| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2015, 20:49
| #1 |
| |  Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Hallo, Ich habe blöderweise auf einen in einer gefälschten DHL Mail enthaltenen Link geklickt, der mich auf eine fremde Website geleitet hat. Habe halt eine Sekunde nicht aufgepasst und schon war es passiert. Nun weiß ich nicht, ob ich was eingefangen habe, oder ob Firefox die Elemente auf der fremden Site geblockt hat. Ich habe den Computer bisher nicht neu gebootet. Betriebssystem Win 7 32 bit Vielen Dank für Eure Hilfe! Hier das File von Farbars Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Marc (administrator) on C*** on 03-06-2015 21:03:58
Running from C:\Users\Marc\Desktop
Loaded Profiles: Marc & UpdatusUser (Available Profiles: Caroline *** & Marc & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\Rezip.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\avwebloader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\cleaner.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\avscan.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\MountPoints2: {a253fd9b-317b-11df-a1e6-806e6f6e6963} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\menu.hta
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1C0B4772-79CB-4791-9072-D4AFCB7A665F}: [NameServer] 132.252.3.10,132.252.1.7
FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default
FF Homepage: hxxp://www.hr-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll [2007-06-22] (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll [2007-06-22] (CambridgeSoft Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\windows\system32\npdeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Avira SafeSearch - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\safesearch@avira.com [2015-04-27]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [49152 2009-11-15] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-27] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [716800 2009-11-15] () [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [536576 2009-11-15] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R0 sfvfs02; C:\windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-27] (Avira GmbH)
R1 vflt; C:\windows\System32\DRIVERS\vfilter.sys [17408 2009-11-19] (Shrew Soft Inc)
S3 vnet; C:\windows\System32\DRIVERS\virtualnet.sys [9728 2009-11-19] (Shrew Soft Inc)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 21:02 - 2015-06-03 21:03 - 00038670 _____ C:\Users\Marc\Desktop\Addition.txt
2015-06-03 21:00 - 2015-06-03 21:04 - 00000000 ____D C:\FRST
2015-06-03 21:00 - 2015-06-03 21:03 - 00019608 _____ C:\Users\Marc\Desktop\FRST.txt
2015-06-03 20:59 - 2015-06-03 20:59 - 01147392 _____ (Farbar) C:\Users\Marc\Desktop\FRST.exe
2015-06-03 20:57 - 2015-06-03 20:58 - 00000470 _____ C:\Users\Marc\Desktop\defogger_disable.log
2015-06-03 20:57 - 2015-06-03 20:57 - 00000000 _____ C:\Users\Marc\defogger_reenable
2015-06-03 20:55 - 2015-06-03 20:56 - 00050477 _____ C:\Users\Marc\Desktop\Defogger.exe
2015-06-03 19:14 - 2015-06-03 19:14 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-02 20:02 - 2015-06-02 20:02 - 00000000 ____D C:\Users\Caroline ***\AppData\Local\GWX
2015-06-01 18:37 - 2015-06-01 18:37 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX
2015-05-25 20:39 - 2015-05-25 20:39 - 59517393 _____ C:\Users\Marc\Desktop\befragung-einer-8-realschulklasse-und-einer8-hauptschulkla-b98fhavqvrqd.zip
2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Thunderbird
2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Local\Thunderbird
2015-05-20 20:43 - 2015-05-20 20:43 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-05-20 20:43 - 2015-05-20 20:43 - 00002032 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-05-20 20:43 - 2015-05-20 20:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-05-20 20:39 - 2015-05-20 20:39 - 01196832 _____ C:\Users\Marc\Downloads\Thunderbird - CHIP-Installer.exe
2015-05-20 20:31 - 2015-05-20 20:32 - 28745048 _____ (Mozilla) C:\Users\Marc\Downloads\Thunderbird Setup 31.7.0.exe
2015-05-19 21:44 - 2015-05-19 21:44 - 00000000 ____D C:\windows\system32\IPM
2015-05-18 20:27 - 2015-06-03 18:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-16 15:10 - 2015-05-16 15:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Marc\Downloads\flashplayer17au_ha_install.exe
2015-05-15 23:21 - 2015-05-15 23:21 - 00001069 _____ C:\Users\Public\Desktop\MindManager Smart.lnk
2015-05-15 23:21 - 2015-05-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MindManager Smart
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D C:\Program Files\Mindjet
2015-05-15 21:32 - 2015-05-15 21:32 - 04387772 _____ C:\Users\Marc\Downloads\mmsm21-g-3.exe
2015-05-15 21:29 - 2015-05-15 21:29 - 01967210 _____ C:\Users\Marc\Desktop\JIM.pptx
2015-05-12 23:25 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:47 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 21:47 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 21:47 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 21:47 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 21:47 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 21:47 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 21:47 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 21:47 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 21:47 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 21:47 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 21:47 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 21:47 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 21:47 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 21:47 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 21:47 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 21:47 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 21:47 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 21:47 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:47 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 21:47 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:47 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 21:47 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 21:47 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 21:47 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 21:47 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 21:47 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 21:47 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 21:47 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 21:47 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 21:47 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 21:47 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 21:47 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 21:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 21:45 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-12 21:45 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 21:45 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:45 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 21:45 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 21:45 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 21:45 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 21:45 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 21:45 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 21:45 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 21:45 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 21:45 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 21:44 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 21:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 21:44 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 21:44 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 21:44 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 21:43 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 21:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 21:42 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 21:42 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 21:38 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 20:57 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc
2015-06-03 20:57 - 2013-07-27 21:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 20:25 - 2014-01-03 18:15 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 20:12 - 2014-01-03 18:15 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 19:14 - 2010-03-05 06:56 - 00000000 ____D C:\Program Files\Google
2015-06-03 18:39 - 2013-03-12 20:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 18:36 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-06-03 18:33 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-03 18:33 - 2009-07-14 06:39 - 00187073 _____ C:\windows\setupact.log
2015-06-02 22:11 - 2010-03-05 06:29 - 02081827 _____ C:\windows\WindowsUpdate.log
2015-06-02 20:03 - 2010-06-27 13:18 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\EndNote
2015-06-02 20:01 - 2010-06-25 20:31 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-31 19:08 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-05-31 11:51 - 2009-07-26 22:06 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-05-20 21:15 - 2015-04-04 23:03 - 00000000 ___SD C:\windows\system32\GWX
2015-05-20 19:53 - 2010-03-05 07:55 - 00982948 _____ C:\windows\PFRO.log
2015-05-16 15:11 - 2014-08-19 22:10 - 00000000 ____D C:\Users\Marc\AppData\Local\Adobe
2015-05-16 15:11 - 2013-07-27 21:54 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-16 15:11 - 2013-07-27 21:54 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 10:18 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2015-05-13 23:10 - 2010-03-06 00:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 22:40 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-05-13 19:59 - 2009-07-14 06:33 - 00425312 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-12 23:25 - 2010-06-25 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-12 23:22 - 2013-10-25 00:47 - 00000000 ____D C:\windows\system32\MRT
2015-05-12 23:15 - 2010-06-28 23:21 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 23:11 - 2013-07-27 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:11 - 2010-06-25 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-07 19:29 - 2013-07-27 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 19:27 - 2013-07-27 21:39 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-07 19:27 - 2013-07-27 21:39 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-07 19:27 - 2013-07-27 21:39 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
==================== Files in the root of some directories =======
2013-10-30 20:00 - 2014-06-29 10:02 - 0000155 _____ () C:\Users\Marc\AppData\Roaming\default.rss
2010-06-25 20:32 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-03-05 06:36 - 2010-03-05 06:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-03-05 06:35 - 2010-03-05 06:35 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-03-05 06:32 - 2010-03-05 06:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-05 06:36 - 2010-03-05 06:36 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-03-05 06:31 - 2010-03-05 06:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-05 06:33 - 2010-03-05 06:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Some files in TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\AskSLib.dll
C:\Users\Caroline\AppData\Local\Temp\avgnt.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Caroline\AppData\Local\Temp\tmp2184.exe
C:\Users\Caroline\AppData\Local\Temp\tmp421E.exe
C:\Users\Caroline\AppData\Local\Temp\tmp4568.exe
C:\Users\Caroline\AppData\Local\Temp\_is241.exe
C:\Users\Marc\AppData\Local\Temp\avgnt.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Marc\AppData\Local\Temp\_is476B.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 19:14
==================== End of log ============================
Geändert von Marc.223 (03.06.2015 um 21:01 Uhr) |
|
03.06.2015, 20:59
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... HI,
__________________Addition.txt fehlt noch 
__________________ |
|
03.06.2015, 21:04
| #3 |
| | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Sorry, Hier kommt es:
__________________[CODE] FRST Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Marc at 2015-06-03 21:05:05
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2339853823-2107313754-116825072-500 - Administrator - Disabled)
Caroline *** (S-1-5-21-2339853823-2107313754-116825072-1000 - Administrator - Enabled) => C:\Users\Caroline ***
Gast (S-1-5-21-2339853823-2107313754-116825072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2339853823-2107313754-116825072-1002 - Limited - Enabled)
Marc (S-1-5-21-2339853823-2107313754-116825072-1006 - Administrator - Enabled) => C:\Users\Marc
UpdatusUser (S-1-5-21-2339853823-2107313754-116825072-1007 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Brother MFL-Pro Suite MFC-J625DW (HKLM\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
CambridgeSoft ChemBioOffice Ultra 2008 (HKLM\...\InstallShield_{259A1B71-CA82-4A92-8178-A7FFF58E9853}) (Version: 11.0 - CambridgeSoft Corporation)
CambridgeSoft ChemBioOffice Ultra 2008 (Version: 11.0 - CambridgeSoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy Utility (HKLM\...\Copy Utility) (Version: - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623p) (Version: 13.2.0.8623p - Landesfinanzdirektion Thüringen)
EndNote X1 (HKLM\...\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}) (Version: 11.0.0.2571 - Thomson ResearchSoft)
Eudora (HKLM\...\{578172E1-A9E0-4396-A4CC-CA899D876553}) (Version: 7.0 - )
Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1003 - Intel Corporation)
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: - )
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MindManager Smart (HKLM\...\MindManager Smart) (Version: 2.1.3 - Mindjet LLC)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NAVIGON Fresh 3.2.0 (HKLM\...\NAVIGON Fresh) (Version: 3.2.0 - NAVIGON)
Nero 9 (HKLM\...\{71ee24fa-ba3c-4c03-ae49-48b59428bc5a}) (Version: - Nero AG)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: 1.00.999 - Ubisoft)
Prince of Persia The Sands of Time (HKLM\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Prince of Persia The Two Thrones (Version: 1.00.999 - Ubisoft) Hidden
Prince of Persia Warrior Within (HKLM\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM\...\{0A353130-D22C-41DD-8C67-1B02A05F2CE0}) (Version: 1.1.0 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (Version: - ) Hidden
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Urban Chaos (HKLM\...\Urban Chaos) (Version: - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2339853823-2107313754-116825072-1006_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Marc\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
==================== Restore Points =========================
20-05-2015 21:15:06 Windows Update
26-05-2015 16:17:09 Windows Update
29-05-2015 19:49:23 Windows Update
02-06-2015 19:22:27 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E2DBF9-F794-4F4D-916B-4FF56B1D6ACD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0749876F-C8DA-469E-B4C9-260EFFD90482} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {1B86C506-262B-429B-8D50-80E18E2532FA} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {1DBA0153-A7D5-4A09-B3B2-AAD2C33C64EE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {25B852AF-0F08-417D-A112-DD474B4238F8} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {2698F583-8292-4842-ACE0-263676E8B628} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3852EB95-4A78-4D0A-A9D4-78AEACD434C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.)
