Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... (https://www.trojaner-board.de/167563-windows-7-habe-bloederweise-link-gefaelschten-dhl-mail-geklickt-website-umgeleitet-worden.html)

Marc.223 03.06.2015 20:49
Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden...
 
Hallo,

Ich habe blöderweise auf einen in einer gefälschten DHL Mail enthaltenen Link geklickt, der mich auf eine fremde Website geleitet hat. Habe halt eine Sekunde nicht aufgepasst und schon war es passiert. Nun weiß ich nicht, ob ich was eingefangen habe, oder ob Firefox die Elemente auf der fremden Site geblockt hat.
Ich habe den Computer bisher nicht neu gebootet.
Betriebssystem Win 7 32 bit

Vielen Dank für Eure Hilfe!

Hier das File von Farbars
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Marc (administrator) on C*** on 03-06-2015 21:03:58
Running from C:\Users\Marc\Desktop
Loaded Profiles: Marc & UpdatusUser (Available Profiles: Caroline *** & Marc & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\Rezip.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\avwebloader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\cleaner.exe
(Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\avscan.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\MountPoints2: {a253fd9b-317b-11df-a1e6-806e6f6e6963} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\menu.hta
HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1C0B4772-79CB-4791-9072-D4AFCB7A665F}: [NameServer] 132.252.3.10,132.252.1.7

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default
FF Homepage: hxxp://www.hr-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll [2007-06-22] (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll [2007-06-22] (CambridgeSoft Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\windows\system32\npdeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Avira SafeSearch - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\safesearch@avira.com [2015-04-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [49152 2009-11-15] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-27] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [716800 2009-11-15] () [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [536576 2009-11-15] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R0 sfvfs02; C:\windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-27] (Avira GmbH)
R1 vflt; C:\windows\System32\DRIVERS\vfilter.sys [17408 2009-11-19] (Shrew Soft Inc)
S3 vnet; C:\windows\System32\DRIVERS\virtualnet.sys [9728 2009-11-19] (Shrew Soft Inc)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 21:02 - 2015-06-03 21:03 - 00038670 _____ C:\Users\Marc\Desktop\Addition.txt
2015-06-03 21:00 - 2015-06-03 21:04 - 00000000 ____D C:\FRST
2015-06-03 21:00 - 2015-06-03 21:03 - 00019608 _____ C:\Users\Marc\Desktop\FRST.txt
2015-06-03 20:59 - 2015-06-03 20:59 - 01147392 _____ (Farbar) C:\Users\Marc\Desktop\FRST.exe
2015-06-03 20:57 - 2015-06-03 20:58 - 00000470 _____ C:\Users\Marc\Desktop\defogger_disable.log
2015-06-03 20:57 - 2015-06-03 20:57 - 00000000 _____ C:\Users\Marc\defogger_reenable
2015-06-03 20:55 - 2015-06-03 20:56 - 00050477 _____ C:\Users\Marc\Desktop\Defogger.exe
2015-06-03 19:14 - 2015-06-03 19:14 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-02 20:02 - 2015-06-02 20:02 - 00000000 ____D C:\Users\Caroline ***\AppData\Local\GWX
2015-06-01 18:37 - 2015-06-01 18:37 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX
2015-05-25 20:39 - 2015-05-25 20:39 - 59517393 _____ C:\Users\Marc\Desktop\befragung-einer-8-realschulklasse-und-einer8-hauptschulkla-b98fhavqvrqd.zip
2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Thunderbird
2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Local\Thunderbird
2015-05-20 20:43 - 2015-05-20 20:43 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-05-20 20:43 - 2015-05-20 20:43 - 00002032 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-05-20 20:43 - 2015-05-20 20:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-05-20 20:39 - 2015-05-20 20:39 - 01196832 _____ C:\Users\Marc\Downloads\Thunderbird - CHIP-Installer.exe
2015-05-20 20:31 - 2015-05-20 20:32 - 28745048 _____ (Mozilla) C:\Users\Marc\Downloads\Thunderbird Setup 31.7.0.exe
2015-05-19 21:44 - 2015-05-19 21:44 - 00000000 ____D C:\windows\system32\IPM
2015-05-18 20:27 - 2015-06-03 18:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-16 15:10 - 2015-05-16 15:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Marc\Downloads\flashplayer17au_ha_install.exe
2015-05-15 23:21 - 2015-05-15 23:21 - 00001069 _____ C:\Users\Public\Desktop\MindManager Smart.lnk
2015-05-15 23:21 - 2015-05-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MindManager Smart
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D C:\Program Files\Mindjet
2015-05-15 21:32 - 2015-05-15 21:32 - 04387772 _____ C:\Users\Marc\Downloads\mmsm21-g-3.exe
2015-05-15 21:29 - 2015-05-15 21:29 - 01967210 _____ C:\Users\Marc\Desktop\JIM.pptx
