05:06.0329 0x14e0 p2psvc - ok
23:05:06.0376 0x14e0 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
23:05:06.0470 0x14e0 Parport - ok
23:05:06.0501 0x14e0 [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:05:06.0516 0x14e0 partmgr - ok
23:05:06.0548 0x14e0 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:05:06.0610 0x14e0 Parvdm - ok
23:05:06.0641 0x14e0 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
23:05:06.0672 0x14e0 PcaSvc - ok
23:05:06.0704 0x14e0 [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci C:\Windows\system32\drivers\pci.sys
23:05:06.0719 0x14e0 pci - ok
23:05:06.0735 0x14e0 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
23:05:06.0766 0x14e0 pciide - ok
23:05:06.0782 0x14e0 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:05:06.0797 0x14e0 pcmcia - ok
23:05:06.0860 0x14e0 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:05:06.0969 0x14e0 PEAUTH - ok
23:05:07.0125 0x14e0 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
23:05:07.0281 0x14e0 pla - ok
23:05:07.0343 0x14e0 [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:05:07.0390 0x14e0 PlugPlay - ok
23:05:07.0452 0x14e0 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:05:07.0484 0x14e0 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:05:07.0484 0x14e0 Detect skipped due to KSN trusted
23:05:07.0484 0x14e0 Pml Driver HPZ12 - ok
23:05:07.0515 0x14e0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:05:07.0577 0x14e0 PNRPAutoReg - ok
23:05:07.0608 0x14e0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:05:07.0686 0x14e0 PNRPsvc - ok
23:05:07.0764 0x14e0 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:05:07.0827 0x14e0 PolicyAgent - ok
23:05:07.0874 0x14e0 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:05:07.0952 0x14e0 PptpMiniport - ok
23:05:07.0967 0x14e0 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:05:08.0014 0x14e0 Processor - ok
23:05:08.0045 0x14e0 [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:05:08.0092 0x14e0 ProfSvc - ok
23:05:08.0108 0x14e0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:05:08.0123 0x14e0 ProtectedStorage - ok
23:05:08.0139 0x14e0 [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:05:08.0186 0x14e0 PSched - ok
23:05:08.0295 0x14e0 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:05:08.0357 0x14e0 ql2300 - ok
23:05:08.0388 0x14e0 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:05:08.0404 0x14e0 ql40xx - ok
23:05:08.0451 0x14e0 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
23:05:08.0482 0x14e0 QWAVE - ok
23:05:08.0498 0x14e0 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:05:08.0529 0x14e0 QWAVEdrv - ok
23:05:08.0560 0x14e0 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:05:08.0654 0x14e0 RasAcd - ok
23:05:08.0685 0x14e0 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
23:05:08.0763 0x14e0 RasAuto - ok
23:05:08.0794 0x14e0 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:08.0825 0x14e0 Rasl2tp - ok
23:05:08.0856 0x14e0 [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan C:\Windows\System32\rasmans.dll
23:05:08.0919 0x14e0 RasMan - ok
23:05:08.0934 0x14e0 [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:08.0997 0x14e0 RasPppoe - ok
23:05:09.0028 0x14e0 [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:05:09.0059 0x14e0 RasSstp - ok
23:05:09.0090 0x14e0 [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:05:09.0122 0x14e0 rdbss - ok
23:05:09.0153 0x14e0 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:09.0200 0x14e0 RDPCDD - ok
23:05:09.0231 0x14e0 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:05:09.0278 0x14e0 rdpdr - ok
23:05:09.0278 0x14e0 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:05:09.0324 0x14e0 RDPENCDD - ok
23:05:09.0371 0x14e0 [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:05:09.0434 0x14e0 RDPWD - ok
23:05:09.0465 0x14e0 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
23:05:09.0465 0x14e0 regi - ok
23:05:09.0512 0x14e0 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
23:05:09.0543 0x14e0 RemoteAccess - ok
23:05:09.0590 0x14e0 [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:05:09.0636 0x14e0 RemoteRegistry - ok
23:05:09.0652 0x14e0 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
23:05:09.0683 0x14e0 RpcLocator - ok