Task: {568DB946-276D-43C4-98F6-04A05FC7ECB3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2339853823-2107313754-116825072-1006
Task: {5E031ED4-9050-43E9-ACB7-6E8AC800AB5C} - System32\Tasks\{C16C7085-5259-43C5-84A0-E69126983961} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {6378EDF5-B3D1-4A49-A0C8-B161AED57A67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {780D0A95-31DA-41FE-81A0-BFBFF223F0EF} - System32\Tasks\{ACA5797F-A02B-4315-80FD-C636E50C338E} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {847E484E-484F-49A1-9C1F-F8D4B9301960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {85432527-CE8D-4EEF-A10F-D3CFF47DF566} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {A262B463-C260-4781-909F-C756859A9E66} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {A4088ABB-4A51-4008-B82E-7E49EAB1B531} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-16] (Adobe Systems Incorporated)
Task: {A4CF8FB5-D95D-47F1-8457-7B5D31CE027F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4ACCC81-8EFF-48D3-9CC7-B84D9A67C44D} - System32\Tasks\{86865023-9624-403A-8626-6827FA7E0FC7} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {C5916ECB-44E9-4E86-8AD0-645EA556D6B1} - System32\Tasks\{3CDADD87-17EC-4F5B-ADE5-ECB7F14BFF3B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {C653CBBB-78D5-46AA-B7BA-99E64B7FF124} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {CA9D89EC-8546-49D6-9401-DAFAD8F6FBA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.)
Task: {CC9DF44D-CBB5-4AE5-8A89-DEDA5CF44EF5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {CEEA1937-5644-4F73-ACCF-F96476C92D0D} - System32\Tasks\{3CECFE6E-F5D3-4756-BB85-59ABE1046913} => pcalua.exe -a E:\Patch_Game\Install2.exe -d E:\Patch_Game
Task: {CFEE7800-B862-4E0C-AA77-CB0A1DA9D9DC} - System32\Tasks\{84D974F3-995F-4877-947B-0C0F97385E3C} => pcalua.exe -a "C:\Users\Caroline ***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KRVRDUZ\JavaSetup6u22[2].exe" -d "C:\Users\Caroline ***\Desktop"
Task: {D907D439-A03E-4D08-B861-C10484AFFAE1} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {EF9115D0-BEDA-4C44-B7B0-2A3D790C31D8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-11-18 21:34 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-11-15 20:31 - 2009-11-15 20:31 - 00049152 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00019968 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00011264 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00015360 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00102400 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00025088 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2009-11-15 20:25 - 2009-11-15 20:25 - 00016384 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2009-11-15 20:29 - 2009-11-15 20:29 - 00716800 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00025600 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00026112 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2009-11-15 20:26 - 2009-11-15 20:26 - 00536576 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2010-03-05 06:29 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2010-03-05 06:34 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-03-05 06:38 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-07-27 22:17 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-10-27 17:54 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-10-30 00:01 - 2013-09-05 11:59 - 00023784 _____ () C:\Users\Marc\AppData\Local\Temp\cleaner\rcNwLoad_de.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Marc\AppData\Roaming\default.rss:OECustomProperty
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{50AD84C6-CB9F-4960-975D-204E09E70424}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{73A89CE8-C770-4A9C-AA94-515609E7CA3D}] => (Allow) C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{6528E41A-0AFF-4D0C-9924-6B475AFD85BC}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{946287B3-DD28-45DB-9D84-E1117E1130E7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F29FACAB-A5EC-495E-BBCC-21A7C1E133AE}] => (Allow) svchost.exe
FirewallRules: [{427ECCEB-8DE8-4203-8D80-40333E6293BF}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{4865749E-7B8D-4CFC-9F91-FCAEACDA5401}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{60BC5F66-26E8-4C1C-9AFC-E6AFB692D357}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{0EAE4CE7-9C9F-43B0-9602-49B1B177D048}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{D64BA38D-9733-49ED-A0EB-D8C3C12702ED}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{196EDCA6-83C8-457B-B4AA-AF07514FF7E4}C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe
FirewallRules: [UDP Query User{95A21D70-4CA0-4097-8A0E-585EFE8C2889}C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe
FirewallRules: [{3B14570E-FD92-4663-A48A-B8CD39EF671B}] => (Allow) C:\Program Files\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{58D59B8C-BC4B-4ECD-9C29-C80D00CD8F86}] => (Allow) C:\Program Files\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{FDFE41B5-D570-4962-9F30-306364F4B6FC}] => (Allow) LPort=54925
FirewallRules: [{8E14E87C-645B-48FE-9550-A1783F046C5A}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2956DE90-2D4A-417B-AC1A-83AE7963D721}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B301959E-FCB6-49DF-BE5A-DE2AED81EA91}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1B414D3A-BE4F-44E9-ACF7-DBE8F77797D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{03B4E052-4F50-4C3D-8F89-FC9EEC1BB1FA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{92176855-11AF-4EB3-8E21-6C973844A039}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{096BE2EB-5976-4125-B2CE-3AF451B1DC6A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{128A0223-06FF-4824-8EFF-EAFA899FCFEF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/03/2015 07:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/03/2015 07:16:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/03/2015 07:16:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/03/2015 06:35:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:35:22.771]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/03/2015 06:34:47 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:34:47.546]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/03/2015 06:34:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:34:12.321]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/03/2015 06:33:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:33:37.096]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/02/2015 10:11:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:11:01.238]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/02/2015 10:10:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:10:26.019]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
Error: (06/02/2015 10:09:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:09:50.909]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error
System errors:
=============
Error: (06/03/2015 06:33:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/03/2015 06:33:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfsync02
Error: (06/03/2015 06:33:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (06/03/2015 06:32:45 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.
Error: (06/02/2015 07:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/02/2015 07:16:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfsync02
Error: (06/02/2015 07:15:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (06/02/2015 07:15:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/02/2015 07:15:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (06/02/2015 07:14:31 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.
Microsoft Office:
=========================
Error: (12/17/2014 08:14:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 204 seconds with 120 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-03-12 20:09:04.537
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-12 19:49:13.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-12 19:38:26.037
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-12 19:26:56.650
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-10 20:51:30.821
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-10 20:44:02.406
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-08 21:09:44.423
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-08 20:16:25.674
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-02 18:37:47.258
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-10 12:00:54.346
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 51%
Total physical RAM: 3060.55 MB
Available physical RAM: 1469.62 MB
Total Pagefile: 6119.41 MB
Available Pagefile: 4195.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:101.88 GB) (Free:22.78 GB) NTFS
Drive d: () (Fixed) (Total:181.12 GB) (Free:17.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B0FD1CB0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=181.1 GB) - (Type=07 NTFS)
==================== End of log ============================
Und hier das LOG von Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:57 on 03/06/2015 (Marc)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-03 21:27:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Marc\AppData\Local\Temp\pflcapow.sys
---- System - GMER 2.1 ----
SSDT 920E8F66 ZwCreateSection
SSDT 920E8F3E ZwCreateSymbolicLinkObject
SSDT 920E8F43 ZwLoadDriver
SSDT 920E8F39 ZwOpenSection
SSDT 920E8F70 ZwRequestWaitReplyPort
SSDT 920E8F6B ZwSetContextThread
SSDT 920E8F75 ZwSetSecurityObject
SSDT 920E8F48 ZwSetSystemInformation
SSDT 920E8F7A ZwSystemDebugControl
SSDT 920E8F07 ZwTerminateProcess
SSDT 920E8F02 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestPort + 14AD 83859BB5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83893B92 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8389B0BC 4 Bytes [66, 8F, 0E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 8389B0C4 4 Bytes [3E, 8F, 0E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 8389B1D8 4 Bytes [43, 8F, 0E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 8389B274 4 Bytes [39, 8F, 0E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 8389B418 4 Bytes [70, 8F, 0E, 92] {JO 0xffffff91; PUSH CS; XCHG EDX, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtCreateFile 76F75620 5 Bytes JMP 543D0BCB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtFlushBuffersFile 76F759B0 5 Bytes JMP 543D0916 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtQueryFullAttributesFile 76F76040 5 Bytes JMP 543D0A43 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtReadFile 76F76310 5 Bytes JMP 543D0950 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtReadFileScatter 76F76320 5 Bytes JMP 546E9BCE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtWriteFile 76F76AC0 5 Bytes JMP 543D0D6F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtWriteFileGather 76F76AD0 5 Bytes JMP 546E9C1E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!LdrLoadDll 76F924C6 5 Bytes JMP 6F6F921C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76E994E6 7 Bytes JMP 546D5622 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!QueryPerformanceCounter + 13 76E9C4E5 7 Bytes JMP 546D6DFA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!LoadAppInitDlls + 355 76E9F5A6 7 Bytes JMP 54476358 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] USER32.dll!GetWindowInfo 75464B5E 5 Bytes JMP 550E8E4A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4160] GDI32.dll!GetViewportOrgEx + 26C 7708884B 7 Bytes JMP 546D3E16 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@94F30138 2494
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Marc.223 (03.06.2015 um 21:58 Uhr) |
|
04.06.2015, 11:15
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2015, 12:55
| #5 |
| | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Hallo, erstmal vielen Dank für deine schnellen Rückmeldungen! Ich habe ein Problem beim scannen mit Malwarebytes... Der Scan startet und wird auch bis zum Ende durchgeführt. Dann erscheint eine Fehlermeldung "An Error occured" und das Programm reagiert nicht mehr und wird beendet. Es wird auch kein Log-File erstellt. Ich komme nicht bis zum Clean-up! TDSSKiller habe ich durchgeführt, ohne etwas zu finden: Hier der Report: Code:
ATTFilter 13:42:26.0048 0x06d4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:42:31.0940 0x06d4 ============================================================
13:42:31.0940 0x06d4 Current date / time: 2015/06/04 13:42:31.0940
13:42:31.0940 0x06d4 SystemInfo:
13:42:31.0940 0x06d4
13:42:31.0940 0x06d4 OS Version: 6.1.7601 ServicePack: 1.0
13:42:31.0940 0x06d4 Product type: Workstation
13:42:31.0940 0x06d4 ComputerName: C***
13:42:31.0941 0x06d4 UserName: Marc
13:42:31.0941 0x06d4 Windows directory: C:\windows
13:42:31.0941 0x06d4 System windows directory: C:\windows
13:42:31.0941 0x06d4 Processor architecture: Intel x86
13:42:31.0941 0x06d4 Number of processors: 4
13:42:31.0941 0x06d4 Page size: 0x1000
13:42:31.0941 0x06d4 Boot type: Normal boot
13:42:31.0941 0x06d4 ============================================================
13:42:32.0287 0x06d4 KLMD registered as C:\windows\system32\drivers\71901026.sys
13:42:32.0590 0x06d4 System UUID: {5EB7D5DB-5B9C-9A43-66A4-67E9DC50BE1A}
13:42:33.0349 0x06d4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:42:33.0414 0x06d4 ============================================================
13:42:33.0414 0x06d4 \Device\Harddisk0\DR0:
13:42:33.0444 0x06d4 MBR partitions:
