Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7: Schaden durch DHL-Spam-Mail?

Win 7: Schaden durch DHL-Spam-Mail?


Log-Analyse und Auswertung: Win 7: Schaden durch DHL-Spam-Mail?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.05.2015, 23:35   #1
v2rahn
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


Eine Spam-Mail vermeintlich vom "DHL Fachteam" mit Titel "Paket, Ihre Sendung ..." wurde durch ein Familienmitglied geöffnet (Win7-64, Thunderbird), bevor ich einschreiten konnte:
- Text der Email: leer (habe ich verifiziert)
- PDF-Datei im Anhang wurde geöffnet (ab hier nur der Erzählung nach)
- Es wurde auf mindestens ein Bild / Link geklickt.

Frage: Ist mein Rechner nun noch infiziert und was muss ich dagegen tun?
Es gibt derzeit keine Verhaltensauffälligkeiten, aber woher weiß ich, dass nicht bereits meine Passwörter abgegriffen wurden?

Ich habe bisher das folgende unternommen:

- Mail als Spam markiert. Sie ist noch im Spam-Ordner, ich könnte sie also weiterleiten wenn gewünscht.

- Kaspersky-AV aktualisiert und vollständige Untersuchung durchgeführt. Die dabei von KAV gefundenen Dateien waren bis zu diesem Scan einige Stunden auf dem Rechner, während derer auch Passwörter eingegeben und evtl. andere sensible Arbeiten durchgeführt wurden.


Hier das KAV-Logfile ("heute" = gestern):
Code:
ATTFilter
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf		Unbekannte Bedrohung	Heute, 22:02
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf//data0001	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 22:02
Gefundenes Objekt (Datei) ist nicht mehr verfügbar	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf//data0001	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 20:45
Gefundenes Objekt (Datei) ist nicht mehr verfügbar	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf//data0001	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-2.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 20:45
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf//data0001	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 22:02
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf		Unbekannte Bedrohung	Heute, 22:02
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf		Unbekannte Bedrohung	Heute, 22:02
Gefundenes Objekt (Datei) ist nicht mehr verfügbar	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf//data0001	C:\Documents and Settings\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 20:45
Gefundenes Objekt (Datei) wurde gelöscht	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf//data0001	C:\Users\RAHN_NEU\AppData\Local\Temp\DHL_Report_98810218518-1.pdf//data0001	Trojan-Downloader.PDF.Agent.r	Trojanisches Programm	Heute, 22:02
- MBAM aktualisiert und Bedrohungssuchlauf durchgeführt. Hier zwei Protokolle:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.05.2015
Suchlauf-Zeit: 22:41:07
Logdatei: 
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.18.05
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: RAHN_NEU

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347366
Verstrichene Zeit: 14 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.05.2015
Suchlauf-Zeit: 22:56:48
Logdatei: 
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.18.06
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: RAHN_NEU

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgebrochen
Durchsuchte Objekte: 0
(Keine schädliche Elemente gefunden)
Verstrichene Zeit: 0 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
- Defogger ohne Probleme auf "disable" gesetzt.

- Systemscan mit FRST. Hier die Logfiles:

FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by RAHN_NEU (administrator) on RAHN_NEU-PC on 18-05-2015 23:33:34
Running from C:\Users\RAHN_NEU\Desktop
Loaded Profiles: RAHN_NEU (Available profiles: RAHN_NEU)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [2090496 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3720886606-3869830146-954996509-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3720886606-3869830146-954996509-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3720886606-3869830146-954996509-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3720886606-3869830146-954996509-1000\...\MountPoints2: {faba187e-a88a-11e3-b124-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3720886606-3869830146-954996509-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-12] (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-12] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-12] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-12] (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-12] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-12] (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default
FF SelectedSearchEngine: Google.de
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\searchplugins\googlede.xml [2011-11-02]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\artur.dubovoy@gmail.com [2015-04-19]
FF Extension: German Dictionary, extended for Austria - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-08-24]
FF Extension: German Dictionary - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-09-06]
FF Extension: No Name - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\nostmp [2014-03-12]
FF Extension: Youtube MP3 Podcaster - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-04-06]
FF Extension: Lightshot (screenshot tool) - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-05]
FF Extension: EPUBReader - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-18]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-09-06]
FF Extension: Facebook Disconnect - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\facebook@disconnect.me.xpi [2014-09-06]
FF Extension: Bookmarks Checker - check for bad links - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2014-09-06]
FF Extension: ProxTube - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Lightbeam - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-10-31]
FF Extension: Flagfox - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-10-31]
FF Extension: Download Status Bar - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-03-12]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-03-12]
FF Extension: Adblock Plus - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-12]
FF Extension: User Agent Switcher - C:\Users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-09-06]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-06]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-12] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-12] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [79800 2012-06-19] (Protection Technology (StarForce))
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S0 hyglvro; System32\drivers\ebqljbw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 23:33 - 2015-05-18 23:34 - 00017559 _____ () C:\Users\RAHN_NEU\Desktop\FRST.txt
2015-05-18 23:33 - 2015-05-18 23:33 - 00000000 ____D () C:\FRST
2015-05-18 23:29 - 2015-05-18 23:29 - 00000478 _____ () C:\Users\RAHN_NEU\Desktop\defogger_disable.log
2015-05-18 23:29 - 2015-05-18 23:29 - 00000000 _____ () C:\Users\RAHN_NEU\defogger_reenable
2015-05-18 23:20 - 2015-05-18 23:20 - 00380416 _____ () C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe
2015-05-18 23:19 - 2015-05-18 23:19 - 02107392 _____ (Farbar) C:\Users\RAHN_NEU\Desktop\FRST64.exe
2015-05-18 23:18 - 2015-05-18 23:18 - 00050477 _____ () C:\Users\RAHN_NEU\Desktop\Defogger.exe
2015-05-17 21:26 - 2015-05-17 21:26 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Local\CrashDumps
2015-05-17 11:27 - 2015-05-17 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 22:27 - 2015-05-15 22:27 - 00000000 ____D () C:\Users\RAHN_NEU\Documents\Steuerfälle
2015-05-15 22:23 - 2015-05-15 22:23 - 00002052 _____ () C:\Users\Public\Desktop\SteuerBerater 2014-2015.lnk
2015-05-15 22:22 - 2015-05-15 22:26 - 00002095 _____ () C:\Users\Public\Desktop\SteuerSparErklärung Plus 2015.lnk
2015-05-15 22:22 - 2015-05-15 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-05-15 22:22 - 2015-05-15 22:22 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Local\AAV
2015-05-15 22:21 - 2015-05-15 22:21 - 00000000 ____D () C:\Programme (x86)
2015-05-15 22:17 - 2015-05-15 22:23 - 00000000 ____D () C:\ProgramData\AAV
2015-05-13 22:49 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:49 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:20 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:20 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:20 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:20 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:20 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:20 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:20 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:20 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:20 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:20 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:20 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:20 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:20 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:20 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:20 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:20 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:20 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:20 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:20 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:20 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:20 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:20 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:20 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:20 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:20 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:20 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:20 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:20 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:20 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:20 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:20 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:20 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:20 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:20 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:20 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:20 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:20 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:20 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:20 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:20 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:20 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:20 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:20 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:20 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:20 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:20 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:20 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:20 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:20 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:20 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:20 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:20 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:20 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:20 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:20 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:20 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:20 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:20 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:20 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:20 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:20 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:20 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:20 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:20 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:20 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:20 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:20 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:20 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:20 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:20 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:20 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:20 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:20 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:20 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:20 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:20 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:20 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:20 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:20 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:18 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:18 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:18 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:18 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:18 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:18 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:18 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 15:18 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:18 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-04 21:03 - 2015-05-10 20:52 - 00000680 _____ () C:\Windows\LkmdfCoInst.log
2015-05-04 21:03 - 2015-05-04 21:03 - 00000000 ____D () C:\ProgramData\Logitech
2015-05-03 00:02 - 2015-05-03 00:02 - 449194244 _____ () C:\Windows\MEMORY.DMP
2015-05-03 00:02 - 2015-05-03 00:02 - 00805912 _____ () C:\Windows\Minidump\050315-76877-01.dmp
2015-04-29 09:28 - 2015-05-18 23:30 - 00003215 _____ () C:\Windows\setupact.log
2015-04-29 09:28 - 2015-04-29 09:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-28 21:01 - 2015-04-28 21:01 - 00000000 ____D () C:\Program Files (x86)\MySQL
2015-04-28 20:57 - 2015-04-28 20:57 - 00000000 ____D () C:\Program Files\MySQL
2015-04-19 21:22 - 2015-04-19 21:22 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Roaming\EXIF Date Changer
2015-04-19 21:22 - 2015-04-19 21:22 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Local\Rellik_Software
2015-04-19 21:22 - 2015-04-19 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXIF Date Changer
2015-04-19 21:22 - 2015-04-19 21:22 - 00000000 ____D () C:\Program Files (x86)\EXIF Date Changer
2015-04-18 23:03 - 2015-04-18 23:03 - 00070904 _____ () C:\Users\RAHN_NEU\.recently-used.xbel
2015-04-18 23:01 - 2015-04-18 23:01 - 00000057 _____ () C:\Users\RAHN_NEU\.gtk-bookmarks