23:05:09.0714 0x14e0 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs C:\Windows\system32\rpcss.dll
23:05:09.0777 0x14e0 RpcSs - ok
23:05:09.0808 0x14e0 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:05:09.0839 0x14e0 rspndr - ok
23:05:09.0855 0x14e0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs C:\Windows\system32\lsass.exe
23:05:09.0870 0x14e0 SamSs - ok
23:05:09.0902 0x14e0 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:05:09.0917 0x14e0 sbp2port - ok
23:05:09.0948 0x14e0 [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:05:09.0995 0x14e0 SCardSvr - ok
23:05:10.0058 0x14e0 [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule C:\Windows\system32\schedsvc.dll
23:05:10.0104 0x14e0 Schedule - ok
23:05:10.0136 0x14e0 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:05:10.0182 0x14e0 SCPolicySvc - ok
23:05:10.0229 0x14e0 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:05:10.0276 0x14e0 SDRSVC - ok
23:05:10.0307 0x14e0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:05:10.0401 0x14e0 secdrv - ok
23:05:10.0432 0x14e0 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
23:05:10.0479 0x14e0 seclogon - ok
23:05:10.0510 0x14e0 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
23:05:10.0541 0x14e0 SENS - ok
23:05:10.0572 0x14e0 [ CB3E852B818946F396E35A976EE6B552, 2CA45BEBD2F607E66F13DBD23DE7FB4E0C74F9B93A649B270E96A97000B650CA ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
23:05:10.0604 0x14e0 Ser2pl - detected UnsignedFile.Multi.Generic ( 1 )
23:05:10.0604 0x14e0 Detect skipped due to KSN trusted
23:05:10.0604 0x14e0 Ser2pl - ok
23:05:10.0619 0x14e0 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:05:10.0682 0x14e0 Serenum - ok
23:05:10.0728 0x14e0 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
23:05:10.0791 0x14e0 Serial - ok
23:05:10.0806 0x14e0 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:05:10.0838 0x14e0 sermouse - ok
23:05:10.0900 0x14e0 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
23:05:10.0931 0x14e0 SessionEnv - ok
23:05:10.0962 0x14e0 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:05:10.0994 0x14e0 sffdisk - ok
23:05:11.0009 0x14e0 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:05:11.0056 0x14e0 sffp_mmc - ok
23:05:11.0087 0x14e0 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:05:11.0118 0x14e0 sffp_sd - ok
23:05:11.0150 0x14e0 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:05:11.0228 0x14e0 sfloppy - ok
23:05:11.0274 0x14e0 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:05:11.0321 0x14e0 SharedAccess - ok
23:05:11.0352 0x14e0 [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:05:11.0384 0x14e0 ShellHWDetection - ok
23:05:11.0399 0x14e0 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:05:11.0415 0x14e0 sisagp - ok
23:05:11.0446 0x14e0 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:05:11.0446 0x14e0 SiSRaid2 - ok
23:05:11.0477 0x14e0 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:05:11.0493 0x14e0 SiSRaid4 - ok
23:05:11.0680 0x14e0 [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc C:\Windows\system32\SLsvc.exe
23:05:11.0867 0x14e0 slsvc - ok
23:05:11.0883 0x14e0 [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:05:11.0914 0x14e0 SLUINotify - ok
23:05:11.0930 0x14e0 [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:05:11.0961 0x14e0 Smb - ok
23:05:11.0992 0x14e0 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:05:12.0008 0x14e0 SNMPTRAP - ok
23:05:12.0039 0x14e0 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
23:05:12.0054 0x14e0 spldr - ok
23:05:12.0086 0x14e0 [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler C:\Windows\System32\spoolsv.exe
23:05:12.0132 0x14e0 Spooler - ok
23:05:12.0195 0x14e0 [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:05:12.0242 0x14e0 srv - ok
23:05:12.0273 0x14e0 [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:05:12.0351 0x14e0 srv2 - ok
23:05:12.0382 0x14e0 [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:05:12.0429 0x14e0 srvnet - ok
23:05:12.0460 0x14e0 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:05:12.0538 0x14e0 SSDPSRV - ok
23:05:12.0569 0x14e0 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:05:12.0585 0x14e0 ssmdrv - ok
23:05:12.0616 0x14e0 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:05:12.0663 0x14e0 SstpSvc - ok