13:42:33.0444 0x06d4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
13:42:33.0444 0x06d4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xCBC0800
13:42:33.0444 0x06d4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE9F3000, BlocksNum 0x16A3B000
13:42:33.0444 0x06d4 ============================================================
13:42:33.0576 0x06d4 C: <-> \Device\Harddisk0\DR0\Partition2
13:42:33.0687 0x06d4 D: <-> \Device\Harddisk0\DR0\Partition3
13:42:33.0718 0x06d4 ============================================================
13:42:33.0718 0x06d4 Initialize success
13:42:33.0718 0x06d4 ============================================================
13:44:11.0203 0x1668 ============================================================
13:44:11.0203 0x1668 Scan started
13:44:11.0203 0x1668 Mode: Manual; SigCheck; TDLFS;
13:44:11.0203 0x1668 ============================================================
13:44:11.0203 0x1668 KSN ping started
13:44:25.0040 0x1668 KSN ping finished: true
13:44:25.0758 0x1668 ================ Scan system memory ========================
13:44:25.0758 0x1668 System memory - ok
13:44:25.0758 0x1668 ================ Scan services =============================
13:44:25.0976 0x1668 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:44:26.0148 0x1668 1394ohci - ok
13:44:26.0226 0x1668 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\windows\system32\drivers\ACPI.sys
13:44:26.0257 0x1668 ACPI - ok
13:44:26.0273 0x1668 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:44:26.0366 0x1668 AcpiPmi - ok
13:44:26.0507 0x1668 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:26.0538 0x1668 AdobeARMservice - ok
13:44:26.0616 0x1668 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:26.0663 0x1668 AdobeFlashPlayerUpdateSvc - ok
13:44:26.0725 0x1668 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:44:26.0756 0x1668 adp94xx - ok
13:44:26.0772 0x1668 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:44:26.0787 0x1668 adpahci - ok
13:44:26.0819 0x1668 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:44:26.0834 0x1668 adpu320 - ok
13:44:26.0865 0x1668 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:44:26.0928 0x1668 AeLookupSvc - ok
13:44:27.0006 0x1668 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\windows\system32\drivers\afd.sys
13:44:27.0068 0x1668 AFD - ok
13:44:27.0099 0x1668 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\windows\system32\drivers\agp440.sys
13:44:27.0131 0x1668 agp440 - ok
13:44:27.0193 0x1668 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
13:44:27.0224 0x1668 aic78xx - ok
13:44:27.0255 0x1668 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\windows\System32\alg.exe
13:44:27.0318 0x1668 ALG - ok
13:44:27.0349 0x1668 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\windows\system32\drivers\aliide.sys
13:44:27.0365 0x1668 aliide - ok
13:44:27.0380 0x1668 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\windows\system32\drivers\amdagp.sys
13:44:27.0396 0x1668 amdagp - ok
13:44:27.0427 0x1668 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\windows\system32\drivers\amdide.sys
13:44:27.0427 0x1668 amdide - ok
13:44:27.0458 0x1668 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:44:27.0505 0x1668 AmdK8 - ok
13:44:27.0521 0x1668 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:44:27.0536 0x1668 AmdPPM - ok
13:44:27.0583 0x1668 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:44:27.0614 0x1668 amdsata - ok
13:44:27.0630 0x1668 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:44:27.0661 0x1668 amdsbs - ok
13:44:27.0677 0x1668 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:44:27.0677 0x1668 amdxata - ok
13:44:27.0864 0x1668 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
13:44:27.0895 0x1668 AntiVirMailService - ok
13:44:28.0004 0x1668 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:44:28.0035 0x1668 AntiVirSchedulerService - ok
13:44:28.0129 0x1668 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:44:28.0160 0x1668 AntiVirService - ok
13:44:28.0238 0x1668 [ 266C0506DF8BA3990E12885E64EE4420, 60995CFE54B8594179BEAB06C4498CBF997B0C85147E5DD747CE238C89F6979D ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:44:28.0285 0x1668 AntiVirWebService - ok
13:44:28.0394 0x1668 [ 2BB7E9A887F26CDB5C19C76636E85394, 21E22E750DA3682511D1DD906414D7C74B63BAAF8BB9694393465B396201BB4F ] APNMCP C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
13:44:28.0425 0x1668 APNMCP - ok
13:44:28.0457 0x1668 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\windows\system32\drivers\appid.sys
13:44:28.0503 0x1668 AppID - ok
13:44:28.0550 0x1668 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\windows\System32\appidsvc.dll
13:44:28.0581 0x1668 AppIDSvc - ok
13:44:28.0613 0x1668 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\windows\System32\appinfo.dll
13:44:28.0659 0x1668 Appinfo - ok
13:44:28.0691 0x1668 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\windows\system32\DRIVERS\arc.sys
13:44:28.0722 0x1668 arc - ok
13:44:28.0753 0x1668 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:44:28.0769 0x1668 arcsas - ok
13:44:28.0893 0x1668 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:44:28.0925 0x1668 aspnet_state - ok
13:44:28.0956 0x1668 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:44:29.0081 0x1668 AsyncMac - ok
13:44:29.0143 0x1668 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\windows\system32\drivers\atapi.sys
13:44:29.0174 0x1668 atapi - ok
13:44:29.0361 0x1668 [ 49F17A2E79469BE6581D491706720671, C6D1497847286A0C63779B27F730526235250D2113B4BED66AF630DC1CF22527 ] athr C:\windows\system32\DRIVERS\athr.sys
13:44:29.0564 0x1668 athr - ok
13:44:29.0658 0x1668 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:44:29.0705 0x1668 AudioEndpointBuilder - ok
13:44:29.0720 0x1668 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\windows\System32\Audiosrv.dll
13:44:29.0751 0x1668 Audiosrv - ok
13:44:29.0751 0x1668 AVFSFilter - ok
13:44:29.0829 0x1668 [ EC17E91BC9026C5ED580FB2B13E341AB, 2D9421AE05F3D4A8DBD69D73B4B562EA4F93FBD12AB2F77C52DA8B411626EBF1 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
13:44:29.0876 0x1668 avgntflt - ok
13:44:29.0923 0x1668 [ 7BAA36ED6C6098899D9E1269A61085C3, 2D101F1C6C79B0BD722BDB5939344F65728EC2F5B747B6619640775E6FDEFC0A ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
13:44:29.0939 0x1668 avipbb - ok
13:44:30.0048 0x1668 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
13:44:30.0079 0x1668 Avira.OE.ServiceHost - ok
13:44:30.0110 0x1668 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
13:44:30.0126 0x1668 avkmgr - ok
13:44:30.0173 0x1668 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\windows\System32\AxInstSV.dll
13:44:30.0375 0x1668 AxInstSV - ok
13:44:30.0438 0x1668 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
13:44:30.0500 0x1668 b06bdrv - ok
13:44:30.0578 0x1668 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
13:44:30.0641 0x1668 b57nd60x - ok
13:44:30.0750 0x1668 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\windows\System32\bdesvc.dll
13:44:30.0828 0x1668 BDESVC - ok
13:44:30.0875 0x1668 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\windows\system32\drivers\Beep.sys
13:44:30.0921 0x1668 Beep - ok
13:44:31.0093 0x1668 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\windows\System32\bfe.dll
13:44:31.0187 0x1668 BFE - ok
13:44:31.0265 0x1668 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\windows\System32\qmgr.dll
13:44:31.0421 0x1668 BITS - ok
13:44:31.0452 0x1668 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:44:31.0467 0x1668 blbdrive - ok
13:44:31.0514 0x1668 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:44:31.0561 0x1668 bowser - ok
13:44:31.0577 0x1668 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:44:31.0639 0x1668 BrFiltLo - ok
13:44:31.0655 0x1668 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:44:31.0686 0x1668 BrFiltUp - ok
13:44:31.0717 0x1668 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\windows\System32\browser.dll
13:44:31.0779 0x1668 Browser - ok
13:44:31.0873 0x1668 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:44:32.0045 0x1668 Brserid - ok
13:44:32.0091 0x1668 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:44:32.0201 0x1668 BrSerWdm - ok
13:44:32.0216 0x1668 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:44:32.0279 0x1668 BrUsbMdm - ok
13:44:32.0310 0x1668 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:44:32.0357 0x1668 BrUsbSer - ok
13:44:32.0606 0x1668 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
13:44:32.0684 0x1668 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:44:35.0367 0x1668 Detect skipped due to KSN trusted
13:44:35.0367 0x1668 BrYNSvc - ok
13:44:35.0445 0x1668 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:44:35.0477 0x1668 BthEnum - ok
13:44:35.0586 0x1668 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:44:35.0617 0x1668 BTHMODEM - ok
13:44:35.0648 0x1668 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:44:35.0679 0x1668 BthPan - ok
13:44:35.0792 0x1668 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
13:44:35.0837 0x1668 BTHPORT - ok
13:44:35.0877 0x1668 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\windows\system32\bthserv.dll
13:44:35.0967 0x1668 bthserv - ok
13:44:35.0997 0x1668 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
13:44:36.0027 0x1668 BTHUSB - ok
13:44:36.0067 0x1668 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:44:36.0117 0x1668 cdfs - ok
13:44:36.0187 0x1668 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\windows\system32\drivers\cdrom.sys
13:44:36.0237 0x1668 cdrom - ok
13:44:36.0287 0x1668 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\windows\System32\certprop.dll
13:44:36.0348 0x1668 CertPropSvc - ok
13:44:36.0379 0x1668 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:44:36.0395 0x1668 circlass - ok
13:44:36.0441 0x1668 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\windows\system32\CLFS.sys
13:44:36.0473 0x1668 CLFS - ok
13:44:36.0535 0x1668 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:36.0582 0x1668 clr_optimization_v2.0.50727_32 - ok
13:44:36.0629 0x1668 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:36.0644 0x1668 clr_optimization_v4.0.30319_32 - ok
13:44:36.0675 0x1668 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:44:36.0707 0x1668 CmBatt - ok
13:44:36.0753 0x1668 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\windows\system32\drivers\cmdide.sys
13:44:36.0769 0x1668 cmdide - ok
13:44:36.0816 0x1668 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\windows\system32\Drivers\cng.sys
13:44:36.0847 0x1668 CNG - ok
13:44:36.0878 0x1668 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:44:36.0894 0x1668 Compbatt - ok
13:44:36.0987 0x1668 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:44:37.0050 0x1668 CompositeBus - ok
13:44:37.0112 0x1668 COMSysApp - ok
13:44:37.0128 0x1668 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:44:37.0159 0x1668 crcdisk - ok
13:44:37.0253 0x1668 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:44:37.0284 0x1668 CryptSvc - ok
13:44:37.0409 0x1668 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\windows\system32\rpcss.dll
13:44:37.0502 0x1668 DcomLaunch - ok
13:44:37.0611 0x1668 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\windows\System32\defragsvc.dll
13:44:37.0689 0x1668 defragsvc - ok
13:44:37.0767 0x1668 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:44:37.0845 0x1668 DfsC - ok
13:44:37.0970 0x1668 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\windows\system32\dhcpcore.dll
13:44:38.0064 0x1668 Dhcp - ok
13:44:38.0251 0x1668 [ E95DE5B790B2D16706DAC8472E51F31A, 9D7A72742D369B9F0E4ACEC9C1850D0D60E975AEBEFF5BA06B954EA3AB3E9FF6 ] DiagTrack C:\windows\system32\diagtrack.dll
13:44:38.0360 0x1668 DiagTrack - ok
13:44:38.0407 0x1668 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\windows\system32\drivers\discache.sys
13:44:38.0469 0x1668 discache - ok
13:44:38.0579 0x1668 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\windows\system32\DRIVERS\disk.sys
13:44:40.0497 0x1668 Disk - ok
13:44:40.0575 0x1668 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\windows\System32\dnsrslvr.dll
13:44:40.0778 0x1668 Dnscache - ok
13:44:40.0887 0x1668 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\windows\System32\dot3svc.dll
13:44:41.0043 0x1668 dot3svc - ok
13:44:41.0168 0x1668 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\windows\system32\dps.dll
13:44:41.0277 0x1668 DPS - ok
13:44:41.0371 0x1668 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:44:41.0558 0x1668 drmkaud - ok
13:44:41.0683 0x1668 dtpd - ok
13:44:41.0948 0x1668 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:44:42.0089 0x1668 DXGKrnl - ok
13:44:42.0229 0x1668 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\windows\System32\eapsvc.dll
13:44:42.0385 0x1668 EapHost - ok
13:44:42.0775 0x1668 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
13:44:43.0212 0x1668 ebdrv - ok
13:44:43.0243 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] EFS C:\windows\System32\lsass.exe
13:44:43.0337 0x1668 EFS - ok
13:44:43.0508 0x1668 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:44:43.0758 0x1668 ehRecvr - ok
13:44:43.0805 0x1668 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\windows\ehome\ehsched.exe
13:44:43.0914 0x1668 ehSched - ok
13:44:43.0976 0x1668 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:44:44.0039 0x1668 elxstor - ok
13:44:44.0117 0x1668 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\windows\system32\drivers\errdev.sys
13:44:44.0273 0x1668 ErrDev - ok