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 23:33 - 2014-03-10 21:42 - 02051905 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 23:30 - 2014-03-12 21:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-18 23:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 23:29 - 2014-03-10 21:42 - 00000000 ____D () C:\Users\RAHN_NEU
2015-05-18 23:12 - 2014-09-06 23:12 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job
2015-05-18 23:12 - 2014-09-06 23:12 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job
2015-05-18 23:12 - 2014-03-12 22:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-18 23:12 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-18 23:11 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-05-18 23:11 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-05-18 23:11 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 22:56 - 2015-01-03 10:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 21:50 - 2015-01-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-18 21:50 - 2015-01-03 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 18:05 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 18:05 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 06:59 - 2014-03-10 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 00:05 - 2014-03-15 14:45 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Roaming\vlc
2015-05-17 18:39 - 2014-09-07 13:42 - 00000000 ____D () C:\Users\RAHN_NEU\.mediathek3
2015-05-16 09:24 - 2015-01-10 23:04 - 00000600 _____ () C:\Users\RAHN_NEU\AppData\Local\PUTTY.RND
2015-05-16 09:24 - 2014-09-07 13:12 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Roaming\FileZilla
2015-05-16 08:47 - 2014-03-10 22:20 - 00071832 _____ () C:\Users\RAHN_NEU\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 08:42 - 2009-07-14 06:45 - 00325560 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 15:42 - 2014-03-12 22:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 10:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 09:23 - 2014-03-15 14:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 22:56 - 2014-03-12 23:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 22:56 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 22:54 - 2014-03-12 23:59 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 22:49 - 2014-03-13 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:48 - 2014-03-13 00:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 22:48 - 2014-03-13 00:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-10 20:52 - 2014-09-06 23:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-05-05 22:31 - 2015-03-17 22:02 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Local\Deployment
2015-05-05 21:22 - 2015-04-03 17:24 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-05-03 19:19 - 2014-09-07 12:20 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Roaming\BOM
2015-05-03 00:02 - 2014-09-06 22:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 21:09 - 2014-09-21 22:32 - 00000168 _____ () C:\Windows\ODBC.INI
2015-04-28 21:01 - 2014-10-02 07:18 - 00000493 _____ () C:\Windows\ODBCINST.INI
2015-04-28 20:43 - 2014-09-21 21:38 - 00001799 _____ () C:\Users\RAHN_NEU\Desktop\Waldschänke 18.lnk
2015-04-27 20:34 - 2014-09-07 08:59 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-27 07:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-23 07:05 - 2015-02-21 12:12 - 00000000 ____D () C:\Program Files\Java
2015-04-23 07:05 - 2014-09-07 13:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-23 07:04 - 2015-02-21 12:13 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-19 22:25 - 2014-11-30 22:29 - 00000000 ____D () C:\Users\RAHN_NEU\.gimp-2.4
2015-04-18 23:03 - 2014-11-30 22:37 - 00000000 ____D () C:\Users\RAHN_NEU\AppData\Roaming\gtk-2.0

==================== Files in the root of some directories =======

2015-01-10 23:04 - 2015-05-16 09:24 - 0000600 _____ () C:\Users\RAHN_NEU\AppData\Local\PUTTY.RND
2014-08-28 21:04 - 2014-08-28 21:04 - 0001534 _____ () C:\ProgramData\ss.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 10:27

==================== End Of Log ============================
addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by RAHN_NEU at 2015-05-18 23:34:40
Running from C:\Users\RAHN_NEU\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3720886606-3869830146-954996509-500 - Administrator - Disabled)
Gast (S-1-5-21-3720886606-3869830146-954996509-501 - Limited - Disabled)
RAHN_NEU (S-1-5-21-3720886606-3869830146-954996509-1000 - Administrator - Enabled) => C:\Users\RAHN_NEU

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoMetadata (HKU\S-1-5-21-3720886606-3869830146-954996509-1000\...\c934834aea0c0bc3) (Version: 1.0.0.8 - EverMap)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
ClocX (1.6.0) (HKLM-x32\...\ClocX) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.33.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EXIF Date Changer v3.1.2 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version:  - Rellik Software)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
GimPad 1.1 (HKLM-x32\...\GimPad) (Version: 1.1 - Ek kian)
GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.5.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.5.5 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM-x32\...\{4C6A664C-DCA0-4CC6-8752-ED0850E3135A}) (Version: 5.3.4 - Oracle Corporation)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PDF Layout 3.01 (HKLM\...\PDF Layout_is1) (Version: 3.01 - Bureausoft Corporation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Puzzle Agent - The Mystery of Scoggins (HKLM-x32\...\The Mystery of Scoggins) (Version: 1.0.0.0 - Telltale Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.74 - Denis Kozlov)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SteuerBerater 2014-2015 (HKLM-x32\...\{415227BD-34D9-4DB3-B74C-554407208203}) (Version: 14.11.2 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.34.161 - Akademische Arbeitsgemeinschaft)
streamWriter (HKLM-x32\...\streamWriter_is1) (Version:  - )
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-05-2015 12:03:45 Windows Update
15-05-2015 22:21:04 SteuerSparErklärung 2015 wurde installiert.
15-05-2015 22:22:07 SteuerBerater 2014-2015 wurde installiert.
15-05-2015 22:23:03 Installed AAVUpdateManager.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0793FFD7-7FB4-4550-9344-751DC17DB7FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1B340516-65A1-4E96-B87A-4557A3EA6FF9} - System32\Tasks\EPSON XP-610 Series Update {E24B71F2-12BE-466D-89DD-F2D365ADC08C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4DE488E5-DBA6-4FD3-862D-ED2F63CC78D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {A1BABA24-5125-4916-8E59-50B659448A6F} - System32\Tasks\EPSON XP-610 Series Invitation {E24B71F2-12BE-466D-89DD-F2D365ADC08C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {BBF34A7F-90ED-4E73-81D6-937D0F83CC02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C41B4DE6-2001-45D9-97ED-0B346F46BABB} - System32\Tasks\{9EC1C3E3-827E-4517-BF86-3A024B326090} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {E65C1C83-DC70-4B2C-AF4C-F90D4C6BDB0D} - System32\Tasks\{33A57059-EFFE-40B5-ABBD-D5D8C8ADC5BD} => E:\RunGame.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{E24B71F2-12BE-466D-89DD-F2D365ADC08C} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-12 22:32 - 2012-09-07 17:57 - 00559424 _____ () C:\Program Files (x86)\Secure Eraser\SecEraser64.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3720886606-3869830146-954996509-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RAHN_NEU\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{09535E8B-1EBF-477B-82B2-B89D1E7C7342}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4A139AF7-106D-4C18-9C5B-34CA58DC6721}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9174DB3-12CC-4E17-835F-D0C2574E812F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3148960C-3363-4E75-803B-9884BFAC8355}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BE473FA0-96B4-405D-855C-B48FB720596F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2015 11:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 05:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 03:57:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 11:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 07:01:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 09:26:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000, Zeitstempel: 0x4de50c7e
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.6721.5000, Zeitstempel: 0x552d1146
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00c09fa5
ID des fehlerhaften Prozesses: 0xab0
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3

Error: (05/17/2015 06:34:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 09:24:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:45:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 08:43:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/18/2015 11:30:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
hyglvro
UsbCharger

Error: (05/18/2015 11:30:36 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 

Error: (05/18/2015 11:30:36 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 

Error: (05/18/2015 11:06:53 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/18/2015 05:57:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
hyglvro
UsbCharger

Error: (05/18/2015 05:56:59 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 

Error: (05/18/2015 05:56:59 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 

Error: (05/18/2015 03:56:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
hyglvro
UsbCharger

Error: (05/18/2015 03:55:53 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 

Error: (05/18/2015 03:55:53 PM) (Source: sfsync04) (EventID: 1) (User: )
Description: 


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-11 07:17:34.053
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 07:17:34.053
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 07:17:34.037
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 07:17:34.037
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 07:17:34.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-11 07:17:34.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-10 07:43:13.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-10 07:43:13.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-10 07:43:13.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-10 07:43:13.846
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 7363.93 MB
Available physical RAM: 5573.93 MB
Total Pagefile: 14726.04 MB
Available Pagefile: 12791.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:97.56 GB) (Free:24.1 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:833.86 GB) (Free:539.92 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:111.81 GB) (Free:14.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D005CA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C3ECC3EC)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
- Ergebnis von Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-18 23:47:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 TOSHIBA_ rev.MS2O 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\RAHN_NEU\AppData\Local\Temp\pgdcikog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         0000000076451401 2 bytes JMP 767ab1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           0000000076451419 2 bytes JMP 767ab31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         0000000076451431 2 bytes JMP 76828f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42         000000007645144a 2 bytes CALL 76784885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                               * 9
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000764514dd 2 bytes JMP 76828802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000764514f5 2 bytes JMP 768289d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            000000007645150d 2 bytes JMP 768286f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     0000000076451525 2 bytes JMP 76828ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           000000007645153d 2 bytes JMP 7679fc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                0000000076451555 2 bytes JMP 767a68bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         000000007645156d 2 bytes JMP 76828fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           0000000076451585 2 bytes JMP 76828b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              000000007645159d 2 bytes JMP 768286bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000764515b5 2 bytes JMP 7679fd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000764515cd 2 bytes JMP 767ab2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000764516b2 2 bytes JMP 76828e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31     00000000764516bd 2 bytes JMP 76828651 C:\Windows\syswow64\kernel32.dll
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                           0000000076fe13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                           0000000076fe1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                   0000000076fe18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                   0000000076fe1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                  0000000076fe1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                     0000000076fe1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                         0000000076fe1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                       0000000076fe1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                           0000000076fe2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                       0000000076fe26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                     0000000076fe2712 8 bytes {JMP 0x10}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79      0000000076fe276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184     0000000076fe27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                               * 3
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299             0000000076fe2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375             0000000076fe2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                               * 2
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                         0000000076fe30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                         0000000076fe3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                         0000000076fe37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                        0000000076fe38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                               * 3
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197            0000000076fe3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                     0000000076fe3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                    0000000076fe4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                    0000000076fe40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                               * 3
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                        0000000076fe4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                        0000000076fe4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                  0000000076fe44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                     0000000076fe46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                     0000000076fe4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                  0000000076fe4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                  0000000076fe4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                               * 2
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                 0000000076fe4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                    0000000076fe4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                 0000000076fe4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                            0000000076fe4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                      0000000076fe5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                        0000000076fe51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                        0000000076fe6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                           0000000076fe61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                           0000000076fe63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45             0000000076fe63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                 0000000076fe6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                0000000076fe645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                          0000000076fe6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                               000000007702dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                             000000007702de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                   000000007702de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 000000007702df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                     000000007702e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                     000000007702e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                   000000007702e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                   000000007702f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                 00000000737213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                 000000007372146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                              00000000737216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                           00000000737219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                           00000000737219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\RAHN_NEU\Desktop\Gmer-19357.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                     0000000073721a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa8007bddde0]<< sfsync04.sys storport.sys hal.dll amd_sata.sys   fffffa8007bddde0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dbf060]                                                                   fffffa8007dbf060
Trace   3 CLASSPNP.SYS[fffff880019cd43f] -> nt!IofCallDriver -> [0xfffffa8006cfeac0]                                                      fffffa8006cfeac0
Trace   5 amd_xata.sys[fffff88000dcdd00] -> nt!IofCallDriver -> \Device\00000068[0xfffffa800767e540]                                      fffffa800767e540
Trace   \Driver\amd_sata[0xfffffa8007679220] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007bddde0                                      fffffa8007bddde0