23:05:12.0694 0x14e0 [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc C:\Windows\System32\wiaservc.dll
23:05:12.0741 0x14e0 stisvc - ok
23:05:12.0772 0x14e0 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:05:12.0788 0x14e0 swenum - ok
23:05:12.0819 0x14e0 [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv C:\Windows\System32\swprv.dll
23:05:12.0850 0x14e0 swprv - ok
23:05:12.0881 0x14e0 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:05:12.0881 0x14e0 Symc8xx - ok
23:05:12.0912 0x14e0 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:05:12.0928 0x14e0 Sym_hi - ok
23:05:12.0944 0x14e0 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:05:12.0944 0x14e0 Sym_u3 - ok
23:05:12.0990 0x14e0 [ BF7AA84D5AF0FAA0978C840E63B17DBF, ED07F47BCD96B524F3E4EE01DB46D26FDB790167B7BA7C7097D75E10FE1144A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:05:13.0006 0x14e0 SynTP - ok
23:05:13.0037 0x14e0 [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain C:\Windows\system32\sysmain.dll
23:05:13.0115 0x14e0 SysMain - ok
23:05:13.0146 0x14e0 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:05:13.0178 0x14e0 TabletInputService - ok
23:05:13.0224 0x14e0 [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:05:13.0271 0x14e0 TapiSrv - ok
23:05:13.0287 0x14e0 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
23:05:13.0365 0x14e0 TBS - ok
23:05:13.0427 0x14e0 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:05:13.0490 0x14e0 Tcpip - ok
23:05:13.0552 0x14e0 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:05:13.0614 0x14e0 Tcpip6 - ok
23:05:13.0661 0x14e0 [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:05:13.0755 0x14e0 tcpipreg - ok
23:05:13.0770 0x14e0 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:05:13.0817 0x14e0 TDPIPE - ok
23:05:13.0833 0x14e0 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:05:13.0864 0x14e0 TDTCP - ok
23:05:13.0895 0x14e0 [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:05:13.0942 0x14e0 tdx - ok
23:05:14.0238 0x14e0 [ F01CC856780524410EA86C07C39E5B77, 01C62D94D7FB7E411BAC2E2996BC09EBBDC0F3E03C62D06E1121DCB169AD6326 ] TeamViewer9 C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:05:14.0566 0x14e0 TeamViewer9 - ok
23:05:14.0613 0x14e0 [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:05:14.0644 0x14e0 teamviewervpn - ok
23:05:14.0691 0x14e0 [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:05:14.0706 0x14e0 TermDD - ok
23:05:14.0769 0x14e0 [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService C:\Windows\System32\termsrv.dll
23:05:14.0847 0x14e0 TermService - ok
23:05:14.0878 0x14e0 [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes C:\Windows\system32\shsvcs.dll
23:05:14.0909 0x14e0 Themes - ok
23:05:14.0940 0x14e0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
23:05:14.0972 0x14e0 THREADORDER - ok
23:05:15.0003 0x14e0 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
23:05:15.0050 0x14e0 TrkWks - ok
23:05:15.0112 0x14e0 [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:05:15.0159 0x14e0 TrustedInstaller - ok
23:05:15.0190 0x14e0 [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:15.0237 0x14e0 tssecsrv - ok
23:05:15.0268 0x14e0 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:05:15.0284 0x14e0 tunmp - ok
23:05:15.0299 0x14e0 [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:05:15.0315 0x14e0 tunnel - ok
23:05:15.0346 0x14e0 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:05:15.0346 0x14e0 uagp35 - ok
23:05:15.0377 0x14e0 [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:05:15.0393 0x14e0 UBHelper - ok
23:05:15.0424 0x14e0 [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:05:15.0486 0x14e0 udfs - ok
23:05:15.0533 0x14e0 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:05:15.0580 0x14e0 UI0Detect - ok
23:05:15.0611 0x14e0 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:05:15.0611 0x14e0 uliagpkx - ok
23:05:15.0642 0x14e0 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:05:15.0658 0x14e0 uliahci - ok
23:05:15.0674 0x14e0 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:05:15.0689 0x14e0 UlSata - ok
23:05:15.0720 0x14e0 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:05:15.0736 0x14e0 ulsata2 - ok
23:05:15.0752 0x14e0 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:05:15.0798 0x14e0 umbus - ok