13:44:44.0335 0x1668 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\windows\system32\es.dll
13:44:44.0397 0x1668 EventSystem - ok
13:44:44.0507 0x1668 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\windows\system32\drivers\exfat.sys
13:44:44.0600 0x1668 exfat - ok
13:44:44.0631 0x1668 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\windows\system32\drivers\fastfat.sys
13:44:44.0709 0x1668 fastfat - ok
13:44:44.0787 0x1668 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\windows\system32\fxssvc.exe
13:44:44.0943 0x1668 Fax - ok
13:44:44.0990 0x1668 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:44:45.0037 0x1668 fdc - ok
13:44:45.0084 0x1668 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\windows\system32\fdPHost.dll
13:44:45.0146 0x1668 fdPHost - ok
13:44:45.0177 0x1668 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\windows\system32\fdrespub.dll
13:44:45.0255 0x1668 FDResPub - ok
13:44:45.0287 0x1668 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:44:45.0333 0x1668 FileInfo - ok
13:44:45.0333 0x1668 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:44:45.0411 0x1668 Filetrace - ok
13:44:45.0599 0x1668 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:44:45.0786 0x1668 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
13:44:48.0469 0x1668 Detect skipped due to KSN trusted
13:44:48.0469 0x1668 FLEXnet Licensing Service - ok
13:44:48.0516 0x1668 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:44:48.0609 0x1668 flpydisk - ok
13:44:48.0641 0x1668 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:44:48.0687 0x1668 FltMgr - ok
13:44:48.0797 0x1668 [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache C:\windows\system32\FntCache.dll
13:44:48.0937 0x1668 FontCache - ok
13:44:48.0999 0x1668 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:44:49.0046 0x1668 FontCache3.0.0.0 - ok
13:44:49.0093 0x1668 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:44:49.0155 0x1668 FsDepends - ok
13:44:49.0187 0x1668 [ B74B0578FD1D3F897E95F2A2B69EA051, 64FCA8452CB37D55679AC8BEF221D6BA1D91E50680D37FFCFB81619ADAA5889C ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
13:44:49.0249 0x1668 fssfltr - ok
13:44:49.0327 0x1668 [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:44:49.0405 0x1668 fsssvc - ok
13:44:49.0452 0x1668 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:44:49.0483 0x1668 Fs_Rec - ok
13:44:49.0545 0x1668 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:44:49.0655 0x1668 fvevol - ok
13:44:49.0686 0x1668 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:44:49.0748 0x1668 gagp30kx - ok
13:44:49.0889 0x1668 [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:44:49.0904 0x1668 Garmin Core Update Service - ok
13:44:49.0951 0x1668 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\windows\System32\gpsvc.dll
13:44:50.0076 0x1668 gpsvc - ok
13:44:50.0201 0x1668 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:50.0232 0x1668 gupdate - ok
13:44:50.0263 0x1668 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:50.0294 0x1668 gupdatem - ok
13:44:50.0310 0x1668 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:44:50.0403 0x1668 hcw85cir - ok
13:44:50.0513 0x1668 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:44:50.0669 0x1668 HdAudAddService - ok
13:44:50.0700 0x1668 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:44:50.0747 0x1668 HDAudBus - ok
13:44:50.0778 0x1668 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:44:50.0809 0x1668 HidBatt - ok
13:44:50.0825 0x1668 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:44:50.0903 0x1668 HidBth - ok
13:44:50.0934 0x1668 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:44:51.0012 0x1668 HidIr - ok
13:44:51.0027 0x1668 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\windows\system32\hidserv.dll
13:44:51.0121 0x1668 hidserv - ok
13:44:51.0168 0x1668 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:44:51.0277 0x1668 HidUsb - ok
13:44:51.0308 0x1668 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\windows\system32\kmsvc.dll
13:44:51.0417 0x1668 hkmsvc - ok
13:44:51.0449 0x1668 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:44:51.0527 0x1668 HomeGroupListener - ok
13:44:51.0573 0x1668 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:44:51.0667 0x1668 HomeGroupProvider - ok
13:44:51.0714 0x1668 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:44:51.0776 0x1668 HpSAMD - ok
13:44:51.0854 0x1668 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\windows\system32\drivers\HTTP.sys
13:44:51.0979 0x1668 HTTP - ok
13:44:52.0010 0x1668 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:44:52.0073 0x1668 hwpolicy - ok
13:44:52.0119 0x1668 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:44:52.0197 0x1668 i8042prt - ok
13:44:52.0260 0x1668 [ EDF5ECC965FAAA533D35E02F47B9132E, 09CF93344C399A5F3C3984557EE09A70072727579D3EFEE5D442940D679CF35A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:44:52.0291 0x1668 iaStor - ok
13:44:52.0369 0x1668 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:44:52.0447 0x1668 iaStorV - ok
13:44:52.0541 0x1668 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:44:52.0619 0x1668 idsvc - ok
13:44:52.0650 0x1668 IEEtwCollectorService - ok
13:44:52.0899 0x1668 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
13:44:53.0227 0x1668 igfx - ok
13:44:53.0289 0x1668 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:44:53.0352 0x1668 iirsp - ok
13:44:53.0352 0x1668 iked - ok
13:44:53.0430 0x1668 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\windows\System32\ikeext.dll
13:44:53.0523 0x1668 IKEEXT - ok
13:44:53.0601 0x1668 [ 4A31216A5E97D46EE06069D9E06428FA, 90DA208F12EBB12324B62A982F077447A31A696612C36CB65488B9F342299D4B ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
13:44:53.0711 0x1668 Impcd - ok
13:44:53.0882 0x1668 [ 96282FBCE4534C9BF147CFFE9E1FA8DB, 91801002545FFF336A46A6D8B365491D2A21DD561DC8C7FA1EF6A1D9CFE1893C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:44:54.0038 0x1668 IntcAzAudAddService - ok
13:44:54.0085 0x1668 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\windows\system32\drivers\intelide.sys
13:44:54.0147 0x1668 intelide - ok
13:44:54.0210 0x1668 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:44:54.0288 0x1668 intelppm - ok
13:44:54.0319 0x1668 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:44:54.0428 0x1668 IPBusEnum - ok
13:44:54.0459 0x1668 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:44:54.0553 0x1668 IpFilterDriver - ok
13:44:54.0631 0x1668 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:44:54.0709 0x1668 iphlpsvc - ok
13:44:54.0740 0x1668 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:44:54.0787 0x1668 IPMIDRV - ok
13:44:54.0818 0x1668 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:44:54.0912 0x1668 IPNAT - ok
13:44:54.0912 0x1668 ipsecd - ok
13:44:54.0943 0x1668 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\windows\system32\drivers\irenum.sys
13:44:55.0068 0x1668 IRENUM - ok
13:44:55.0083 0x1668 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\windows\system32\drivers\isapnp.sys
13:44:55.0146 0x1668 isapnp - ok
13:44:55.0177 0x1668 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:44:55.0224 0x1668 iScsiPrt - ok
13:44:55.0271 0x1668 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:44:55.0333 0x1668 kbdclass - ok
13:44:55.0395 0x1668 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:44:55.0458 0x1668 kbdhid - ok
13:44:55.0489 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] KeyIso C:\windows\system32\lsass.exe
13:44:55.0505 0x1668 KeyIso - ok
13:44:55.0551 0x1668 [ 6DD2A1064DD8AFBED22E71176E2AF59B, 915F36860DAA72DA89E906A7F6F255A854A2A91EEA536A7C2EDB4A63250F66CC ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:44:55.0629 0x1668 KSecDD - ok
13:44:55.0645 0x1668 [ 76C0D35167B1369C68388FEDB56A3048, 2788962AB21DBB0A4D130AE5F822E9FDB96D7FF6320E2798714BF18BCB9CAE4F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:44:55.0692 0x1668 KSecPkg - ok
13:44:55.0739 0x1668 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\windows\system32\msdtckrm.dll
13:44:55.0817 0x1668 KtmRm - ok
13:44:55.0848 0x1668 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\windows\system32\srvsvc.dll
13:44:55.0941 0x1668 LanmanServer - ok
13:44:55.0957 0x1668 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:44:56.0035 0x1668 LanmanWorkstation - ok
13:44:56.0097 0x1668 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:44:56.0175 0x1668 lltdio - ok
13:44:56.0207 0x1668 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:44:56.0285 0x1668 lltdsvc - ok
13:44:56.0300 0x1668 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\windows\System32\lmhsvc.dll
13:44:56.0409 0x1668 lmhosts - ok
13:44:56.0441 0x1668 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:44:56.0503 0x1668 LSI_FC - ok
13:44:56.0534 0x1668 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:44:56.0612 0x1668 LSI_SAS - ok
13:44:56.0628 0x1668 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:44:56.0659 0x1668 LSI_SAS2 - ok
13:44:56.0675 0x1668 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:44:56.0721 0x1668 LSI_SCSI - ok
13:44:56.0753 0x1668 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\windows\system32\drivers\luafv.sys
13:44:56.0862 0x1668 luafv - ok
13:44:56.0940 0x1668 [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
13:44:57.0018 0x1668 mbamchameleon - ok
13:44:57.0065 0x1668 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\windows\system32\drivers\MBAMSwissArmy.sys
13:44:57.0127 0x1668 MBAMSwissArmy - ok
13:44:57.0174 0x1668 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:44:57.0267 0x1668 Mcx2Svc - ok
13:44:57.0299 0x1668 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:44:57.0345 0x1668 megasas - ok
13:44:57.0392 0x1668 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:44:57.0470 0x1668 MegaSR - ok
13:44:57.0486 0x1668 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\windows\system32\mmcss.dll
13:44:57.0548 0x1668 MMCSS - ok
13:44:57.0564 0x1668 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\windows\system32\drivers\modem.sys
13:44:57.0657 0x1668 Modem - ok
13:44:57.0689 0x1668 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:44:57.0720 0x1668 monitor - ok
13:44:57.0751 0x1668 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:44:57.0813 0x1668 mouclass - ok
13:44:57.0845 0x1668 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:44:57.0907 0x1668 mouhid - ok
13:44:57.0969 0x1668 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:44:58.0032 0x1668 mountmgr - ok
13:44:58.0094 0x1668 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:44:58.0157 0x1668 MozillaMaintenance - ok
13:44:58.0188 0x1668 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\windows\system32\drivers\mpio.sys
13:44:58.0250 0x1668 mpio - ok
13:44:58.0297 0x1668 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:44:58.0406 0x1668 mpsdrv - ok
13:44:58.0531 0x1668 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\windows\system32\mpssvc.dll
13:44:58.0640 0x1668 MpsSvc - ok
13:44:58.0671 0x1668 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:44:58.0749 0x1668 MRxDAV - ok
13:44:58.0796 0x1668 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:44:58.0905 0x1668 mrxsmb - ok
13:44:58.0952 0x1668 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:44:59.0046 0x1668 mrxsmb10 - ok
13:44:59.0061 0x1668 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:44:59.0093 0x1668 mrxsmb20 - ok
13:44:59.0124 0x1668 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\windows\system32\drivers\msahci.sys
13:44:59.0186 0x1668 msahci - ok
13:44:59.0217 0x1668 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:44:59.0295 0x1668 msdsm - ok
13:44:59.0311 0x1668 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\windows\System32\msdtc.exe
13:44:59.0420 0x1668 MSDTC - ok
13:44:59.0467 0x1668 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\windows\system32\drivers\Msfs.sys
13:44:59.0545 0x1668 Msfs - ok
13:44:59.0561 0x1668 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:44:59.0654 0x1668 mshidkmdf - ok
13:44:59.0701 0x1668 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:44:59.0763 0x1668 msisadrv - ok
13:44:59.0810 0x1668 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:44:59.0904 0x1668 MSiSCSI - ok
13:44:59.0904 0x1668 msiserver - ok
13:44:59.0935 0x1668 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:45:00.0029 0x1668 MSKSSRV - ok
13:45:00.0044 0x1668 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:45:00.0138 0x1668 MSPCLOCK - ok
13:45:00.0153 0x1668 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:45:00.0247 0x1668 MSPQM - ok
13:45:00.0263 0x1668 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:45:00.0309 0x1668 MsRPC - ok
13:45:00.0341 0x1668 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:45:00.0372 0x1668 mssmbios - ok
13:45:00.0387 0x1668 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:45:00.0497 0x1668 MSTEE - ok
13:45:00.0512 0x1668 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:45:00.0543 0x1668 MTConfig - ok
13:45:00.0559 0x1668 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\windows\system32\Drivers\mup.sys
13:45:00.0621 0x1668 Mup - ok
13:45:00.0668 0x1668 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\windows\system32\qagentRT.dll
13:45:00.0746 0x1668 napagent - ok
13:45:00.0793 0x1668 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:45:00.0824 0x1668 NativeWifiP - ok
13:45:00.0887 0x1668 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\windows\system32\drivers\ndis.sys