---- Threads - GMER 2.1 ----

Thread   [3940:4064]                                                                                                                      00000000772013b5
Thread   [3940:4068]                                                                                                                      00000000723c7950
Thread   [3940:2412]                                                                                                                      0000000072f9c59c
Thread   [3940:2748]                                                                                                                      0000000072f9c59c
Thread   [3940:1424]                                                                                                                      0000000072f9c59c
Thread   [3940:1472]                                                                                                                      0000000072f9c59c
Thread   [3940:4840]                                                                                                                      00000000666c0dc7
Thread   [3940:4844]                                                                                                                      00000000667736af
Thread   [3940:5000]                                                                                                                      00000000667736af
Thread   [3940:5056]                                                                                                                      0000000063acb73e
Thread   [3940:2196]                                                                                                                      0000000072f9c59c
Thread   [3940:3764]                                                                                                                      00000000772127e5
Thread   [3940:124]                                                                                                                       00000000772127e5
Thread   [3940:4192]                                                                                                                      00000000667736af
Thread   [3940:4432]                                                                                                                      00000000667736af
Thread   [3940:4836]                                                                                                                      00000000667736af
Thread   [3940:4448]                                                                                                                      00000000667736af
Thread   [3940:3684]                                                                                                                      00000000772127e5
Thread   [3940:2776]                                                                                                                      00000000772127e5
Thread   [3940:2120]                                                                                                                      00000000772127e5
Thread   [3940:5020]                                                                                                                      00000000772127e5
Thread   [3940:4556]                                                                                                                      00000000772127e5
Thread   [3940:1440]                                                                                                                      00000000667736af
Thread   [3940:2996]                                                                                                                      00000000667736af
Thread   [3940:3260]                                                                                                                      00000000667736af
Thread   [3940:3328]                                                                                                                      00000000733f27c1
Thread  C:\Windows\System32\svchost.exe [4220:2112]                                                                                       000007feedc19688

---- EOF - GMER 2.1 ----
DANKE für jede Handlungsanweisung!!
v2rahn

Alt 19.05.2015, 06:31   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________
Alt 19.05.2015, 06:44   #3
v2rahn
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


Hallo schrauber,

danke für Deine schnelle Reaktion! Ich hatte immer gehofft, ich bräuchte Euch Experten nicht mehr, aber nach einigen Jahren ist es jetzt doch wieder passiert.

Hier das TDSS Loglile:

Code:
ATTFilter
07:36:18.0752 0x0d74  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
07:36:47.0119 0x0d74  ============================================================
07:36:47.0119 0x0d74  Current date / time: 2015/05/19 07:36:47.0119
07:36:47.0120 0x0d74  SystemInfo:
07:36:47.0120 0x0d74  
07:36:47.0120 0x0d74  OS Version: 6.1.7601 ServicePack: 1.0
07:36:47.0120 0x0d74  Product type: Workstation
07:36:47.0120 0x0d74  ComputerName: RAHN_NEU-PC
07:36:47.0120 0x0d74  UserName: RAHN_NEU
07:36:47.0120 0x0d74  Windows directory: C:\Windows
07:36:47.0120 0x0d74  System windows directory: C:\Windows
07:36:47.0120 0x0d74  Running under WOW64
07:36:47.0120 0x0d74  Processor architecture: Intel x64
07:36:47.0120 0x0d74  Number of processors: 4
07:36:47.0120 0x0d74  Page size: 0x1000
07:36:47.0120 0x0d74  Boot type: Normal boot
07:36:47.0120 0x0d74  ============================================================
07:36:47.0537 0x0d74  KLMD registered as C:\Windows\system32\drivers\25883157.sys
07:36:47.0875 0x0d74  System UUID: {55910308-DEB7-D702-AC9C-BED9DDA2CA87}
07:36:48.0300 0x0d74  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:36:53.0682 0x0d74  Drive \Device\Harddisk1\DR1 - Size: 0x1BF4290000 ( 111.82 Gb ), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:36:53.0709 0x0d74  ============================================================
07:36:53.0709 0x0d74  \Device\Harddisk0\DR0:
07:36:53.0709 0x0d74  MBR partitions:
07:36:53.0709 0x0d74  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:36:53.0709 0x0d74  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
07:36:53.0709 0x0d74  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
07:36:53.0710 0x0d74  \Device\Harddisk1\DR1:
07:36:53.0710 0x0d74  MBR partitions:
07:36:53.0710 0x0d74  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDFA0000
07:36:53.0710 0x0d74  ============================================================
07:36:53.0724 0x0d74  C: <-> \Device\Harddisk0\DR0\Partition2
07:36:53.0749 0x0d74  D: <-> \Device\Harddisk0\DR0\Partition3
07:36:53.0762 0x0d74  F: <-> \Device\Harddisk1\DR1\Partition1
07:36:53.0762 0x0d74  ============================================================
07:36:53.0762 0x0d74  Initialize success
07:36:53.0762 0x0d74  ============================================================
07:38:06.0329 0x042c  ============================================================
07:38:06.0329 0x042c  Scan started
07:38:06.0329 0x042c  Mode: Manual; SigCheck; TDLFS; 
07:38:06.0329 0x042c  ============================================================
07:38:06.0329 0x042c  KSN ping started
07:38:20.0005 0x042c  KSN ping finished: true
07:38:20.0533 0x042c  ================ Scan system memory ========================
07:38:20.0533 0x042c  System memory - ok
07:38:20.0534 0x042c  ================ Scan services =============================
07:38:20.0666 0x042c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:38:20.0753 0x042c  1394ohci - ok
07:38:20.0846 0x042c  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
07:38:20.0862 0x042c  AAV UpdateService - ok
07:38:20.0887 0x042c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:38:20.0910 0x042c  ACPI - ok
07:38:20.0937 0x042c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:38:20.0985 0x042c  AcpiPmi - ok
07:38:21.0078 0x042c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:38:21.0095 0x042c  AdobeARMservice - ok
07:38:21.0168 0x042c  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:38:21.0187 0x042c  AdobeFlashPlayerUpdateSvc - ok
07:38:21.0213 0x042c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:38:21.0231 0x042c  adp94xx - ok
07:38:21.0269 0x042c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:38:21.0284 0x042c  adpahci - ok
07:38:21.0297 0x042c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:38:21.0309 0x042c  adpu320 - ok
07:38:21.0328 0x042c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:38:21.0414 0x042c  AeLookupSvc - ok
07:38:21.0454 0x042c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
07:38:21.0502 0x042c  AFD - ok
07:38:21.0528 0x042c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
07:38:21.0537 0x042c  agp440 - ok
07:38:21.0556 0x042c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
07:38:21.0615 0x042c  ALG - ok
07:38:21.0643 0x042c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:38:21.0667 0x042c  aliide - ok
07:38:21.0692 0x042c  [ 13AE8D986A8D61FBAFAF5CD3F8B3B89C, 2FE02A9E974EAC0D7E7E4E454A56EAA2CFE9B6E78CA97716F5BB725AAF5E5594 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:38:21.0736 0x042c  AMD External Events Utility - ok
07:38:21.0804 0x042c  AMD FUEL Service - ok
07:38:21.0849 0x042c  [ 05120427227F6F088ECA75942ED7ACA9, BD25436EB43C6718F5E6A4C3C24831189D3A893DC87AA0ADED993B7C3126F2E9 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
07:38:21.0859 0x042c  amdhub30 - ok
07:38:21.0890 0x042c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:38:21.0904 0x042c  amdide - ok
07:38:21.0939 0x042c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:38:21.0960 0x042c  AmdK8 - ok
07:38:22.0228 0x042c  [ 1BF58E56CA271FEF678DC3A9996FAB0A, E4D93759E5D1022AF2A85DEDED79A1EAAE40403F671DE0307BB7F060813EE88D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:38:22.0477 0x042c  amdkmdag - ok
07:38:22.0528 0x042c  [ 4DD3339D3818356145A4945C1B4CB4C5, 46DA51ACC72CEFAA7F5C8B9626FC6BA916D139BBC1D6B0C7B7E24822D5B4A02F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:38:22.0563 0x042c  amdkmdap - ok
07:38:22.0597 0x042c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:38:22.0626 0x042c  AmdPPM - ok
07:38:22.0656 0x042c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:38:22.0685 0x042c  amdsata - ok
07:38:22.0700 0x042c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:38:22.0713 0x042c  amdsbs - ok
07:38:22.0720 0x042c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:38:22.0728 0x042c  amdxata - ok
07:38:22.0758 0x042c  [ 7DCA2C59491D420947A0B529DB37C7CF, 4673DD141F02801A61FF057BE9DA7FD214C1F9ED31BCB035A8C4E44C579799E4 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
07:38:22.0770 0x042c  amdxhc - ok
07:38:22.0788 0x042c  [ 172C69FE64D07BDF5CE24146274F8CB8, 0A36069BA7B1E2C8B00E8E611E5F2AEF3A7571FAEA252752577EF9DE11F343DA ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
07:38:22.0795 0x042c  amd_sata - ok
07:38:22.0817 0x042c  [ A8FD2F5F3E70BE8FF66D2AFC6B6FB051, E5C9CDBEA96B008F2B73E5151B85867128479FBEEADF2500AB16E3B0692AC030 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
07:38:22.0825 0x042c  amd_xata - ok
07:38:22.0838 0x042c  [ F2154A205F4B784B61A72AEBC72BDC5F, A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
07:38:22.0853 0x042c  AODDriver4.2 - ok
07:38:22.0888 0x042c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
07:38:22.0906 0x042c  AppID - ok
07:38:22.0922 0x042c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:38:22.0953 0x042c  AppIDSvc - ok
07:38:22.0968 0x042c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
07:38:22.0996 0x042c  Appinfo - ok
07:38:23.0029 0x042c  [ E4D0F0D5EB374D8BACF40E30E9771D60, 56C4E820485D100DACD4EF076E0B2607274B236CCC45E0CCD527C737645A1ACB ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
07:38:23.0037 0x042c  AppleCharger - ok
07:38:23.0050 0x042c  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
07:38:23.0073 0x042c  AppleChargerSrv - ok
07:38:23.0117 0x042c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:38:23.0170 0x042c  AppMgmt - ok
07:38:23.0192 0x042c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
07:38:23.0208 0x042c  arc - ok
07:38:23.0222 0x042c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:38:23.0238 0x042c  arcsas - ok
07:38:23.0326 0x042c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:38:23.0346 0x042c  aspnet_state - ok
07:38:23.0364 0x042c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:38:23.0406 0x042c  AsyncMac - ok
07:38:23.0426 0x042c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:38:23.0434 0x042c  atapi - ok
07:38:23.0472 0x042c  [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:38:23.0508 0x042c  AtiHDAudioService - ok
07:38:23.0571 0x042c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:38:23.0599 0x042c  AudioEndpointBuilder - ok
07:38:23.0613 0x042c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:38:23.0634 0x042c  AudioSrv - ok
07:38:23.0678 0x042c  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
07:38:23.0702 0x042c  AVP - ok
07:38:23.0732 0x042c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:38:23.0799 0x042c  AxInstSV - ok
07:38:23.0841 0x042c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:38:23.0888 0x042c  b06bdrv - ok
07:38:23.0922 0x042c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:38:23.0960 0x042c  b57nd60a - ok
07:38:23.0992 0x042c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:38:24.0026 0x042c  BDESVC - ok
07:38:24.0036 0x042c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:38:24.0073 0x042c  Beep - ok
07:38:24.0109 0x042c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
07:38:24.0148 0x042c  BFE - ok
07:38:24.0189 0x042c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
07:38:24.0247 0x042c  BITS - ok
07:38:24.0272 0x042c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:38:24.0282 0x042c  blbdrive - ok
07:38:24.0309 0x042c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:38:24.0332 0x042c  bowser - ok
07:38:24.0361 0x042c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:38:24.0384 0x042c  BrFiltLo - ok
07:38:24.0399 0x042c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:38:24.0411 0x042c  BrFiltUp - ok
07:38:24.0434 0x042c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
07:38:24.0454 0x042c  Browser - ok
07:38:24.0482 0x042c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:38:24.0526 0x042c  Brserid - ok
07:38:24.0552 0x042c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:38:24.0570 0x042c  BrSerWdm - ok
07:38:24.0583 0x042c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:38:24.0607 0x042c  BrUsbMdm - ok
07:38:24.0621 0x042c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:38:24.0630 0x042c  BrUsbSer - ok
07:38:24.0643 0x042c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:38:24.0667 0x042c  BTHMODEM - ok
07:38:24.0692 0x042c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
07:38:24.0735 0x042c  bthserv - ok
07:38:24.0759 0x042c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:38:24.0797 0x042c  cdfs - ok
07:38:24.0827 0x042c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:38:24.0852 0x042c  cdrom - ok
07:38:24.0876 0x042c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:38:24.0905 0x042c  CertPropSvc - ok
07:38:24.0914 0x042c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:38:24.0930 0x042c  circlass - ok
07:38:24.0959 0x042c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
07:38:24.0975 0x042c  CLFS - ok
07:38:25.0022 0x042c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:38:25.0062 0x042c  clr_optimization_v2.0.50727_32 - ok
07:38:25.0089 0x042c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:38:25.0107 0x042c  clr_optimization_v2.0.50727_64 - ok
07:38:25.0155 0x042c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:38:25.0175 0x042c  clr_optimization_v4.0.30319_32 - ok
07:38:25.0191 0x042c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:38:25.0202 0x042c  clr_optimization_v4.0.30319_64 - ok
07:38:25.0229 0x042c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:38:25.0246 0x042c  CmBatt - ok
07:38:25.0261 0x042c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:38:25.0277 0x042c  cmdide - ok
07:38:25.0313 0x042c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
07:38:25.0336 0x042c  CNG - ok
07:38:25.0347 0x042c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:38:25.0356 0x042c  Compbatt - ok
07:38:25.0375 0x042c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:38:25.0387 0x042c  CompositeBus - ok
07:38:25.0393 0x042c  COMSysApp - ok
07:38:25.0411 0x042c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:38:25.0420 0x042c  crcdisk - ok
07:38:25.0461 0x042c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:38:25.0520 0x042c  CryptSvc - ok
07:38:25.0559 0x042c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
07:38:25.0631 0x042c  CSC - ok
07:38:25.0672 0x042c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
07:38:25.0699 0x042c  CscService - ok
07:38:25.0732 0x042c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:38:25.0775 0x042c  DcomLaunch - ok
07:38:25.0803 0x042c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:38:25.0850 0x042c  defragsvc - ok
07:38:25.0873 0x042c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:38:25.0898 0x042c  DfsC - ok
07:38:25.0924 0x042c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:38:25.0956 0x042c  Dhcp - ok
07:38:25.0979 0x042c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
07:38:26.0011 0x042c  discache - ok
07:38:26.0028 0x042c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
07:38:26.0037 0x042c  Disk - ok
07:38:26.0055 0x042c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:38:26.0085 0x042c  dmvsc - ok
07:38:26.0112 0x042c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:38:26.0137 0x042c  Dnscache - ok
07:38:26.0167 0x042c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:38:26.0212 0x042c  dot3svc - ok
07:38:26.0230 0x042c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
07:38:26.0267 0x042c  DPS - ok
07:38:26.0307 0x042c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:38:26.0338 0x042c  drmkaud - ok
07:38:26.0379 0x042c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:38:26.0405 0x042c  DXGKrnl - ok
07:38:26.0427 0x042c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
07:38:26.0468 0x042c  EapHost - ok
07:38:26.0555 0x042c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:38:26.0630 0x042c  ebdrv - ok