23:05:15.0845 0x14e0 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
23:05:15.0923 0x14e0 upnphost - ok
23:05:15.0970 0x14e0 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:05:15.0986 0x14e0 USBAAPL - ok
23:05:16.0017 0x14e0 [ AFB10A231254A1920C3BB4A0D02E1CA6, 8B9748B9935812ED7F318733D9F1390379EEC27F81F95C181548A11E13AD51D2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:16.0064 0x14e0 usbccgp - ok
23:05:16.0095 0x14e0 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:05:16.0173 0x14e0 usbcir - ok
23:05:16.0204 0x14e0 [ 44245742C4ED2EAFD69020583424455B, 143E7ADD24C2839D90916533B51AAB221DC0CEB088C0496BB7054CDC553C3A20 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:05:16.0220 0x14e0 usbehci - ok
23:05:16.0251 0x14e0 [ DB39B3F83AF77BCA019D7DF6AADDBDAE, D3FAD71C8BA3850D7AF732DC76550E4A2C83A250A7E11480A915E458676BD36E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:05:16.0282 0x14e0 usbhub - ok
23:05:16.0313 0x14e0 [ 5FEE2A4AAAEBCD2E6576E7C90959B3FD, B5BC6BAA54A229A6AB3324F080EC441B27E2F8AE6E08A0DE3A19EA2CF9C228F6 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:05:16.0344 0x14e0 usbohci - ok
23:05:16.0391 0x14e0 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:05:16.0454 0x14e0 usbprint - ok
23:05:16.0485 0x14e0 [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:05:16.0532 0x14e0 usbscan - ok
23:05:16.0578 0x14e0 [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:16.0641 0x14e0 USBSTOR - ok
23:05:16.0688 0x14e0 [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:05:16.0750 0x14e0 usbuhci - ok
23:05:16.0781 0x14e0 [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:05:16.0859 0x14e0 usbvideo - ok
23:05:16.0890 0x14e0 [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms C:\Windows\System32\uxsms.dll
23:05:16.0937 0x14e0 UxSms - ok
23:05:16.0968 0x14e0 [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds C:\Windows\System32\vds.exe
23:05:17.0031 0x14e0 vds - ok
23:05:17.0046 0x14e0 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:17.0093 0x14e0 vga - ok
23:05:17.0124 0x14e0 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:05:17.0171 0x14e0 VgaSave - ok
23:05:17.0187 0x14e0 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:05:17.0202 0x14e0 viaagp - ok
23:05:17.0218 0x14e0 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:05:17.0249 0x14e0 ViaC7 - ok
23:05:17.0280 0x14e0 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
23:05:17.0280 0x14e0 viaide - ok
23:05:17.0312 0x14e0 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:05:17.0327 0x14e0 volmgr - ok
23:05:17.0358 0x14e0 [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:05:17.0390 0x14e0 volmgrx - ok
23:05:17.0421 0x14e0 [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:05:17.0452 0x14e0 volsnap - ok
23:05:17.0483 0x14e0 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:05:17.0499 0x14e0 vsmraid - ok
23:05:17.0592 0x14e0 [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS C:\Windows\system32\vssvc.exe
23:05:17.0670 0x14e0 VSS - ok
23:05:17.0717 0x14e0 [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time C:\Windows\system32\w32time.dll
23:05:17.0764 0x14e0 W32Time - ok
23:05:17.0795 0x14e0 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:05:17.0873 0x14e0 WacomPen - ok
23:05:17.0904 0x14e0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:05:17.0936 0x14e0 Wanarp - ok
23:05:17.0951 0x14e0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:05:17.0982 0x14e0 Wanarpv6 - ok
23:05:18.0014 0x14e0 [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:05:18.0045 0x14e0 wcncsvc - ok
23:05:18.0076 0x14e0 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:05:18.0107 0x14e0 WcsPlugInService - ok
23:05:18.0138 0x14e0 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
23:05:18.0138 0x14e0 Wd - ok
23:05:18.0216 0x14e0 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:05:18.0248 0x14e0 Wdf01000 - ok
23:05:18.0263 0x14e0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:05:18.0310 0x14e0 WdiServiceHost - ok
23:05:18.0310 0x14e0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:05:18.0357 0x14e0 WdiSystemHost - ok
23:05:18.0388 0x14e0 [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient C:\Windows\System32\webclnt.dll
23:05:18.0435 0x14e0 WebClient - ok