13:45:00.0918 0x1668 NDIS - ok
13:45:00.0949 0x1668 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:45:01.0011 0x1668 NdisCap - ok
13:45:01.0027 0x1668 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:45:01.0089 0x1668 NdisTapi - ok
13:45:01.0152 0x1668 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:45:01.0230 0x1668 Ndisuio - ok
13:45:01.0261 0x1668 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:45:01.0339 0x1668 NdisWan - ok
13:45:01.0386 0x1668 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:45:01.0464 0x1668 NDProxy - ok
13:45:01.0635 0x1668 [ C7F5C284B6F46FCAF6910EA4E644700B, 754B11B71C06BC597EC5685E20772B604326C421BBD234BCD90678FD57C07768 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:45:01.0667 0x1668 Nero BackItUp Scheduler 4.0 - ok
13:45:01.0698 0x1668 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:45:01.0791 0x1668 NetBIOS - ok
13:45:01.0823 0x1668 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:45:01.0901 0x1668 NetBT - ok
13:45:01.0916 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] Netlogon C:\windows\system32\lsass.exe
13:45:01.0932 0x1668 Netlogon - ok
13:45:01.0963 0x1668 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\windows\System32\netman.dll
13:45:02.0057 0x1668 Netman - ok
13:45:02.0119 0x1668 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0213 0x1668 NetMsmqActivator - ok
13:45:02.0244 0x1668 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0275 0x1668 NetPipeActivator - ok
13:45:02.0306 0x1668 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\windows\System32\netprofm.dll
13:45:02.0369 0x1668 netprofm - ok
13:45:02.0384 0x1668 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0400 0x1668 NetTcpActivator - ok
13:45:02.0415 0x1668 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0431 0x1668 NetTcpPortSharing - ok
13:45:02.0462 0x1668 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:45:02.0509 0x1668 nfrd960 - ok
13:45:02.0556 0x1668 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\windows\System32\nlasvc.dll
13:45:02.0696 0x1668 NlaSvc - ok
13:45:02.0727 0x1668 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:45:02.0805 0x1668 Npfs - ok
13:45:02.0837 0x1668 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\windows\system32\nsisvc.dll
13:45:02.0915 0x1668 nsi - ok
13:45:02.0946 0x1668 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:45:03.0039 0x1668 nsiproxy - ok
13:45:03.0133 0x1668 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:45:03.0242 0x1668 Ntfs - ok
13:45:03.0273 0x1668 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\windows\system32\drivers\Null.sys
13:45:03.0383 0x1668 Null - ok
13:45:03.0445 0x1668 [ FBEC0FD36ED61EFEE1E3063281EAB984, AE4BC81897FDDE6EBEE7A9A3C9252A8E454B80831A853F9D1DCC0C2F8FA7DAAC ] NVHDA C:\windows\system32\drivers\nvhda32v.sys
13:45:03.0507 0x1668 NVHDA - ok
13:45:03.0866 0x1668 [ 61B13F70B75EE35526549CFEE7850613, 07E8E593188F4A971FDE7D30F4B401A966944CFC268852A35D428C635370BB78 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
13:45:04.0459 0x1668 nvlddmkm - ok
13:45:04.0506 0x1668 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\windows\system32\drivers\nvraid.sys
13:45:04.0568 0x1668 nvraid - ok
13:45:04.0615 0x1668 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\windows\system32\drivers\nvstor.sys
13:45:04.0677 0x1668 nvstor - ok
13:45:04.0724 0x1668 [ FAEFC55E4F7CED7DE6CB9EE5BC8827F9, 0ECC007D8138032B80CD00DD5C329691BC9408EE711DC7E69B263CADECE6B4DA ] nvsvc C:\windows\system32\nvvsvc.exe
13:45:04.0755 0x1668 nvsvc - ok
13:45:04.0927 0x1668 [ 4BAE67FFDC0E1AE2B4FB5FC21F07B65C, 7F2F8B5CA7B175A1F9B4C77B6512FD7F6FD2DBC14175631E2E342A52B5EC0730 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:45:04.0974 0x1668 nvUpdatusService - ok
13:45:05.0021 0x1668 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:45:05.0067 0x1668 nv_agp - ok
13:45:05.0192 0x1668 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:45:05.0286 0x1668 odserv - ok
13:45:05.0333 0x1668 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:45:05.0395 0x1668 ohci1394 - ok
13:45:05.0426 0x1668 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:05.0489 0x1668 ose - ok
13:45:05.0535 0x1668 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:45:05.0629 0x1668 p2pimsvc - ok
13:45:05.0676 0x1668 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\windows\system32\p2psvc.dll
13:45:05.0785 0x1668 p2psvc - ok
13:45:05.0816 0x1668 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\windows\system32\DRIVERS\parport.sys
13:45:05.0847 0x1668 Parport - ok
13:45:05.0879 0x1668 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\windows\system32\drivers\partmgr.sys
13:45:05.0925 0x1668 partmgr - ok
13:45:05.0941 0x1668 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
13:45:05.0972 0x1668 Parvdm - ok
13:45:06.0003 0x1668 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\windows\System32\pcasvc.dll
13:45:06.0066 0x1668 PcaSvc - ok
13:45:06.0097 0x1668 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\windows\system32\drivers\pci.sys
13:45:06.0159 0x1668 pci - ok
13:45:06.0206 0x1668 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\windows\system32\drivers\pciide.sys
13:45:06.0237 0x1668 pciide - ok
13:45:06.0284 0x1668 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:45:06.0331 0x1668 pcmcia - ok
13:45:06.0347 0x1668 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\windows\system32\drivers\pcw.sys
13:45:06.0393 0x1668 pcw - ok
13:45:06.0487 0x1668 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
13:45:06.0534 0x1668 PDFProFiltSrvPP - ok
13:45:06.0627 0x1668 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:45:06.0721 0x1668 PEAUTH - ok
13:45:06.0846 0x1668 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\windows\system32\pla.dll
13:45:06.0986 0x1668 pla - ok
13:45:07.0064 0x1668 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:45:07.0173 0x1668 PlugPlay - ok
13:45:07.0205 0x1668 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:45:07.0236 0x1668 PNRPAutoReg - ok
13:45:07.0267 0x1668 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:45:07.0283 0x1668 PNRPsvc - ok
13:45:07.0345 0x1668 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:45:07.0423 0x1668 PolicyAgent - ok
13:45:07.0454 0x1668 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\windows\system32\umpo.dll
13:45:07.0517 0x1668 Power - ok
13:45:07.0563 0x1668 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:45:07.0673 0x1668 PptpMiniport - ok
13:45:07.0688 0x1668 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\windows\system32\DRIVERS\processr.sys
13:45:07.0751 0x1668 Processor - ok
13:45:07.0797 0x1668 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\windows\system32\profsvc.dll
13:45:07.0860 0x1668 ProfSvc - ok
13:45:07.0875 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] ProtectedStorage C:\windows\system32\lsass.exe
13:45:07.0891 0x1668 ProtectedStorage - ok
13:45:07.0922 0x1668 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:45:08.0016 0x1668 Psched - ok
13:45:08.0109 0x1668 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:45:08.0203 0x1668 ql2300 - ok
13:45:08.0234 0x1668 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:45:08.0297 0x1668 ql40xx - ok
13:45:08.0343 0x1668 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\windows\system32\qwave.dll
13:45:08.0421 0x1668 QWAVE - ok
13:45:08.0437 0x1668 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:45:08.0531 0x1668 QWAVEdrv - ok
13:45:08.0546 0x1668 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:45:08.0640 0x1668 RasAcd - ok
13:45:08.0671 0x1668 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:45:08.0780 0x1668 RasAgileVpn - ok
13:45:08.0811 0x1668 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\windows\System32\rasauto.dll
13:45:08.0874 0x1668 RasAuto - ok
13:45:08.0905 0x1668 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:45:08.0967 0x1668 Rasl2tp - ok
13:45:09.0014 0x1668 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\windows\System32\rasmans.dll
13:45:09.0092 0x1668 RasMan - ok
13:45:09.0123 0x1668 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:45:09.0201 0x1668 RasPppoe - ok
13:45:09.0217 0x1668 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:45:09.0264 0x1668 RasSstp - ok
13:45:09.0311 0x1668 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:45:09.0420 0x1668 rdbss - ok
13:45:09.0435 0x1668 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:45:09.0482 0x1668 rdpbus - ok
13:45:09.0607 0x1668 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:45:09.0685 0x1668 RDPCDD - ok
13:45:09.0747 0x1668 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:45:09.0857 0x1668 RDPENCDD - ok
13:45:09.0872 0x1668 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:45:09.0935 0x1668 RDPREFMP - ok
13:45:10.0044 0x1668 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:45:10.0153 0x1668 RdpVideoMiniport - ok
13:45:10.0200 0x1668 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:45:10.0262 0x1668 RDPWD - ok
13:45:10.0340 0x1668 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:45:10.0403 0x1668 rdyboost - ok
13:45:10.0434 0x1668 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\windows\System32\mprdim.dll
13:45:10.0512 0x1668 RemoteAccess - ok
13:45:10.0527 0x1668 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\windows\system32\regsvc.dll
13:45:10.0605 0x1668 RemoteRegistry - ok
13:45:10.0637 0x1668 [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip C:\windows\SYSTEM32\Rezip.exe
13:45:10.0652 0x1668 Rezip - detected UnsignedFile.Multi.Generic ( 1 )
13:45:13.0351 0x1668 Detect skipped due to KSN trusted
13:45:13.0351 0x1668 Rezip - ok
13:45:13.0491 0x1668 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:45:13.0601 0x1668 RFCOMM - ok
13:45:13.0803 0x1668 [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:45:13.0835 0x1668 RichVideo - ok
13:45:13.0897 0x1668 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:45:13.0991 0x1668 RpcEptMapper - ok
13:45:14.0022 0x1668 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\windows\system32\locator.exe
13:45:14.0053 0x1668 RpcLocator - ok
13:45:14.0100 0x1668 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\windows\system32\rpcss.dll
13:45:14.0147 0x1668 RpcSs - ok
13:45:14.0193 0x1668 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:45:14.0303 0x1668 rspndr - ok
13:45:14.0334 0x1668 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
13:45:14.0396 0x1668 RTL8167 - ok
13:45:14.0443 0x1668 [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI C:\windows\system32\Drivers\SABI.sys
13:45:14.0521 0x1668 SABI - ok
13:45:14.0537 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] SamSs C:\windows\system32\lsass.exe
13:45:14.0568 0x1668 SamSs - ok
13:45:14.0646 0x1668 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:45:14.0661 0x1668 sbp2port - ok
13:45:14.0693 0x1668 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\windows\System32\SCardSvr.dll
13:45:14.0771 0x1668 SCardSvr - ok
13:45:14.0802 0x1668 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:45:14.0864 0x1668 scfilter - ok
13:45:14.0958 0x1668 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\windows\system32\schedsvc.dll
13:45:15.0083 0x1668 Schedule - ok
13:45:15.0129 0x1668 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\windows\System32\certprop.dll
13:45:15.0192 0x1668 SCPolicySvc - ok
13:45:15.0223 0x1668 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:45:15.0301 0x1668 SDRSVC - ok
13:45:15.0332 0x1668 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:45:15.0395 0x1668 secdrv - ok
13:45:15.0410 0x1668 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\windows\system32\seclogon.dll
13:45:15.0519 0x1668 seclogon - ok
13:45:15.0551 0x1668 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\windows\System32\sens.dll
13:45:15.0613 0x1668 SENS - ok
13:45:15.0644 0x1668 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:45:15.0722 0x1668 SensrSvc - ok
13:45:15.0738 0x1668 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:45:15.0769 0x1668 Serenum - ok
13:45:15.0800 0x1668 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\windows\system32\DRIVERS\serial.sys
13:45:15.0878 0x1668 Serial - ok
13:45:15.0909 0x1668 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:45:15.0925 0x1668 sermouse - ok
13:45:15.0972 0x1668 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\windows\system32\sessenv.dll
13:45:16.0097 0x1668 SessionEnv - ok
13:45:16.0128 0x1668 [ B7018644E132A8DFB12ED90106E06739, E25D2621F2651F56CE836DB9656AB44D535EA5DF99D5D7DB49B8BEF17114E9CC ] sfdrv01 C:\windows\system32\drivers\sfdrv01.sys
13:45:16.0175 0x1668 sfdrv01 - ok
13:45:16.0221 0x1668 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:45:16.0284 0x1668 sffdisk - ok
13:45:16.0299 0x1668 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:45:16.0362 0x1668 sffp_mmc - ok
13:45:16.0377 0x1668 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:45:16.0471 0x1668 sffp_sd - ok
13:45:16.0518 0x1668 [ DAAD4C099EBF5094D32C373AC1AC0F3C, 4783DBDB18B4388D63BAF7D1E266D176DD4D25E6084E67A835DBC16732FCD9BC ] sfhlp02 C:\windows\system32\drivers\sfhlp02.sys
13:45:16.0549 0x1668 sfhlp02 - ok
13:45:16.0643 0x1668 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:45:16.0721 0x1668 sfloppy - ok
13:45:16.0845 0x1668 [ 6DC03269F4C71E4AB313C3597F42A340, A5E33E2E8006321FF93651D623A018B1CD61538C1773F45D4683839F1A87DDE6 ] sfsync02 C:\windows\system32\drivers\sfsync02.sys
13:45:16.0908 0x1668 sfsync02 - ok