07:38:26.0664 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] EFS             C:\Windows\System32\lsass.exe
07:38:26.0695 0x042c  EFS - ok
07:38:26.0761 0x042c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:38:26.0818 0x042c  ehRecvr - ok
07:38:26.0829 0x042c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
07:38:26.0857 0x042c  ehSched - ok
07:38:26.0900 0x042c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:38:26.0925 0x042c  elxstor - ok
07:38:26.0968 0x042c  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
07:38:26.0978 0x042c  EpsonScanSvc - ok
07:38:26.0988 0x042c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:38:27.0008 0x042c  ErrDev - ok
07:38:27.0041 0x042c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
07:38:27.0079 0x042c  EventSystem - ok
07:38:27.0094 0x042c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:38:27.0134 0x042c  exfat - ok
07:38:27.0154 0x042c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:38:27.0188 0x042c  fastfat - ok
07:38:27.0216 0x042c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
07:38:27.0255 0x042c  Fax - ok
07:38:27.0274 0x042c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
07:38:27.0284 0x042c  fdc - ok
07:38:27.0297 0x042c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
07:38:27.0320 0x042c  fdPHost - ok
07:38:27.0326 0x042c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:38:27.0355 0x042c  FDResPub - ok
07:38:27.0368 0x042c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:38:27.0377 0x042c  FileInfo - ok
07:38:27.0388 0x042c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:38:27.0419 0x042c  Filetrace - ok
07:38:27.0429 0x042c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:38:27.0444 0x042c  flpydisk - ok
07:38:27.0459 0x042c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:38:27.0473 0x042c  FltMgr - ok
07:38:27.0520 0x042c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
07:38:27.0575 0x042c  FontCache - ok
07:38:27.0623 0x042c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:38:27.0650 0x042c  FontCache3.0.0.0 - ok
07:38:27.0671 0x042c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:38:27.0690 0x042c  FsDepends - ok
07:38:27.0717 0x042c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:38:27.0726 0x042c  Fs_Rec - ok
07:38:27.0748 0x042c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:38:27.0764 0x042c  fvevol - ok
07:38:27.0789 0x042c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:38:27.0800 0x042c  gagp30kx - ok
07:38:27.0807 0x042c  gdrv - ok
07:38:27.0844 0x042c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:38:27.0893 0x042c  gpsvc - ok
07:38:27.0915 0x042c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:38:27.0946 0x042c  hcw85cir - ok
07:38:27.0982 0x042c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:38:28.0007 0x042c  HdAudAddService - ok
07:38:28.0026 0x042c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:38:28.0040 0x042c  HDAudBus - ok
07:38:28.0049 0x042c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:38:28.0060 0x042c  HidBatt - ok
07:38:28.0076 0x042c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:38:28.0090 0x042c  HidBth - ok
07:38:28.0120 0x042c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:38:28.0137 0x042c  HidIr - ok
07:38:28.0149 0x042c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
07:38:28.0176 0x042c  hidserv - ok
07:38:28.0194 0x042c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:38:28.0220 0x042c  HidUsb - ok
07:38:28.0242 0x042c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:38:28.0280 0x042c  hkmsvc - ok
07:38:28.0294 0x042c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:38:28.0335 0x042c  HomeGroupListener - ok
07:38:28.0356 0x042c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:38:28.0368 0x042c  HomeGroupProvider - ok
07:38:28.0374 0x042c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:38:28.0384 0x042c  HpSAMD - ok
07:38:28.0440 0x042c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:38:28.0482 0x042c  HTTP - ok
07:38:28.0506 0x042c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:38:28.0514 0x042c  hwpolicy - ok
07:38:28.0531 0x042c  hyglvro - ok
07:38:28.0553 0x042c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:38:28.0565 0x042c  i8042prt - ok
07:38:28.0597 0x042c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:38:28.0621 0x042c  iaStorV - ok
07:38:28.0675 0x042c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:38:28.0727 0x042c  idsvc - ok
07:38:28.0737 0x042c  IEEtwCollectorService - ok
07:38:28.0751 0x042c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:38:28.0760 0x042c  iirsp - ok
07:38:28.0796 0x042c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
07:38:28.0840 0x042c  IKEEXT - ok
07:38:28.0962 0x042c  [ 517869DB2BC6058D250A2963AE32B2D4, 155452DCBA19ABDF8ED72286E9AC43947A06F08C1BD044F88A870F3465981B79 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:38:29.0038 0x042c  IntcAzAudAddService - ok
07:38:29.0050 0x042c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:38:29.0064 0x042c  intelide - ok
07:38:29.0096 0x042c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
07:38:29.0116 0x042c  intelppm - ok
07:38:29.0137 0x042c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:38:29.0180 0x042c  IPBusEnum - ok
07:38:29.0190 0x042c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:38:29.0225 0x042c  IpFilterDriver - ok
07:38:29.0252 0x042c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:38:29.0285 0x042c  iphlpsvc - ok
07:38:29.0295 0x042c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:38:29.0306 0x042c  IPMIDRV - ok
07:38:29.0323 0x042c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:38:29.0350 0x042c  IPNAT - ok
07:38:29.0370 0x042c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:38:29.0382 0x042c  IRENUM - ok
07:38:29.0393 0x042c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:38:29.0401 0x042c  isapnp - ok
07:38:29.0427 0x042c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:38:29.0448 0x042c  iScsiPrt - ok
07:38:29.0469 0x042c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:38:29.0478 0x042c  kbdclass - ok
07:38:29.0486 0x042c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:38:29.0504 0x042c  kbdhid - ok
07:38:29.0507 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] KeyIso          C:\Windows\system32\lsass.exe
07:38:29.0515 0x042c  KeyIso - ok
07:38:29.0553 0x042c  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
07:38:29.0570 0x042c  kl1 - ok
07:38:29.0604 0x042c  [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
07:38:29.0613 0x042c  klflt - ok
07:38:29.0645 0x042c  [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
07:38:29.0664 0x042c  KLIF - ok
07:38:29.0671 0x042c  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
07:38:29.0679 0x042c  KLIM6 - ok
07:38:29.0689 0x042c  [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
07:38:29.0697 0x042c  klkbdflt - ok
07:38:29.0708 0x042c  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
07:38:29.0716 0x042c  klmouflt - ok
07:38:29.0728 0x042c  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
07:38:29.0735 0x042c  klpd - ok
07:38:29.0739 0x042c  [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
07:38:29.0747 0x042c  kltdi - ok
07:38:29.0755 0x042c  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
07:38:29.0766 0x042c  kneps - ok
07:38:29.0792 0x042c  [ C93EB3A92540830168F2057ECA7DE49A, 91DAEAD52B517E1E7CE9AAAE478493732156AA3122E6D16F7E8BD37116BB501C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:38:29.0802 0x042c  KSecDD - ok
07:38:29.0813 0x042c  [ 43F45C59A472993E5063F2DB2D22C509, E21B48733619B49272F46E01432D76072AC9241F55CDF08E84AF6277E3BF972A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:38:29.0824 0x042c  KSecPkg - ok
07:38:29.0849 0x042c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:38:29.0873 0x042c  ksthunk - ok
07:38:29.0898 0x042c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:38:29.0951 0x042c  KtmRm - ok
07:38:29.0980 0x042c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:38:30.0018 0x042c  LanmanServer - ok
07:38:30.0042 0x042c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:38:30.0068 0x042c  LanmanWorkstation - ok
07:38:30.0150 0x042c  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:38:30.0188 0x042c  LBTServ - ok
07:38:30.0208 0x042c  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
07:38:30.0216 0x042c  LEqdUsb - ok
07:38:30.0250 0x042c  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
07:38:30.0263 0x042c  LHidEqd - ok
07:38:30.0293 0x042c  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:38:30.0310 0x042c  LHidFilt - ok
07:38:30.0334 0x042c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:38:30.0385 0x042c  lltdio - ok
07:38:30.0419 0x042c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:38:30.0469 0x042c  lltdsvc - ok
07:38:30.0521 0x042c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:38:30.0546 0x042c  lmhosts - ok
07:38:30.0556 0x042c  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:38:30.0563 0x042c  LMouFilt - ok
07:38:30.0595 0x042c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:38:30.0607 0x042c  LSI_FC - ok
07:38:30.0622 0x042c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:38:30.0633 0x042c  LSI_SAS - ok
07:38:30.0641 0x042c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:38:30.0650 0x042c  LSI_SAS2 - ok
07:38:30.0659 0x042c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:38:30.0670 0x042c  LSI_SCSI - ok
07:38:30.0682 0x042c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:38:30.0717 0x042c  luafv - ok
07:38:30.0738 0x042c  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
07:38:30.0752 0x042c  LVRS64 - ok
07:38:30.0897 0x042c  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
07:38:30.0992 0x042c  LVUVC64 - ok
07:38:31.0044 0x042c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:38:31.0052 0x042c  MBAMProtector - ok
07:38:31.0116 0x042c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
07:38:31.0143 0x042c  MBAMService - ok
07:38:31.0171 0x042c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
07:38:31.0184 0x042c  MBAMWebAccessControl - ok
07:38:31.0209 0x042c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:38:31.0225 0x042c  Mcx2Svc - ok
07:38:31.0240 0x042c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:38:31.0249 0x042c  megasas - ok
07:38:31.0260 0x042c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:38:31.0273 0x042c  MegaSR - ok
07:38:31.0292 0x042c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
07:38:31.0317 0x042c  MMCSS - ok
07:38:31.0327 0x042c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
07:38:31.0359 0x042c  Modem - ok
07:38:31.0389 0x042c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:38:31.0408 0x042c  monitor - ok
07:38:31.0424 0x042c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:38:31.0433 0x042c  mouclass - ok
07:38:31.0452 0x042c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:38:31.0469 0x042c  mouhid - ok
07:38:31.0496 0x042c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:38:31.0506 0x042c  mountmgr - ok
07:38:31.0540 0x042c  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:38:31.0550 0x042c  MozillaMaintenance - ok
07:38:31.0559 0x042c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:38:31.0571 0x042c  mpio - ok
07:38:31.0590 0x042c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:38:31.0615 0x042c  mpsdrv - ok
07:38:31.0640 0x042c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:38:31.0685 0x042c  MpsSvc - ok
07:38:31.0710 0x042c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:38:31.0755 0x042c  MRxDAV - ok
07:38:31.0785 0x042c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:38:31.0804 0x042c  mrxsmb - ok
07:38:31.0826 0x042c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:38:31.0840 0x042c  mrxsmb10 - ok
07:38:31.0846 0x042c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:38:31.0857 0x042c  mrxsmb20 - ok
07:38:31.0870 0x042c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:38:31.0879 0x042c  msahci - ok
07:38:31.0895 0x042c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:38:31.0906 0x042c  msdsm - ok
07:38:31.0918 0x042c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
07:38:31.0936 0x042c  MSDTC - ok
07:38:31.0952 0x042c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:38:31.0991 0x042c  Msfs - ok
07:38:32.0022 0x042c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:38:32.0046 0x042c  mshidkmdf - ok
07:38:32.0052 0x042c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:38:32.0060 0x042c  msisadrv - ok
07:38:32.0089 0x042c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:38:32.0129 0x042c  MSiSCSI - ok
07:38:32.0131 0x042c  msiserver - ok
07:38:32.0152 0x042c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:38:32.0176 0x042c  MSKSSRV - ok
07:38:32.0179 0x042c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:38:32.0211 0x042c  MSPCLOCK - ok
07:38:32.0225 0x042c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:38:32.0262 0x042c  MSPQM - ok
07:38:32.0283 0x042c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:38:32.0299 0x042c  MsRPC - ok
07:38:32.0306 0x042c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:38:32.0314 0x042c  mssmbios - ok
07:38:32.0321 0x042c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:38:32.0355 0x042c  MSTEE - ok
07:38:32.0362 0x042c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:38:32.0371 0x042c  MTConfig - ok
07:38:32.0386 0x042c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:38:32.0395 0x042c  Mup - ok
07:38:32.0415 0x042c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
07:38:32.0448 0x042c  napagent - ok
07:38:32.0477 0x042c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:38:32.0495 0x042c  NativeWifiP - ok
07:38:32.0545 0x042c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:38:32.0572 0x042c  NDIS - ok