2015-05-12 23:25 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:47 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 21:47 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 21:47 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 21:47 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 21:47 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 21:47 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 21:47 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 21:47 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 21:47 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 21:47 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 21:47 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 21:47 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 21:47 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 21:47 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 21:47 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 21:47 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 21:47 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 21:47 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:47 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 21:47 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:47 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 21:47 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 21:47 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 21:47 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 21:47 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 21:47 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 21:47 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 21:47 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 21:47 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 21:47 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 21:47 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 21:47 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 21:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 21:45 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-12 21:45 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 21:45 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:45 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 21:45 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 21:45 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 21:45 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 21:45 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 21:45 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 21:45 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 21:45 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 21:45 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 21:45 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 21:45 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 21:45 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 21:44 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 21:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 21:44 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 21:44 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 21:44 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 21:43 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 21:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 21:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 21:42 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 21:42 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 21:38 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 20:57 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc
2015-06-03 20:57 - 2013-07-27 21:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 20:25 - 2014-01-03 18:15 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 20:12 - 2014-01-03 18:15 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 19:14 - 2010-03-05 06:56 - 00000000 ____D C:\Program Files\Google
2015-06-03 18:39 - 2013-03-12 20:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 18:36 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-06-03 18:33 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-03 18:33 - 2009-07-14 06:39 - 00187073 _____ C:\windows\setupact.log
2015-06-02 22:11 - 2010-03-05 06:29 - 02081827 _____ C:\windows\WindowsUpdate.log
2015-06-02 20:03 - 2010-06-27 13:18 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\EndNote
2015-06-02 20:01 - 2010-06-25 20:31 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-31 19:08 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-05-31 11:51 - 2009-07-26 22:06 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-05-20 21:15 - 2015-04-04 23:03 - 00000000 ___SD C:\windows\system32\GWX
2015-05-20 19:53 - 2010-03-05 07:55 - 00982948 _____ C:\windows\PFRO.log
2015-05-16 15:11 - 2014-08-19 22:10 - 00000000 ____D C:\Users\Marc\AppData\Local\Adobe
2015-05-16 15:11 - 2013-07-27 21:54 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-16 15:11 - 2013-07-27 21:54 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 10:18 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2015-05-13 23:10 - 2010-03-06 00:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 22:40 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-05-13 19:59 - 2009-07-14 06:33 - 00425312 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-12 23:25 - 2010-06-25 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-12 23:22 - 2013-10-25 00:47 - 00000000 ____D C:\windows\system32\MRT
2015-05-12 23:15 - 2010-06-28 23:21 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 23:11 - 2013-07-27 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:11 - 2010-06-25 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-07 19:29 - 2013-07-27 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 19:27 - 2013-07-27 21:39 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-07 19:27 - 2013-07-27 21:39 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-07 19:27 - 2013-07-27 21:39 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