13:45:16.0986 0x1668 [ 197CEF62EB4BC043E1578529FA2B9A48, 3D0FFF46671E6B7805D917FCE53C73904903464216BB7C8AA0C0B88C00ACEEB5 ] sfvfs02 C:\windows\system32\drivers\sfvfs02.sys
13:45:17.0048 0x1668 sfvfs02 - ok
13:45:17.0235 0x1668 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\windows\System32\ipnathlp.dll
13:45:17.0454 0x1668 SharedAccess - ok
13:45:17.0532 0x1668 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:45:17.0625 0x1668 ShellHWDetection - ok
13:45:17.0641 0x1668 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\windows\system32\drivers\sisagp.sys
13:45:17.0688 0x1668 sisagp - ok
13:45:17.0766 0x1668 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:45:17.0781 0x1668 SiSRaid2 - ok
13:45:17.0797 0x1668 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:45:17.0813 0x1668 SiSRaid4 - ok
13:45:17.0844 0x1668 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:45:17.0953 0x1668 Smb - ok
13:45:18.0078 0x1668 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:45:18.0125 0x1668 SNMPTRAP - ok
13:45:18.0140 0x1668 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\windows\system32\drivers\spldr.sys
13:45:18.0187 0x1668 spldr - ok
13:45:18.0390 0x1668 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\windows\System32\spoolsv.exe
13:45:18.0546 0x1668 Spooler - ok
13:45:19.0357 0x1668 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\windows\system32\sppsvc.exe
13:45:19.0693 0x1668 sppsvc - ok
13:45:19.0743 0x1668 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\windows\system32\sppuinotify.dll
13:45:19.0843 0x1668 sppuinotify - ok
13:45:19.0933 0x1668 [ 54902536AAD0E9B99BC65F89C0CAF93F, 312B6F1ECBAA42EA8FAC374E446FC6B686F747B38D903E1B181F95AECCB2BFD1 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:45:19.0993 0x1668 SQLWriter - ok
13:45:20.0043 0x1668 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\windows\system32\DRIVERS\srv.sys
13:45:20.0123 0x1668 srv - ok
13:45:20.0153 0x1668 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:45:20.0223 0x1668 srv2 - ok
13:45:20.0249 0x1668 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:45:20.0327 0x1668 srvnet - ok
13:45:20.0358 0x1668 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:45:20.0436 0x1668 SSDPSRV - ok
13:45:20.0514 0x1668 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
13:45:20.0577 0x1668 ssmdrv - ok
13:45:20.0608 0x1668 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\windows\system32\sstpsvc.dll
13:45:20.0670 0x1668 SstpSvc - ok
13:45:20.0701 0x1668 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:45:20.0764 0x1668 stexstor - ok
13:45:20.0811 0x1668 [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\windows\system32\DRIVERS\serscan.sys
13:45:20.0889 0x1668 StillCam - ok
13:45:20.0935 0x1668 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\windows\System32\wiaservc.dll
13:45:21.0029 0x1668 StiSvc - ok
13:45:21.0107 0x1668 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\windows\system32\drivers\swenum.sys
13:45:21.0138 0x1668 swenum - ok
13:45:21.0185 0x1668 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\windows\System32\swprv.dll
13:45:21.0294 0x1668 swprv - ok
13:45:21.0372 0x1668 [ 069E5728E565BD401347CB94732C4733, 16D6F0DE070E0A00FEE2512A9F238DA8175C4C44D76FBC5DD49CAF2EBB779C1F ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:45:21.0388 0x1668 SynTP - ok
13:45:21.0700 0x1668 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\windows\system32\sysmain.dll
13:45:21.0809 0x1668 SysMain - ok
13:45:21.0840 0x1668 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
13:45:21.0903 0x1668 TabletInputService - ok
13:45:21.0934 0x1668 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\windows\System32\tapisrv.dll
13:45:22.0012 0x1668 TapiSrv - ok
13:45:22.0043 0x1668 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\windows\System32\tbssvc.dll
13:45:22.0121 0x1668 TBS - ok
13:45:22.0199 0x1668 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:45:22.0308 0x1668 Tcpip - ok
13:45:22.0355 0x1668 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:45:22.0417 0x1668 TCPIP6 - ok
13:45:22.0449 0x1668 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:45:22.0495 0x1668 tcpipreg - ok
13:45:22.0527 0x1668 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:45:22.0605 0x1668 TDPIPE - ok
13:45:22.0636 0x1668 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:45:22.0698 0x1668 TDTCP - ok
13:45:22.0745 0x1668 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:45:22.0823 0x1668 tdx - ok
13:45:22.0839 0x1668 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\windows\system32\drivers\termdd.sys
13:45:22.0885 0x1668 TermDD - ok
13:45:22.0948 0x1668 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\windows\System32\termsrv.dll
13:45:23.0041 0x1668 TermService - ok
13:45:23.0073 0x1668 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\windows\system32\themeservice.dll
13:45:23.0119 0x1668 Themes - ok
13:45:23.0151 0x1668 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\windows\system32\mmcss.dll
13:45:23.0182 0x1668 THREADORDER - ok
13:45:23.0229 0x1668 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\windows\System32\trkwks.dll
13:45:23.0307 0x1668 TrkWks - ok
13:45:23.0369 0x1668 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:45:23.0431 0x1668 TrustedInstaller - ok
13:45:23.0463 0x1668 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:45:23.0478 0x1668 tssecsrv - ok
13:45:23.0541 0x1668 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:45:23.0619 0x1668 TsUsbFlt - ok
13:45:23.0665 0x1668 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:45:23.0743 0x1668 tunnel - ok
13:45:23.0775 0x1668 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:45:23.0790 0x1668 uagp35 - ok
13:45:23.0853 0x1668 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:45:23.0931 0x1668 udfs - ok
13:45:23.0962 0x1668 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\windows\system32\UI0Detect.exe
13:45:24.0009 0x1668 UI0Detect - ok
13:45:24.0055 0x1668 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:45:24.0071 0x1668 uliagpkx - ok
13:45:24.0102 0x1668 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\windows\system32\drivers\umbus.sys
13:45:24.0149 0x1668 umbus - ok
13:45:24.0180 0x1668 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:45:24.0321 0x1668 UmPass - ok
13:45:24.0399 0x1668 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\windows\System32\upnphost.dll
13:45:24.0461 0x1668 upnphost - ok
13:45:24.0508 0x1668 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:45:24.0617 0x1668 usbccgp - ok
13:45:24.0695 0x1668 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\windows\system32\drivers\usbcir.sys
13:45:24.0820 0x1668 usbcir - ok
13:45:24.0882 0x1668 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\windows\system32\drivers\usbehci.sys
13:45:24.0960 0x1668 usbehci - ok
13:45:25.0023 0x1668 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:45:25.0116 0x1668 usbhub - ok
13:45:25.0147 0x1668 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:45:25.0210 0x1668 usbohci - ok
13:45:25.0241 0x1668 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:45:25.0288 0x1668 usbprint - ok
13:45:25.0319 0x1668 [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:45:25.0381 0x1668 usbscan - ok
13:45:25.0397 0x1668 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:45:25.0475 0x1668 USBSTOR - ok
13:45:25.0537 0x1668 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:45:25.0584 0x1668 usbuhci - ok
13:45:25.0631 0x1668 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:45:25.0725 0x1668 usbvideo - ok
13:45:25.0756 0x1668 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\windows\System32\uxsms.dll
13:45:25.0818 0x1668 UxSms - ok
13:45:25.0849 0x1668 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] VaultSvc C:\windows\system32\lsass.exe
13:45:25.0865 0x1668 VaultSvc - ok
13:45:25.0896 0x1668 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:45:25.0943 0x1668 vdrvroot - ok
13:45:26.0005 0x1668 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\windows\System32\vds.exe
13:45:26.0083 0x1668 vds - ok
13:45:26.0146 0x1668 [ 032A1F7357BA2C235C3BA8002D52F870, A594C875469A2194AE23DA3B2BD35B2B800D475C46508EDD7A41063A9380F7D8 ] vflt C:\windows\system32\DRIVERS\vfilter.sys
13:45:26.0224 0x1668 vflt - ok
13:45:26.0271 0x1668 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:45:26.0349 0x1668 vga - ok
13:45:26.0364 0x1668 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\windows\System32\drivers\vga.sys
13:45:26.0473 0x1668 VgaSave - ok
13:45:26.0505 0x1668 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:45:26.0567 0x1668 vhdmp - ok
13:45:26.0598 0x1668 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\windows\system32\drivers\viaagp.sys
13:45:26.0614 0x1668 viaagp - ok
13:45:26.0629 0x1668 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
13:45:26.0692 0x1668 ViaC7 - ok
13:45:26.0739 0x1668 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\windows\system32\drivers\viaide.sys
13:45:26.0801 0x1668 viaide - ok
13:45:26.0832 0x1668 [ FBD7E0A5B543480A69896811CB66A1FB, 7EC73712356D794AD7F9685ED1FA8663A5A44355A4C92CB3C87E2B9B8A693E16 ] vnet C:\windows\system32\DRIVERS\virtualnet.sys
13:45:26.0910 0x1668 vnet - ok
13:45:26.0957 0x1668 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:45:27.0019 0x1668 volmgr - ok
13:45:27.0051 0x1668 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:45:27.0097 0x1668 volmgrx - ok
13:45:27.0129 0x1668 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:45:27.0175 0x1668 volsnap - ok
13:45:27.0207 0x1668 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:45:27.0253 0x1668 vsmraid - ok
13:45:27.0316 0x1668 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\windows\system32\vssvc.exe
13:45:27.0425 0x1668 VSS - ok
13:45:27.0441 0x1668 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:45:27.0487 0x1668 vwifibus - ok
13:45:27.0519 0x1668 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:45:27.0581 0x1668 vwififlt - ok
13:45:27.0612 0x1668 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:45:27.0659 0x1668 vwifimp - ok
13:45:27.0690 0x1668 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\windows\system32\w32time.dll
13:45:27.0753 0x1668 W32Time - ok
13:45:27.0768 0x1668 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:45:27.0815 0x1668 WacomPen - ok
13:45:27.0846 0x1668 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:45:27.0924 0x1668 WANARP - ok
13:45:27.0924 0x1668 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:45:27.0971 0x1668 Wanarpv6 - ok
13:45:28.0033 0x1668 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\windows\system32\wbengine.exe
13:45:28.0143 0x1668 wbengine - ok
13:45:28.0189 0x1668 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:45:28.0236 0x1668 WbioSrvc - ok
13:45:28.0267 0x1668 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\windows\System32\wcncsvc.dll
13:45:28.0345 0x1668 wcncsvc - ok
13:45:28.0361 0x1668 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:45:28.0423 0x1668 WcsPlugInService - ok
13:45:28.0470 0x1668 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\windows\system32\DRIVERS\wd.sys
13:45:28.0517 0x1668 Wd - ok
13:45:28.0564 0x1668 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:45:28.0626 0x1668 Wdf01000 - ok
13:45:28.0657 0x1668 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\windows\system32\wdi.dll
13:45:28.0751 0x1668 WdiServiceHost - ok
13:45:28.0751 0x1668 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\windows\system32\wdi.dll
13:45:28.0782 0x1668 WdiSystemHost - ok
13:45:28.0829 0x1668 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\windows\System32\webclnt.dll
13:45:28.0938 0x1668 WebClient - ok
13:45:28.0985 0x1668 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\windows\system32\wecsvc.dll
13:45:29.0079 0x1668 Wecsvc - ok
13:45:29.0094 0x1668 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:45:29.0172 0x1668 wercplsupport - ok
13:45:29.0203 0x1668 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\windows\System32\WerSvc.dll
13:45:29.0281 0x1668 WerSvc - ok
13:45:29.0328 0x1668 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:45:29.0406 0x1668 WfpLwf - ok
13:45:29.0422 0x1668 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:45:29.0453 0x1668 WIMMount - ok
13:45:29.0562 0x1668 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:45:29.0656 0x1668 WinDefend - ok
13:45:29.0671 0x1668 WinHttpAutoProxySvc - ok
13:45:29.0734 0x1668 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:45:29.0812 0x1668 Winmgmt - ok
13:45:29.0890 0x1668 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\windows\system32\WsmSvc.dll
13:45:30.0030 0x1668 WinRM - ok
13:45:30.0093 0x1668 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\windows\System32\wlansvc.dll
13:45:30.0186 0x1668 Wlansvc - ok
13:45:30.0218 0x1668 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:45:30.0249 0x1668 WmiAcpi - ok
13:45:30.0280 0x1668 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:45:30.0342 0x1668 wmiApSrv - ok
13:45:30.0498 0x1668 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:45:30.0654 0x1668 WMPNetworkSvc - ok
13:45:30.0686 0x1668 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\windows\System32\wpcsvc.dll
13:45:30.0779 0x1668 WPCSvc - ok
13:45:30.0810 0x1668 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:45:30.0873 0x1668 WPDBusEnum - ok
13:45:30.0904 0x1668 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:45:30.0982 0x1668 ws2ifsl - ok
13:45:30.0998 0x1668 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\windows\System32\wscsvc.dll