07:38:32.0589 0x042c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:38:32.0618 0x042c  NdisCap - ok
07:38:32.0631 0x042c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:38:32.0656 0x042c  NdisTapi - ok
07:38:32.0671 0x042c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:38:32.0694 0x042c  Ndisuio - ok
07:38:32.0710 0x042c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:38:32.0748 0x042c  NdisWan - ok
07:38:32.0760 0x042c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:38:32.0784 0x042c  NDProxy - ok
07:38:32.0796 0x042c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:38:32.0820 0x042c  NetBIOS - ok
07:38:32.0837 0x042c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:38:32.0865 0x042c  NetBT - ok
07:38:32.0888 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] Netlogon        C:\Windows\system32\lsass.exe
07:38:32.0897 0x042c  Netlogon - ok
07:38:32.0922 0x042c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
07:38:32.0961 0x042c  Netman - ok
07:38:32.0985 0x042c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:38:32.0996 0x042c  NetMsmqActivator - ok
07:38:33.0000 0x042c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:38:33.0011 0x042c  NetPipeActivator - ok
07:38:33.0027 0x042c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
07:38:33.0061 0x042c  netprofm - ok
07:38:33.0065 0x042c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:38:33.0077 0x042c  NetTcpActivator - ok
07:38:33.0081 0x042c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:38:33.0092 0x042c  NetTcpPortSharing - ok
07:38:33.0114 0x042c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:38:33.0124 0x042c  nfrd960 - ok
07:38:33.0159 0x042c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:38:33.0192 0x042c  NlaSvc - ok
07:38:33.0206 0x042c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:38:33.0230 0x042c  Npfs - ok
07:38:33.0243 0x042c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
07:38:33.0275 0x042c  nsi - ok
07:38:33.0282 0x042c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:38:33.0315 0x042c  nsiproxy - ok
07:38:33.0366 0x042c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:38:33.0407 0x042c  Ntfs - ok
07:38:33.0439 0x042c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
07:38:33.0470 0x042c  Null - ok
07:38:33.0486 0x042c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:38:33.0504 0x042c  nvraid - ok
07:38:33.0532 0x042c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:38:33.0550 0x042c  nvstor - ok
07:38:33.0564 0x042c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:38:33.0577 0x042c  nv_agp - ok
07:38:33.0651 0x042c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:38:33.0687 0x042c  odserv - ok
07:38:33.0694 0x042c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:38:33.0705 0x042c  ohci1394 - ok
07:38:33.0722 0x042c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:38:33.0733 0x042c  ose - ok
07:38:33.0761 0x042c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:38:33.0799 0x042c  p2pimsvc - ok
07:38:33.0821 0x042c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:38:33.0852 0x042c  p2psvc - ok
07:38:33.0876 0x042c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:38:33.0897 0x042c  Parport - ok
07:38:33.0910 0x042c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:38:33.0919 0x042c  partmgr - ok
07:38:33.0948 0x042c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:38:33.0983 0x042c  PcaSvc - ok
07:38:34.0001 0x042c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
07:38:34.0013 0x042c  pci - ok
07:38:34.0031 0x042c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:38:34.0045 0x042c  pciide - ok
07:38:34.0061 0x042c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:38:34.0073 0x042c  pcmcia - ok
07:38:34.0086 0x042c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:38:34.0095 0x042c  pcw - ok
07:38:34.0119 0x042c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:38:34.0141 0x042c  PEAUTH - ok
07:38:34.0188 0x042c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:38:34.0243 0x042c  PeerDistSvc - ok
07:38:34.0311 0x042c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:38:34.0344 0x042c  PerfHost - ok
07:38:34.0398 0x042c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
07:38:34.0463 0x042c  pla - ok
07:38:34.0500 0x042c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:38:34.0540 0x042c  PlugPlay - ok
07:38:34.0552 0x042c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:38:34.0566 0x042c  PNRPAutoReg - ok
07:38:34.0577 0x042c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:38:34.0592 0x042c  PNRPsvc - ok
07:38:34.0626 0x042c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:38:34.0686 0x042c  PolicyAgent - ok
07:38:34.0714 0x042c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
07:38:34.0741 0x042c  Power - ok
07:38:34.0760 0x042c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:38:34.0786 0x042c  PptpMiniport - ok
07:38:34.0795 0x042c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
07:38:34.0810 0x042c  Processor - ok
07:38:34.0840 0x042c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:38:34.0861 0x042c  ProfSvc - ok
07:38:34.0871 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] ProtectedStorage C:\Windows\system32\lsass.exe
07:38:34.0880 0x042c  ProtectedStorage - ok
07:38:34.0898 0x042c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:38:34.0933 0x042c  Psched - ok
07:38:34.0984 0x042c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:38:35.0023 0x042c  ql2300 - ok
07:38:35.0034 0x042c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:38:35.0045 0x042c  ql40xx - ok
07:38:35.0068 0x042c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
07:38:35.0092 0x042c  QWAVE - ok
07:38:35.0101 0x042c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:38:35.0119 0x042c  QWAVEdrv - ok
07:38:35.0128 0x042c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:38:35.0161 0x042c  RasAcd - ok
07:38:35.0197 0x042c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:38:35.0239 0x042c  RasAgileVpn - ok
07:38:35.0250 0x042c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
07:38:35.0287 0x042c  RasAuto - ok
07:38:35.0302 0x042c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:38:35.0327 0x042c  Rasl2tp - ok
07:38:35.0350 0x042c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
07:38:35.0390 0x042c  RasMan - ok
07:38:35.0406 0x042c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:38:35.0441 0x042c  RasPppoe - ok
07:38:35.0449 0x042c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:38:35.0485 0x042c  RasSstp - ok
07:38:35.0504 0x042c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:38:35.0533 0x042c  rdbss - ok
07:38:35.0543 0x042c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:38:35.0554 0x042c  rdpbus - ok
07:38:35.0566 0x042c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:38:35.0597 0x042c  RDPCDD - ok
07:38:35.0618 0x042c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:38:35.0650 0x042c  RDPDR - ok
07:38:35.0657 0x042c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:38:35.0690 0x042c  RDPENCDD - ok
07:38:35.0714 0x042c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:38:35.0738 0x042c  RDPREFMP - ok
07:38:35.0790 0x042c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:38:35.0829 0x042c  RdpVideoMiniport - ok
07:38:35.0859 0x042c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:38:35.0900 0x042c  RDPWD - ok
07:38:35.0928 0x042c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:38:35.0942 0x042c  rdyboost - ok
07:38:35.0965 0x042c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:38:36.0004 0x042c  RemoteAccess - ok
07:38:36.0023 0x042c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:38:36.0057 0x042c  RemoteRegistry - ok
07:38:36.0069 0x042c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:38:36.0104 0x042c  RpcEptMapper - ok
07:38:36.0120 0x042c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
07:38:36.0136 0x042c  RpcLocator - ok
07:38:36.0156 0x042c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
07:38:36.0188 0x042c  RpcSs - ok
07:38:36.0212 0x042c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:38:36.0238 0x042c  rspndr - ok
07:38:36.0274 0x042c  [ 7F4F11527AF5A7E4526CB6A146B3E40C, 705177014374AB2F12AF4558344C35C206C2820BD1A16770173EA10D094D182B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
07:38:36.0293 0x042c  RTL8167 - ok
07:38:36.0306 0x042c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:38:36.0314 0x042c  s3cap - ok
07:38:36.0329 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] SamSs           C:\Windows\system32\lsass.exe
07:38:36.0338 0x042c  SamSs - ok
07:38:36.0353 0x042c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:38:36.0363 0x042c  sbp2port - ok
07:38:36.0378 0x042c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:38:36.0412 0x042c  SCardSvr - ok
07:38:36.0415 0x042c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:38:36.0439 0x042c  scfilter - ok
07:38:36.0470 0x042c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
07:38:36.0524 0x042c  Schedule - ok
07:38:36.0541 0x042c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:38:36.0565 0x042c  SCPolicySvc - ok
07:38:36.0588 0x042c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:38:36.0610 0x042c  SDRSVC - ok
07:38:36.0637 0x042c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:38:36.0671 0x042c  secdrv - ok
07:38:36.0681 0x042c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
07:38:36.0710 0x042c  seclogon - ok
07:38:36.0723 0x042c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
07:38:36.0756 0x042c  SENS - ok
07:38:36.0767 0x042c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:38:36.0788 0x042c  SensrSvc - ok
07:38:36.0808 0x042c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:38:36.0825 0x042c  Serenum - ok
07:38:36.0851 0x042c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:38:36.0870 0x042c  Serial - ok
07:38:36.0878 0x042c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:38:36.0893 0x042c  sermouse - ok
07:38:36.0920 0x042c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:38:36.0951 0x042c  SessionEnv - ok
07:38:36.0976 0x042c  [ ADDC96399ACDF3C4DD690C74B835082E, 4CB28EE2B507C0F519C5DD529DEE2AD24DB123DE8BAE589351A11A33543E2616 ] sfdrv01a        C:\Windows\system32\drivers\sfdrv01a.sys
07:38:36.0984 0x042c  sfdrv01a - ok
07:38:36.0998 0x042c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:38:37.0015 0x042c  sffdisk - ok
07:38:37.0026 0x042c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:38:37.0037 0x042c  sffp_mmc - ok
07:38:37.0048 0x042c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:38:37.0059 0x042c  sffp_sd - ok
07:38:37.0072 0x042c  [ 17F6BD95BF04B924F4C05CE78BEF8AE6, 68D38DC04349DA476B62F853B165EE6B6F42054BCAF2B8F615A6E6BAACD35EB4 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
07:38:37.0079 0x042c  sfhlp02 - ok
07:38:37.0094 0x042c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:38:37.0112 0x042c  sfloppy - ok
07:38:37.0120 0x042c  [ B02C284AAC97C61B707AD7400F36A067, 9235C5CD6BBC94A9CD516C523DDD5E34642198CF092C30914F6070C8B85BF45C ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
07:38:37.0129 0x042c  sfsync04 - ok
07:38:37.0156 0x042c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:38:37.0194 0x042c  SharedAccess - ok
07:38:37.0213 0x042c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:38:37.0250 0x042c  ShellHWDetection - ok
07:38:37.0267 0x042c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:38:37.0276 0x042c  SiSRaid2 - ok
07:38:37.0284 0x042c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:38:37.0294 0x042c  SiSRaid4 - ok
07:38:37.0333 0x042c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:38:37.0355 0x042c  SkypeUpdate - ok
07:38:37.0391 0x042c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:38:37.0416 0x042c  Smb - ok
07:38:37.0437 0x042c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:38:37.0447 0x042c  SNMPTRAP - ok
07:38:37.0461 0x042c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:38:37.0470 0x042c  spldr - ok
07:38:37.0496 0x042c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
07:38:37.0530 0x042c  Spooler - ok
07:38:37.0631 0x042c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
07:38:37.0720 0x042c  sppsvc - ok
07:38:37.0734 0x042c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:38:37.0765 0x042c  sppuinotify - ok
07:38:37.0799 0x042c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:38:37.0839 0x042c  srv - ok
07:38:37.0861 0x042c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:38:37.0886 0x042c  srv2 - ok
07:38:37.0896 0x042c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:38:37.0907 0x042c  srvnet - ok
07:38:37.0930 0x042c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:38:37.0959 0x042c  SSDPSRV - ok
07:38:37.0966 0x042c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:38:37.0992 0x042c  SstpSvc - ok
07:38:38.0009 0x042c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:38:38.0018 0x042c  stexstor - ok
07:38:38.0049 0x042c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
07:38:38.0083 0x042c  stisvc - ok
07:38:38.0103 0x042c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:38:38.0112 0x042c  storflt - ok
07:38:38.0126 0x042c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
07:38:38.0150 0x042c  StorSvc - ok
07:38:38.0167 0x042c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:38:38.0176 0x042c  storvsc - ok
07:38:38.0183 0x042c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:38:38.0191 0x042c  swenum - ok
07:38:38.0222 0x042c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
07:38:38.0263 0x042c  swprv - ok
07:38:38.0307 0x042c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
07:38:38.0353 0x042c  SysMain - ok
07:38:38.0383 0x042c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:38:38.0403 0x042c  TabletInputService - ok