23:05:18.0466 0x14e0 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:05:18.0497 0x14e0 Wecsvc - ok
23:05:18.0528 0x14e0 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:05:18.0560 0x14e0 wercplsupport - ok
23:05:18.0591 0x14e0 [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc C:\Windows\System32\WerSvc.dll
23:05:18.0606 0x14e0 WerSvc - ok
23:05:18.0669 0x14e0 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:05:18.0700 0x14e0 WinDefend - ok
23:05:18.0716 0x14e0 WinHttpAutoProxySvc - ok
23:05:18.0794 0x14e0 [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:05:18.0840 0x14e0 Winmgmt - ok
23:05:18.0934 0x14e0 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
23:05:18.0996 0x14e0 WinRM - ok
23:05:19.0074 0x14e0 [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:05:19.0152 0x14e0 Wlansvc - ok
23:05:19.0199 0x14e0 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:19.0230 0x14e0 WmiAcpi - ok
23:05:19.0262 0x14e0 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:05:19.0308 0x14e0 wmiApSrv - ok
23:05:19.0386 0x14e0 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:05:19.0449 0x14e0 WMPNetworkSvc - ok
23:05:19.0496 0x14e0 [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:05:19.0511 0x14e0 WPCSvc - ok
23:05:19.0542 0x14e0 [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:05:19.0589 0x14e0 WPDBusEnum - ok
23:05:19.0620 0x14e0 [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:05:19.0667 0x14e0 WpdUsb - ok
23:05:19.0792 0x14e0 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:05:19.0839 0x14e0 WPFFontCache_v0400 - ok
23:05:19.0886 0x14e0 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:05:19.0932 0x14e0 ws2ifsl - ok
23:05:19.0964 0x14e0 [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc C:\Windows\System32\wscsvc.dll
23:05:19.0979 0x14e0 wscsvc - ok
23:05:19.0995 0x14e0 WSearch - ok
23:05:20.0182 0x14e0 [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv C:\Windows\system32\wuaueng.dll
23:05:20.0338 0x14e0 wuauserv - ok
23:05:20.0385 0x14e0 [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:20.0447 0x14e0 WUDFRd - ok
23:05:20.0478 0x14e0 [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:05:20.0510 0x14e0 wudfsvc - ok
23:05:20.0541 0x14e0 ================ Scan global ===============================
23:05:20.0556 0x14e0 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:05:20.0603 0x14e0 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:05:20.0634 0x14e0 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:05:20.0681 0x14e0 [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
23:05:20.0697 0x14e0 [ Global ] - ok
23:05:20.0697 0x14e0 ================ Scan MBR ==================================
23:05:20.0712 0x14e0 [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0
23:05:24.0238 0x14e0 \Device\Harddisk0\DR0 - ok
23:05:24.0238 0x14e0 ================ Scan VBR ==================================
23:05:24.0238 0x14e0 [ 43D87206C057BCE97569830AF6F4007B ] \Device\Harddisk0\DR0\Partition1
23:05:24.0285 0x14e0 \Device\Harddisk0\DR0\Partition1 - ok
23:05:24.0300 0x14e0 [ 0983BC0F70EBA7ECAEB0375F4B675ACD ] \Device\Harddisk0\DR0\Partition2
23:05:24.0332 0x14e0 \Device\Harddisk0\DR0\Partition2 - ok
23:05:24.0332 0x14e0 ================ Scan generic autorun ======================
23:05:24.0441 0x14e0 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:05:24.0519 0x14e0 Windows Defender - ok
23:05:24.0971 0x14e0 [ C459786D07FEAD5717DD1AC287BB2519, 05858DD2145B7822959FCB0B8132A1D0BD3CA05DEF40F85008EB0C1F02FE29EF ] C:\Windows\RtHDVCpl.exe
23:05:25.0455 0x14e0 RtHDVCpl - ok
23:05:25.0595 0x14e0 [ 19D93154C82FE39A99B269CED1056A92, 1E3EE58A7B5F24402A26A4DE0BF0C4F4D14629BB22174A7D81E305486584C1F2 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:05:25.0689 0x14e0 SynTPEnh - ok
23:05:25.0736 0x14e0 [ 6882D187F65ECA79110848A68FDEB2BF, 1BE59945F6D5040E9675DC31C27AD230D4C2C02B84BD4E16AB459D04D9B9E7B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
23:05:25.0751 0x14e0 BkupTray - ok
23:05:25.0814 0x14e0 [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:05:25.0829 0x14e0 Adobe Reader Speed Launcher - ok
23:05:25.0829 0x14e0 NvCplDaemon - ok
23:05:25.0845 0x14e0 NvMediaCenter - ok
23:05:25.0892 0x14e0 [ E3CC162D68C5443C98FA67D34D1EDFDF, 5BBD2706373CF6A07E6BA0ADC4BA9DC4152A6D3599FBC3F8FA96365949AE8F73 ] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