13:45:31.0060 0x1668 wscsvc - ok
13:45:31.0076 0x1668 WSearch - ok
13:45:31.0185 0x1668 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\windows\system32\wuaueng.dll
13:45:31.0310 0x1668 wuauserv - ok
13:45:31.0356 0x1668 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:45:31.0434 0x1668 WudfPf - ok
13:45:31.0466 0x1668 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:31.0528 0x1668 WUDFRd - ok
13:45:31.0559 0x1668 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:45:31.0590 0x1668 wudfsvc - ok
13:45:31.0622 0x1668 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\windows\System32\wwansvc.dll
13:45:31.0684 0x1668 WwanSvc - ok
13:45:31.0746 0x1668 [ 30B73EB97218A16CBC6DE535782A1B35, 5B034F39FA5B902BD6899717F7696871CDAFB8698B48BB0E95DAE51234715A28 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
13:45:31.0840 0x1668 yukonw7 - ok
13:45:31.0871 0x1668 ================ Scan global ===============================
13:45:31.0934 0x1668 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
13:45:31.0996 0x1668 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
13:45:32.0058 0x1668 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
13:45:32.0090 0x1668 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
13:45:32.0168 0x1668 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\windows\system32\services.exe
13:45:32.0230 0x1668 [ Global ] - ok
13:45:32.0230 0x1668 ================ Scan MBR ==================================
13:45:32.0246 0x1668 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
13:45:32.0760 0x1668 \Device\Harddisk0\DR0 - ok
13:45:32.0760 0x1668 ================ Scan VBR ==================================
13:45:32.0760 0x1668 [ E2C8715762CF8E54F0EB9259D90FFD81 ] \Device\Harddisk0\DR0\Partition1
13:45:32.0792 0x1668 \Device\Harddisk0\DR0\Partition1 - ok
13:45:32.0807 0x1668 [ 1F0DFC15CE7F27D9DA08EEB12F0650C4 ] \Device\Harddisk0\DR0\Partition2
13:45:32.0807 0x1668 \Device\Harddisk0\DR0\Partition2 - ok
13:45:32.0807 0x1668 [ C418A24D8E6D4D267CB8596FC4625A14 ] \Device\Harddisk0\DR0\Partition3
13:45:32.0807 0x1668 \Device\Harddisk0\DR0\Partition3 - ok
13:45:32.0807 0x1668 ================ Scan generic autorun ======================
13:45:33.0150 0x1668 [ 97101B7CCCFA2BDFEFC2E0B84205D144, 10C6EC4903DB85A1517F788049E726B22FF87C012A936CBF26EF0F2222C9251B ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
13:45:33.0556 0x1668 RtHDVCpl - ok
13:45:33.0681 0x1668 [ E4A94D17436B4E9F53CD64D08E53D964, E3B2D336A1E90C1C520B834FA986AE2CFBD2807664C35E8AB9059CC899E58CFC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
13:45:33.0743 0x1668 SynTPEnh - ok
13:45:33.0806 0x1668 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
13:45:33.0868 0x1668 UpdateLBPShortCut - ok
13:45:33.0899 0x1668 [ 54FA8528EDA1B6B34615F4EA3FCB35E6, B078821475D6FDED19579A487484D0752DC6E1AA0D1ACA71353C743B00291C61 ] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
13:45:33.0915 0x1668 CLMLServer - ok
13:45:33.0962 0x1668 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
13:45:33.0993 0x1668 UpdateP2GoShortCut - ok
13:45:34.0071 0x1668 [ AAD52179D4A526AD4A705B87C6E4F72A, 0015F316DD2E73D5D2434DAC7CAB47050B21BF8CAE23482302A0E1982EF8A3BD ] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
13:45:34.0149 0x1668 UpdatePDRShortCut - ok
13:45:34.0196 0x1668 [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
13:45:34.0211 0x1668 RemoteControl8 - ok
13:45:34.0227 0x1668 [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
13:45:34.0258 0x1668 PDVD8LanguageShortcut - ok
13:45:34.0336 0x1668 [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
13:45:34.0398 0x1668 UpdatePPShortCut - ok
13:45:34.0476 0x1668 [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
13:45:34.0523 0x1668 UpdatePSTShortCut - ok
13:45:34.0554 0x1668 [ 36086951E7475DC238830173163186D3, 513D3CCCDA92F624889EC593538A702897BEE0EA99549BBB68697BBB828E9286 ] C:\Program Files\AnyPC Client\APLangApp.exe
13:45:34.0601 0x1668 APLangApp - ok
13:45:34.0679 0x1668 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
13:45:34.0710 0x1668 UCam_Menu - ok
13:45:34.0773 0x1668 [ AEB3E8A6308604C3490A36D06D6685DC, CAFAE7697261CDA6934E324FC45D893BB452F23A1196FECC6930B72FFA8A2738 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
13:45:34.0804 0x1668 Adobe Acrobat Speed Launcher - ok
13:45:34.0929 0x1668 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0069 0x1668 Sidebar - ok
13:45:35.0100 0x1668 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0163 0x1668 mctadmin - ok
13:45:35.0194 0x1668 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0241 0x1668 Sidebar - ok
13:45:35.0256 0x1668 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0272 0x1668 mctadmin - ok
13:45:35.0412 0x1668 [ 66E3878250E18FEDBA32CB90DA917005, 199DA21E7A269334E6F0BE7A73D3CA28F716CF32183DF9D50B282DAAFAE1D309 ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
13:45:35.0459 0x1668 GarminExpressTrayApp - ok
13:45:35.0568 0x1668 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
13:45:35.0600 0x1668 ISUSPM - ok
13:45:35.0615 0x1668 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
13:45:35.0631 0x1668 ISUSPM - ok
13:45:35.0678 0x1668 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0724 0x1668 Sidebar - ok
13:45:35.0756 0x1668 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0771 0x1668 mctadmin - ok
13:45:35.0771 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:36.0785 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:37.0799 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:38.0813 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:39.0827 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:40.0841 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:41.0855 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:42.0869 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:43.0883 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:44.0897 0x1668 Waiting for KSN requests completion. In queue: 337
13:45:46.0067 0x1668 AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
13:45:46.0098 0x1668 Win FW state via NFP2: enabled
13:45:48.0844 0x1668 ============================================================
13:45:48.0844 0x1668 Scan finished
13:45:48.0844 0x1668 ============================================================
13:45:48.0891 0x1144 Detected object count: 0
13:45:48.0891 0x1144 Actual detected object count: 0
|
|
04.06.2015, 19:58
| #6 |
| | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Übrigens habe ich mittlerweile auch einen Scan der ganzen Systems mit AntiVir durchgeführt und habe nichts gefunden, was aber wahrscheinlich auch nicht viel heißt, trotzdem hier der Report von Antivir: Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 4. Juni 2015 00:48
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Marc
Computername : C***
Versionsinformationen:
BUILD.DAT : 15.0.10.434 109882 Bytes 16.04.2015 15:24:00
AVSCAN.EXE : 15.0.10.430 1028856 Bytes 07.05.2015 17:26:25
AVSCANRC.DLL : 15.0.10.236 64760 Bytes 07.05.2015 17:26:25
LUKE.DLL : 15.0.10.414 59696 Bytes 07.05.2015 17:26:33
AVSCPLR.DLL : 15.0.10.414 97736 Bytes 07.05.2015 17:26:25
REPAIR.DLL : 15.0.10.414 375088 Bytes 07.05.2015 17:26:25
REPAIR.RDF : 1.0.8.20 898451 Bytes 02.06.2015 17:25:40
AVREG.DLL : 15.0.10.414 275248 Bytes 07.05.2015 17:26:24
AVLODE.DLL : 15.0.10.414 597240 Bytes 07.05.2015 17:26:23
AVLODE.RDF : 14.0.4.70 79227 Bytes 07.05.2015 17:26:21
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:01
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:52:02
XBV00054.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00055.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00056.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00057.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00058.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00059.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00060.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00061.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00062.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00063.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00064.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00065.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00066.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00067.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00068.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00069.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00070.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00071.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00072.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00073.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00074.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00075.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00076.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00077.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00078.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00079.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00080.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00081.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00082.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00083.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00084.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00085.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00086.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00087.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00088.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00089.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00090.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00091.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00092.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00093.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00094.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:30
XBV00095.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00096.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00097.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00098.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00099.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00100.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00101.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00102.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00103.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00104.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00105.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00106.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00107.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00108.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00109.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00110.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00111.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00112.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00113.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00114.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00115.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00116.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00117.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00118.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00119.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00120.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00121.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00122.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00123.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00124.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00125.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00126.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00127.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00128.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00129.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00130.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:31
XBV00131.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00132.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00133.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00134.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00135.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00136.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00137.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00138.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00139.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00140.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00141.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00142.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00143.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00144.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00145.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00146.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00147.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00148.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00149.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00150.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00151.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00152.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00153.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00154.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00155.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00156.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00157.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00158.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00159.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00160.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00161.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00162.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00163.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00164.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00165.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00166.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00167.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00168.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00169.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00170.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00171.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00172.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:32