07:38:38.0415 0x042c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:38:38.0453 0x042c  TapiSrv - ok
07:38:38.0461 0x042c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
07:38:38.0498 0x042c  TBS - ok
07:38:38.0554 0x042c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:38:38.0600 0x042c  Tcpip - ok
07:38:38.0642 0x042c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:38:38.0684 0x042c  TCPIP6 - ok
07:38:38.0711 0x042c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:38:38.0720 0x042c  tcpipreg - ok
07:38:38.0746 0x042c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:38:38.0775 0x042c  TDPIPE - ok
07:38:38.0791 0x042c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:38:38.0809 0x042c  TDTCP - ok
07:38:38.0825 0x042c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:38:38.0857 0x042c  tdx - ok
07:38:38.0876 0x042c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:38:38.0885 0x042c  TermDD - ok
07:38:38.0936 0x042c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
07:38:38.0992 0x042c  TermService - ok
07:38:39.0009 0x042c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
07:38:39.0030 0x042c  Themes - ok
07:38:39.0042 0x042c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
07:38:39.0066 0x042c  THREADORDER - ok
07:38:39.0074 0x042c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
07:38:39.0100 0x042c  TrkWks - ok
07:38:39.0141 0x042c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:38:39.0167 0x042c  TrustedInstaller - ok
07:38:39.0196 0x042c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:38:39.0212 0x042c  tssecsrv - ok
07:38:39.0239 0x042c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:38:39.0267 0x042c  TsUsbFlt - ok
07:38:39.0287 0x042c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:38:39.0317 0x042c  TsUsbGD - ok
07:38:39.0357 0x042c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:38:39.0392 0x042c  tunnel - ok
07:38:39.0402 0x042c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:38:39.0411 0x042c  uagp35 - ok
07:38:39.0427 0x042c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:38:39.0457 0x042c  udfs - ok
07:38:39.0480 0x042c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:38:39.0495 0x042c  UI0Detect - ok
07:38:39.0513 0x042c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:38:39.0523 0x042c  uliagpkx - ok
07:38:39.0542 0x042c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:38:39.0557 0x042c  umbus - ok
07:38:39.0574 0x042c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:38:39.0584 0x042c  UmPass - ok
07:38:39.0612 0x042c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:38:39.0633 0x042c  UmRdpService - ok
07:38:39.0649 0x042c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
07:38:39.0687 0x042c  upnphost - ok
07:38:39.0710 0x042c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:38:39.0736 0x042c  usbaudio - ok
07:38:39.0766 0x042c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:38:39.0807 0x042c  usbccgp - ok
07:38:39.0833 0x042c  [ 84A8E67E6CB15B070A2A7A0B3A9F1609, 08AB5691024A5B69A23DEF4E69696EC46D5BAD01A24861CFE612FBD649D87BDB ] UsbCharger      C:\Windows\system32\DRIVERS\UsbCharger.sys
07:38:39.0840 0x042c  UsbCharger - ok
07:38:39.0862 0x042c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:38:39.0898 0x042c  usbcir - ok
07:38:39.0920 0x042c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:38:39.0930 0x042c  usbehci - ok
07:38:39.0950 0x042c  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
07:38:39.0958 0x042c  usbfilter - ok
07:38:39.0982 0x042c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:38:39.0996 0x042c  usbhub - ok
07:38:40.0008 0x042c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
07:38:40.0016 0x042c  usbohci - ok
07:38:40.0033 0x042c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
07:38:40.0045 0x042c  usbprint - ok
07:38:40.0060 0x042c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:38:40.0080 0x042c  USBSTOR - ok
07:38:40.0084 0x042c  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:38:40.0107 0x042c  usbuhci - ok
07:38:40.0127 0x042c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:38:40.0157 0x042c  usbvideo - ok
07:38:40.0181 0x042c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
07:38:40.0210 0x042c  UxSms - ok
07:38:40.0221 0x042c  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] VaultSvc        C:\Windows\system32\lsass.exe
07:38:40.0229 0x042c  VaultSvc - ok
07:38:40.0249 0x042c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:38:40.0257 0x042c  vdrvroot - ok
07:38:40.0286 0x042c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
07:38:40.0327 0x042c  vds - ok
07:38:40.0337 0x042c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:38:40.0348 0x042c  vga - ok
07:38:40.0357 0x042c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:38:40.0388 0x042c  VgaSave - ok
07:38:40.0403 0x042c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:38:40.0415 0x042c  vhdmp - ok
07:38:40.0434 0x042c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:38:40.0448 0x042c  viaide - ok
07:38:40.0467 0x042c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:38:40.0480 0x042c  vmbus - ok
07:38:40.0493 0x042c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:38:40.0502 0x042c  VMBusHID - ok
07:38:40.0517 0x042c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:38:40.0526 0x042c  volmgr - ok
07:38:40.0541 0x042c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:38:40.0556 0x042c  volmgrx - ok
07:38:40.0570 0x042c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:38:40.0584 0x042c  volsnap - ok
07:38:40.0607 0x042c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:38:40.0618 0x042c  vsmraid - ok
07:38:40.0671 0x042c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
07:38:40.0739 0x042c  VSS - ok
07:38:40.0749 0x042c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:38:40.0761 0x042c  vwifibus - ok
07:38:40.0770 0x042c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
07:38:40.0812 0x042c  W32Time - ok
07:38:40.0825 0x042c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:38:40.0844 0x042c  WacomPen - ok
07:38:40.0868 0x042c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:38:40.0901 0x042c  WANARP - ok
07:38:40.0905 0x042c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:38:40.0928 0x042c  Wanarpv6 - ok
07:38:40.0965 0x042c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
07:38:41.0034 0x042c  wbengine - ok
07:38:41.0064 0x042c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:38:41.0100 0x042c  WbioSrvc - ok
07:38:41.0117 0x042c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:38:41.0137 0x042c  wcncsvc - ok
07:38:41.0149 0x042c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:38:41.0169 0x042c  WcsPlugInService - ok
07:38:41.0177 0x042c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
07:38:41.0186 0x042c  Wd - ok
07:38:41.0218 0x042c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:38:41.0242 0x042c  Wdf01000 - ok
07:38:41.0265 0x042c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:38:41.0325 0x042c  WdiServiceHost - ok
07:38:41.0331 0x042c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:38:41.0352 0x042c  WdiSystemHost - ok
07:38:41.0381 0x042c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
07:38:41.0425 0x042c  WebClient - ok
07:38:41.0449 0x042c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:38:41.0502 0x042c  Wecsvc - ok
07:38:41.0514 0x042c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:38:41.0540 0x042c  wercplsupport - ok
07:38:41.0567 0x042c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:38:41.0601 0x042c  WerSvc - ok
07:38:41.0623 0x042c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:38:41.0647 0x042c  WfpLwf - ok
07:38:41.0655 0x042c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:38:41.0664 0x042c  WIMMount - ok
07:38:41.0685 0x042c  WinDefend - ok
07:38:41.0697 0x042c  WinHttpAutoProxySvc - ok
07:38:41.0748 0x042c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:38:41.0808 0x042c  Winmgmt - ok
07:38:41.0876 0x042c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:38:41.0955 0x042c  WinRM - ok
07:38:41.0999 0x042c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:38:42.0010 0x042c  WinUsb - ok
07:38:42.0042 0x042c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:38:42.0095 0x042c  Wlansvc - ok
07:38:42.0115 0x042c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:38:42.0133 0x042c  WmiAcpi - ok
07:38:42.0160 0x042c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:38:42.0184 0x042c  wmiApSrv - ok
07:38:42.0204 0x042c  WMPNetworkSvc - ok
07:38:42.0220 0x042c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:38:42.0259 0x042c  WPCSvc - ok
07:38:42.0272 0x042c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:38:42.0287 0x042c  WPDBusEnum - ok
07:38:42.0307 0x042c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:38:42.0346 0x042c  ws2ifsl - ok
07:38:42.0359 0x042c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
07:38:42.0374 0x042c  wscsvc - ok
07:38:42.0399 0x042c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
07:38:42.0430 0x042c  WSDPrintDevice - ok
07:38:42.0438 0x042c  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
07:38:42.0462 0x042c  WSDScan - ok
07:38:42.0465 0x042c  WSearch - ok
07:38:42.0541 0x042c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:38:42.0611 0x042c  wuauserv - ok
07:38:42.0633 0x042c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:38:42.0675 0x042c  WudfPf - ok
07:38:42.0698 0x042c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:38:42.0728 0x042c  WUDFRd - ok
07:38:42.0738 0x042c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:38:42.0759 0x042c  wudfsvc - ok
07:38:42.0781 0x042c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:38:42.0824 0x042c  WwanSvc - ok
07:38:42.0828 0x042c  ================ Scan global ===============================
07:38:42.0849 0x042c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:38:42.0882 0x042c  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
07:38:42.0893 0x042c  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
07:38:42.0916 0x042c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:38:42.0948 0x042c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
07:38:42.0954 0x042c  [ Global ] - ok
07:38:42.0955 0x042c  ================ Scan MBR ==================================
07:38:42.0961 0x042c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:38:43.0296 0x042c  \Device\Harddisk0\DR0 - ok
07:38:43.0300 0x042c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
07:38:43.0360 0x042c  \Device\Harddisk1\DR1 - ok
07:38:43.0361 0x042c  ================ Scan VBR ==================================
07:38:43.0364 0x042c  [ D797C577FB37DB55D6C14BA17CEFEE5B ] \Device\Harddisk0\DR0\Partition1
07:38:43.0403 0x042c  \Device\Harddisk0\DR0\Partition1 - ok
07:38:43.0407 0x042c  [ C0695442253860612287E867BAC4A118 ] \Device\Harddisk0\DR0\Partition2
07:38:43.0459 0x042c  \Device\Harddisk0\DR0\Partition2 - ok
07:38:43.0463 0x042c  [ 343B06D9D180DE321402D5F6A29CA98C ] \Device\Harddisk0\DR0\Partition3
07:38:43.0514 0x042c  \Device\Harddisk0\DR0\Partition3 - ok
07:38:43.0518 0x042c  [ A82A2B78E295148087C274716B7A0B28 ] \Device\Harddisk1\DR1\Partition1
07:38:43.0519 0x042c  \Device\Harddisk1\DR1\Partition1 - ok
07:38:43.0520 0x042c  ================ Scan generic autorun ======================
07:38:43.0873 0x042c  [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
07:38:44.0119 0x042c  RtHDVCpl - ok
07:38:44.0301 0x042c  [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
07:38:44.0361 0x042c  EvtMgr6 - ok
07:38:44.0441 0x042c  [ 0210577A83C3E30C724E21EC3211ED95, 1433DE5B47B5EC1F99E6BCD6C8538D8BD1F17B175AB4FE2CE7D480D46AAF3822 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
07:38:44.0469 0x042c  StartCCC - ok
07:38:44.0545 0x042c  [ 2943A5A31664A8183E993D480B8709BC, 282397F5EFC6B5A517881350736901620649C3CF0A692423CF77B9093F933E8B ] C:\Program Files (x86)\ClocX\ClocX.exe
07:38:44.0598 0x042c  ClocX - detected UnsignedFile.Multi.Generic ( 1 )
07:38:47.0266 0x042c  Detect skipped due to KSN trusted
07:38:47.0266 0x042c  ClocX - ok
07:38:47.0375 0x042c  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
07:38:47.0395 0x042c  LWS - ok
07:38:47.0423 0x042c  [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files (x86)\PDF24\pdf24.exe
07:38:47.0440 0x042c  PDFPrint - ok
07:38:47.0528 0x042c  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:38:47.0551 0x042c  Adobe ARM - ok
07:38:47.0607 0x042c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:38:47.0678 0x042c  Sidebar - ok
07:38:47.0702 0x042c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:38:47.0728 0x042c  mctadmin - ok
07:38:47.0756 0x042c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:38:47.0787 0x042c  Sidebar - ok
07:38:47.0792 0x042c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:38:47.0805 0x042c  mctadmin - ok
07:38:48.0015 0x042c  [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
07:38:48.0165 0x042c  CCleaner Monitoring - ok
07:38:48.0224 0x042c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:38:48.0259 0x042c  Sidebar - ok
07:38:48.0261 0x042c  Waiting for KSN requests completion. In queue: 78
07:38:49.0261 0x042c  Waiting for KSN requests completion. In queue: 78
07:38:50.0261 0x042c  Waiting for KSN requests completion. In queue: 9
07:38:51.0286 0x042c  AV detected via SS2: Kaspersky Anti-Virus, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
07:38:51.0292 0x042c  Win FW state via NFP2: enabled
07:38:53.0973 0x042c  ============================================================
07:38:53.0973 0x042c  Scan finished
07:38:53.0973 0x042c  ============================================================
07:38:53.0985 0x13a8  Detected object count: 0
07:38:53.0985 0x13a8  Actual detected object count: 0
__________________
Alt 19.05.2015, 15:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