23:05:25.0907 0x14e0 WarReg_PopUp - detected UnsignedFile.Multi.Generic ( 1 )
23:05:25.0907 0x14e0 Detect skipped due to KSN trusted
23:05:25.0907 0x14e0 WarReg_PopUp - ok
23:05:25.0954 0x14e0 [ 5676E75F98FF8E0F81DFF604A09288BB, 4A0F928EC4A76EF479DA418E613D560DDF0BC1BAE11F28214B181129781392E6 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
23:05:25.0970 0x14e0 TkBellExe - ok
23:05:25.0970 0x14e0 Seagull Drivers - ok
23:05:26.0016 0x14e0 [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:05:26.0032 0x14e0 SunJavaUpdateSched - ok
23:05:26.0079 0x14e0 [ CA1930CFDA3D4FCEDA5ADD18EB8A3B34, 91A8DC83D6A3F79F17680FF1E7714876199EC73DE8766E2A17FC657D765DFE84 ] C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe
23:05:26.0094 0x14e0 PDF7 Registry Controller - ok
23:05:26.0141 0x14e0 [ 8F28FBD3B4D76E8A7FD5C6931F33A108, 417B62C25437BA7A266FEB2E4948AC01A0E36ECE04F2373C7BBCD3F8C20090C4 ] C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe
23:05:26.0172 0x14e0 Nuance PDF Converter 7-reminder - ok
23:05:26.0219 0x14e0 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
23:05:26.0250 0x14e0 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
23:05:26.0250 0x14e0 Detect skipped due to KSN trusted
23:05:26.0250 0x14e0 QuickTime Task - ok
23:05:26.0313 0x14e0 [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
23:05:26.0328 0x14e0 iTunesHelper - ok
23:05:26.0516 0x14e0 [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
23:05:26.0578 0x14e0 avgnt - ok
23:05:26.0703 0x14e0 [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
23:05:26.0734 0x14e0 Avira Systray - ok
23:05:26.0874 0x14e0 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:05:27.0030 0x14e0 Sidebar - ok
23:05:27.0030 0x14e0 WindowsWelcomeCenter - ok
23:05:27.0124 0x14e0 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:05:27.0218 0x14e0 Sidebar - ok
23:05:27.0233 0x14e0 WindowsWelcomeCenter - ok
23:05:27.0296 0x14e0 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:05:27.0327 0x14e0 ehTray.exe - ok
23:05:27.0358 0x14e0 TomTomHOME.exe - ok
23:05:27.0436 0x14e0 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
23:05:27.0467 0x14e0 ISUSPM - ok
23:05:27.0483 0x14e0 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:05:27.0561 0x14e0 WMPNSCFG - ok
23:05:27.0576 0x14e0 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41010 ( enabled : outofdate )
23:05:27.0592 0x14e0 Win FW state via NFP2: enabled
23:05:27.0810 0x14e0 ============================================================
23:05:27.0810 0x14e0 Scan finished
23:05:27.0810 0x14e0 ============================================================
23:05:27.0826 0x14ec Detected object count: 0
23:05:27.0826 0x14ec Actual detected object count: 0
Woran kann das liegen? Kann ich vielleicht ein anderes Progran verwenden? |
|
24.03.2015, 10:47
| #13 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt hi, Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.03.2015, 19:43
| #14 | |
| | UPS Phishing Mail geöffnet uns auf Link geklicktZitat:
Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 25.03.2015 06:29:35
Benutzerkonto: Schüle-Laptop\Schüle
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 25.03.2015 06:35:59
C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} gefunden: Application.Win32.InstallExt (A)
C:\ProgramData\sweetim gefunden: Application.AppInstall (A)
C:\Program Files\sweetim gefunden: Application.AppInstall (A)
C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com gefunden: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-768814543-1293272205-1146082735-1000\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{13ABD093-D46F-40DF-A608-47E162EC799D} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} gefunden: Application.InstallTool (A)
Gescannt 245979
Gefunden 12
Scan-Ende: 25.03.2015 08:53:48
Scan-Zeit: 2:17:49
|
|
26.03.2015, 16:02
| #15 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Funde löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu UPS Phishing Mail geöffnet uns auf Link geklickt |
| administrator, bluescreen 0, converter, defender, explorer, flash player, phishing, registry, services.exe, software, svchost.exe, sweetpacks bundle uninstaller entfernen, symantec, winlogon.exe, yontoo entfernen |
dann auf 
und dann auf 
. 
Linear-Darstellung