XBV00173.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00174.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00175.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00176.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00177.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00178.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00179.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00180.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00181.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00182.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00183.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00184.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00185.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00186.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00187.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00188.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00189.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00190.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00191.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00192.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00193.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00194.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00195.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00196.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00197.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00198.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00199.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00200.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00201.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00202.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:33
XBV00203.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00204.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00205.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00206.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00207.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00208.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00209.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00210.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00211.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00212.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00213.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00214.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00215.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00216.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00217.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00218.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00219.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00220.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00221.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00222.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00223.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00224.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00225.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00226.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00227.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00228.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00229.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00230.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00231.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00232.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00233.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00234.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00235.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00236.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00237.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00238.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:34
XBV00239.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00240.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00241.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00242.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00243.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00244.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00245.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00246.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00247.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00248.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00249.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00250.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00251.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00252.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00253.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00254.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00255.VDF : 8.11.237.30 2048 Bytes 02.06.2015 17:25:35
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:37:42
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 19:37:46
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 19:37:49
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 19:37:52
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:37:58
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 20:59:20
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 15:14:41
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:58:27
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 16:52:00
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 18:11:15
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 14:08:35
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 18:10:49
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 18:02:56
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 13:15:59
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 18:21:03
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 08:45:00
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 19:56:28
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 19:52:01
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 17:24:39
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 18:10:25
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 17:25:29
XBV00042.VDF : 8.11.237.62 34816 Bytes 02.06.2015 19:25:17
XBV00043.VDF : 8.11.237.64 14848 Bytes 02.06.2015 19:25:17
XBV00044.VDF : 8.11.237.96 44032 Bytes 02.06.2015 16:43:23
XBV00045.VDF : 8.11.237.128 4096 Bytes 02.06.2015 16:43:23
XBV00046.VDF : 8.11.237.130 12800 Bytes 02.06.2015 16:43:23
XBV00047.VDF : 8.11.237.132 23552 Bytes 03.06.2015 16:43:23
XBV00048.VDF : 8.11.237.134 4608 Bytes 03.06.2015 16:43:23
XBV00049.VDF : 8.11.237.136 4096 Bytes 03.06.2015 16:43:23
XBV00050.VDF : 8.11.237.138 6144 Bytes 03.06.2015 16:43:23
XBV00051.VDF : 8.11.237.160 7680 Bytes 03.06.2015 16:43:23
XBV00052.VDF : 8.11.237.182 17408 Bytes 03.06.2015 16:43:23
XBV00053.VDF : 8.11.237.204 10240 Bytes 03.06.2015 20:43:28
LOCAL001.VDF : 8.11.237.204 126635520 Bytes 03.06.2015 20:43:59
Engineversion : 8.3.30.40
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 17:31:48
AESCRIPT.DLL : 8.2.2.68 524352 Bytes 01.06.2015 16:46:45
AESCN.DLL : 8.3.2.10 142456 Bytes 12.05.2015 19:13:40
AESBX.DLL : 8.2.21.0 1622072 Bytes 26.05.2015 17:13:52
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 18:01:09
AEPACK.DLL : 8.4.0.80 793728 Bytes 26.05.2015 17:13:51
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 24.04.2015 17:16:00
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 24.04.2015 17:16:01
AEHEUR.DLL : 8.1.4.1714 8440688 Bytes 01.06.2015 16:46:45
AEHELP.DLL : 8.3.2.0 281456 Bytes 19.03.2015 21:56:43
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 18:01:59
AEEXP.DLL : 8.4.2.88 266296 Bytes 12.05.2015 19:13:40
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 16:51:49
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 16:24:55
AECORE.DLL : 8.3.6.2 243624 Bytes 26.05.2015 17:13:49
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 16:51:49
AVWINLL.DLL : 15.0.10.236 25904 Bytes 07.05.2015 17:26:21
AVPREF.DLL : 15.0.10.236 52984 Bytes 07.05.2015 17:26:24
AVREP.DLL : 15.0.10.236 220464 Bytes 07.05.2015 17:26:24
AVARKT.DLL : 15.0.10.296 228088 Bytes 07.05.2015 17:26:21
AVEVTLOG.DLL : 15.0.10.296 194296 Bytes 07.05.2015 17:26:22
SQLITE3.DLL : 15.0.10.236 456440 Bytes 07.05.2015 17:26:34
AVSMTP.DLL : 15.0.10.236 78128 Bytes 07.05.2015 17:26:25
NETNT.DLL : 15.0.10.236 16120 Bytes 07.05.2015 17:26:33
CommonImageRc.dll: 15.0.10.236 4355376 Bytes 07.05.2015 17:26:21
CommonTextRc.DLL: 15.0.10.270 70904 Bytes 07.05.2015 17:26:21
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 4. Juni 2015 00:48
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrCcUxSys.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrYNSvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrCtrlCntr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrStMonW.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfPro5Hook.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'pptd40nt.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'Rezip.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDFProFiltSrvPP.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipsecd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iked.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'Garmin.Cartography.MapUpdate.CoreService.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'dtpd.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\drivers\beep.sys'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Signiert -> 'C:\windows\system32\imm32.dll'
Signiert -> 'C:\windows\system32\dsound.dll'
Signiert -> 'C:\windows\system32\aclui.dll'
Signiert -> 'C:\windows\system32\msvcrt.dll'
Signiert -> 'C:\windows\system32\d3d9.dll'
Signiert -> 'C:\windows\system32\dnsapi.dll'
Signiert -> 'C:\windows\system32\mshtml.dll'
Signiert -> 'C:\windows\system32\regsvr32.exe'
Signiert -> 'C:\windows\system32\rundll32.exe'
Signiert -> 'C:\windows\system32\userinit.exe'
Signiert -> 'C:\windows\system32\reg.exe'
Signiert -> 'C:\windows\system32\ntvdm.exe'
Signiert -> 'C:\windows\regedit.exe'
Die Systemdateien wurden durchsucht ('35' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5496' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Ende des Suchlaufs: Donnerstag, 4. Juni 2015 07:14
Benötigte Zeit: 6:26:40 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
42247 Verzeichnisse wurden überprüft
4888188 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
4888188 Dateien ohne Befall
72003 Archive wurden durchsucht
0 Warnungen
0 Hinweise
209483 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Hier das Log File: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.04.04
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17801
Marc :: C*** [administrator]
04.06.2015 20:29:05
mbar-log-2015-06-04 (20-29-05).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 89192
Time elapsed: 20 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
05.06.2015, 17:09
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Sieht alles gut aus
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.06.2015, 19:28
| #8 |
| | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Erstnochmal vielen Dank für Eure tolle Hilfe! Ich kann nicht glauben, dass ich so viel Glück gehabt haben kann... Du meinst also, ich habe nichts eingefangen. Das wäre wirklich toll. Auf jeden Fall habe ich nun gelernt noch aufmerksamer zu sein und lieber einmal mehr zu überlegen, bevor ich auf einen Link klicke! Danke |
|
06.06.2015, 16:21
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Ja, sieht auf jeden Fall so aus
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2015, 11:52
| #10 |
| | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Hallo Schrauber, ich bins wieder! Habe zur Sicherheit gestern abend nochmal den EU-Cleaner von Antivir drüber laufen lassen und einen Fund gemeldet bekommen und zwar in einer Datei backup.pst den TR/Dropper.MSIL.Gen. Bin jetzt etwas verunsichert, ob es sich um eine Falschmeldung handelt, oder sich nicht doch etwas irgendwo versteckt hat. Wäre nett, wenn DU dich noch mal melden könntest! DANKE! |
|
08.06.2015, 06:11
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Der Fund bedeutet nur, dass in dem backup deines Emailprogrammes irgend eine Mail drin ist, die evtl nen schädlichen Anhang hat
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... |
| .dll, administrator, adobe, antivir, avira, browser, computer, defender, explorer, firefox, flash player, google, home, homepage, mozilla, realtek, registry, rundll, scan, secur, software, svchost.exe, temp, windows, winlogon.exe |
Linear-Darstellung