hi,

sieht gut aus, trotzdem nochmal zur Kontrolle:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.05.2015, 20:02   #5
v2rahn
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


Hier das Combofix-Logfile. Es lief ohne Meckern von Combofix durch:

Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 15-05-13.01 - RAHN_NEU 19.05.2015  20:05:10.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7364.5739 [GMT 2:00]
ausgeführt von:: c:\users\RAHN_NEU\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-19 bis 2015-05-19  ))))))))))))))))))))))))))))))
.
.
2015-05-19 18:09 . 2015-05-19 18:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-18 21:33 . 2015-05-18 21:35	--------	d-----w-	C:\FRST
2015-05-17 19:26 . 2015-05-17 19:26	--------	d-----w-	c:\users\RAHN_NEU\AppData\Local\CrashDumps
2015-05-15 20:22 . 2015-05-15 20:22	--------	d-----w-	c:\users\RAHN_NEU\AppData\Local\AAV
2015-05-15 20:21 . 2015-05-15 20:21	--------	d-----w-	C:\Programme (x86)
2015-05-15 20:17 . 2015-05-15 20:23	--------	d-----w-	c:\programdata\AAV
2015-05-15 08:09 . 2015-04-04 06:25	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{26042888-740D-4DAB-BD36-7DD1EBC42B10}\mpengine.dll
2015-05-13 20:49 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:49 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:18 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-04 19:03 . 2015-05-04 19:03	--------	d-----w-	c:\programdata\Logitech
2015-04-28 19:01 . 2015-04-28 19:01	--------	d-----w-	c:\program files (x86)\MySQL
2015-04-28 18:57 . 2015-04-28 18:57	--------	d-----w-	c:\program files\MySQL
2015-04-23 05:05 . 2015-04-23 05:05	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-04-19 19:22 . 2015-04-19 19:22	--------	d-----w-	c:\users\RAHN_NEU\AppData\Local\Rellik_Software
2015-04-19 19:22 . 2015-04-19 19:22	--------	d-----w-	c:\users\RAHN_NEU\AppData\Roaming\EXIF Date Changer
2015-04-19 19:22 . 2015-04-19 19:22	--------	d-----w-	c:\program files (x86)\EXIF Date Changer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-18 22:21 . 2015-01-03 08:23	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-13 20:54 . 2014-03-12 21:59	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-10 18:52 . 2014-09-06 21:23	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2015-04-23 05:04 . 2015-02-21 10:13	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-15 13:13 . 2014-03-12 20:09	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 13:13 . 2014-03-12 20:09	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2015-01-03 08:23	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-01-03 08:23	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-03-23 18:03	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-25 03:24 . 2015-04-15 13:01	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 13:01	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 13:01	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 13:01	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 13:01	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 13:01	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 13:01	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 13:01	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 13:01	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 13:01	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 13:01	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 13:01	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 13:01	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 13:01	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 13:01	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 13:01	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-17 05:22 . 2015-04-15 13:01	5557696	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-15 13:01	1727904	----a-w-	c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 13:01	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 13:01	243712	----a-w-	c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 13:01	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 13:01	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 13:01	503808	----a-w-	c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 13:01	50176	----a-w-	c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 13:01	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 13:01	424448	----a-w-	c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 13:01	1163264	----a-w-	c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 13:01	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 13:01	112640	----a-w-	c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 13:01	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 13:01	338432	----a-w-	c:\windows\system32\conhost.exe
2015-03-17 05:11 . 2015-04-15 13:01	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 13:01	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-03-17 05:01 . 2015-04-15 13:01	3920824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-15 13:01	3976632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 04:59 . 2015-04-15 13:01	1309696	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 13:01	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 13:01	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-15 13:01	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 13:01	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 13:01	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 13:01	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-15 13:01	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 13:01	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 13:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
"ClocX"="c:\program files (x86)\ClocX\ClocX.exe" [2013-01-14 2090496]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 hyglvro;hyglvro;c:\windows\System32\drivers\ebqljbw.sys;c:\windows\SYSNATIVE\drivers\ebqljbw.sys [x]
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 13:13]
.
2015-05-19 c:\windows\Tasks\EPSON XP-610 Series Invitation {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-09-06 23:20]
.
2015-05-19 c:\windows\Tasks\EPSON XP-610 Series Update {E24B71F2-12BE-466D-89DD-F2D365ADC08C}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-09-06 23:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\RAHN_NEU\AppData\Roaming\Mozilla\Firefox\Profiles\ycyx4tgv.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-19  20:10:41
ComboFix-quarantined-files.txt  2015-05-19 18:10
.
Vor Suchlauf: 10 Verzeichnis(se), 33.760.096.256 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 33.492.738.048 Bytes frei
.
- - End Of File - - 0EE19D46EEDF0F8DBA323096E66CB51E
         
 
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Ich musste während Combofix lief einmal die Maus bewegen, weil der Bildschirmschoner angegangen ist. Ich hoffe, das verändert die Ergebnisse nicht.

Einen Neustart hat Combofix von mir nicht verlangt. Bitte Bescheid geben, wenn das hätte sein sollen.

Danke soweit! Ich bin ja gespannt, was das hier gefunden hat.


Alt 20.05.2015, 11:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Schaden durch DHL-Spam-Mail? - Standard

Win 7: Schaden durch DHL-Spam-Mail?


Passt alles


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
--> Win 7: Schaden durch DHL-Spam-Mail?

Antwort

Themen zu Win 7: Schaden durch DHL-Spam-Mail?
adobe, adware, browser, converter, defender, dhl-spam, ebanking, email, excel, firefox, flash player, ftp, google analytics, hal.dll, helper, homepage, mozilla, mp3, pdf-anhang, realtek, registry, scan, schutz, secur, security, software, svchost.exe, temp, udp, win7 64 bit, win7-64, windows


« Symantec-Meldung "NTOSKRNL.EXE", System bootet auch deutlich langsamer | Windows 7: Adware/Verdacht auf andere Schädlinge »


Ähnliche Themen: Win 7: Schaden durch DHL-Spam-Mail?


  1. Bitkom: 51 Milliarden Euro Schaden jährlich durch digitale Wirtschaftsspionage
    Nachrichten - 16.04.2015 (0)
  2. Spam-Mail als Teil einer abgeschlossenen E-Mail-Konversation!
    Überwachung, Datenschutz und Spam - 23.01.2015 (1)
  3. Android: ELSTER-Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (3)
  4. ELSTER Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Smartphone, Tablet & Handy Security - 23.09.2014 (5)
  5. Können heruntergeladene infizierte E-mail Anhänge dem System schaden, wenn sie nicht geöffnet wurden
    Plagegeister aller Art und deren Bekämpfung - 25.02.2014 (3)
  6. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  7. Verdacht auf Trojaner durch Spam Mail
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (3)
  8. Ominöse Mail (mit Trojaner) in meinem GMX-Spam-Mail-Ordner
    Überwachung, Datenschutz und Spam - 07.04.2013 (3)
  9. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  10. trojan-spy.html.fraud.gen in einer Mail gefunden, wie viel schaden kann das angerichtet haben
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  11. Spam-Mail von meiner web.de-E-Mail-Adresse an alle Kontakte gesendet
    Log-Analyse und Auswertung - 22.02.2012 (27)
  12. Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (18)
  13. SPAM-Mails durch eignen Mail-Account
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (13)
  14. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  15. Kann Laptop Schaden durch anderen PC mit gleicher Inetverbindung nehmen?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (3)
  16. Schaden durch Kido.IX reparierbar?: Bilder sind weg
    Plagegeister aller Art und deren Bekämpfung - 03.10.2009 (97)
  17. 120€ Schaden durch Dialer
    Plagegeister aller Art und deren Bekämpfung - 15.02.2003 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7: Schaden durch DHL-Spam-Mail? - Eine Spam-Mail vermeintlich vom "DHL Fachteam" mit Titel "Paket, Ihre Sendung ..." wurde durch ein Familienmitglied geöffnet (Win7-64, Thunderbird), bevor ich einschreiten konnte: - Text der Email: leer (habe ich - Win 7: Schaden durch DHL-Spam-Mail?...
Archiv
Du betrachtest: Win 7: Schaden durch DHL-Spam-Mail? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131