==================== Files in the root of some directories =======

2013-10-30 20:00 - 2014-06-29 10:02 - 0000155 _____ () C:\Users\Marc\AppData\Roaming\default.rss
2010-06-25 20:32 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-03-05 06:36 - 2010-03-05 06:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-03-05 06:35 - 2010-03-05 06:35 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-03-05 06:32 - 2010-03-05 06:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-05 06:36 - 2010-03-05 06:36 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-03-05 06:31 - 2010-03-05 06:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-05 06:33 - 2010-03-05 06:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\AskSLib.dll
C:\Users\Caroline\AppData\Local\Temp\avgnt.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Caroline\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Caroline\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Caroline\AppData\Local\Temp\tmp2184.exe
C:\Users\Caroline\AppData\Local\Temp\tmp421E.exe
C:\Users\Caroline\AppData\Local\Temp\tmp4568.exe
C:\Users\Caroline\AppData\Local\Temp\_is241.exe
C:\Users\Marc\AppData\Local\Temp\avgnt.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Marc\AppData\Local\Temp\_is476B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 19:14

==================== End of log ============================

schrauber 03.06.2015 20:59
HI,

Addition.txt fehlt noch :)

Marc.223 03.06.2015 21:04
Sorry, Hier kommt es:

[CODE]
FRST Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Marc at 2015-06-03 21:05:05
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2339853823-2107313754-116825072-500 - Administrator - Disabled)
Caroline *** (S-1-5-21-2339853823-2107313754-116825072-1000 - Administrator - Enabled) => C:\Users\Caroline ***
Gast (S-1-5-21-2339853823-2107313754-116825072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2339853823-2107313754-116825072-1002 - Limited - Enabled)
Marc (S-1-5-21-2339853823-2107313754-116825072-1006 - Administrator - Enabled) => C:\Users\Marc
UpdatusUser (S-1-5-21-2339853823-2107313754-116825072-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Brother MFL-Pro Suite MFC-J625DW (HKLM\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
CambridgeSoft ChemBioOffice Ultra 2008 (HKLM\...\InstallShield_{259A1B71-CA82-4A92-8178-A7FFF58E9853}) (Version: 11.0 - CambridgeSoft Corporation)
CambridgeSoft ChemBioOffice Ultra 2008 (Version: 11.0 - CambridgeSoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy Utility (HKLM\...\Copy Utility) (Version:  - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623p) (Version: 13.2.0.8623p - Landesfinanzdirektion Thüringen)
EndNote X1 (HKLM\...\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}) (Version: 11.0.0.2571 - Thomson ResearchSoft)
Eudora (HKLM\...\{578172E1-A9E0-4396-A4CC-CA899D876553}) (Version: 7.0 - )
Garmin Express (HKLM\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1003 - Intel Corporation)
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version:  - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version:  - )
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MindManager Smart (HKLM\...\MindManager Smart) (Version: 2.1.3 - Mindjet LLC)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NAVIGON Fresh 3.2.0 (HKLM\...\NAVIGON Fresh) (Version: 3.2.0 - NAVIGON)
Nero 9 (HKLM\...\{71ee24fa-ba3c-4c03-ae49-48b59428bc5a}) (Version:  - Nero AG)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: 1.00.999 - Ubisoft)
Prince of Persia The Sands of Time (HKLM\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Prince of Persia The Two Thrones (Version: 1.00.999 - Ubisoft) Hidden
Prince of Persia Warrior Within (HKLM\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM\...\{0A353130-D22C-41DD-8C67-1B02A05F2CE0}) (Version: 1.1.0 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (Version:  - ) Hidden
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Urban Chaos (HKLM\...\Urban Chaos) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2339853823-2107313754-116825072-1006_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Marc\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)

==================== Restore Points =========================

20-05-2015 21:15:06 Windows Update
26-05-2015 16:17:09 Windows Update
29-05-2015 19:49:23 Windows Update
02-06-2015 19:22:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E2DBF9-F794-4F4D-916B-4FF56B1D6ACD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0749876F-C8DA-469E-B4C9-260EFFD90482} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {1B86C506-262B-429B-8D50-80E18E2532FA} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {1DBA0153-A7D5-4A09-B3B2-AAD2C33C64EE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {25B852AF-0F08-417D-A112-DD474B4238F8} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {2698F583-8292-4842-ACE0-263676E8B628} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3852EB95-4A78-4D0A-A9D4-78AEACD434C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.)
Task: {568DB946-276D-43C4-98F6-04A05FC7ECB3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2339853823-2107313754-116825072-1006
Task: {5E031ED4-9050-43E9-ACB7-6E8AC800AB5C} - System32\Tasks\{C16C7085-5259-43C5-84A0-E69126983961} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {6378EDF5-B3D1-4A49-A0C8-B161AED57A67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {780D0A95-31DA-41FE-81A0-BFBFF223F0EF} - System32\Tasks\{ACA5797F-A02B-4315-80FD-C636E50C338E} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {847E484E-484F-49A1-9C1F-F8D4B9301960} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {85432527-CE8D-4EEF-A10F-D3CFF47DF566} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {A262B463-C260-4781-909F-C756859A9E66} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {A4088ABB-4A51-4008-B82E-7E49EAB1B531} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-16] (Adobe Systems Incorporated)
Task: {A4CF8FB5-D95D-47F1-8457-7B5D31CE027F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4ACCC81-8EFF-48D3-9CC7-B84D9A67C44D} - System32\Tasks\{86865023-9624-403A-8626-6827FA7E0FC7} => C:\Program Files\UBISOFT\Prince of Persia T2T\PrinceOfPersia.exe [2005-11-14] (UBISOFT)
Task: {C5916ECB-44E9-4E86-8AD0-645EA556D6B1} - System32\Tasks\{3CDADD87-17EC-4F5B-ADE5-ECB7F14BFF3B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {C653CBBB-78D5-46AA-B7BA-99E64B7FF124} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {CA9D89EC-8546-49D6-9401-DAFAD8F6FBA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.)
Task: {CC9DF44D-CBB5-4AE5-8A89-DEDA5CF44EF5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {CEEA1937-5644-4F73-ACCF-F96476C92D0D} - System32\Tasks\{3CECFE6E-F5D3-4756-BB85-59ABE1046913} => pcalua.exe -a E:\Patch_Game\Install2.exe -d E:\Patch_Game
Task: {CFEE7800-B862-4E0C-AA77-CB0A1DA9D9DC} - System32\Tasks\{84D974F3-995F-4877-947B-0C0F97385E3C} => pcalua.exe -a "C:\Users\Caroline ***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KRVRDUZ\JavaSetup6u22[2].exe" -d "C:\Users\Caroline ***\Desktop"
Task: {D907D439-A03E-4D08-B861-C10484AFFAE1} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {EF9115D0-BEDA-4C44-B7B0-2A3D790C31D8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-18 21:34 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-11-15 20:31 - 2009-11-15 20:31 - 00049152 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00019968 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00011264 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00015360 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00102400 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00025088 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2009-11-15 20:25 - 2009-11-15 20:25 - 00016384 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2009-11-15 20:29 - 2009-11-15 20:29 - 00716800 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00025600 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00026112 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2009-11-15 20:26 - 2009-11-15 20:26 - 00536576 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2010-03-05 06:29 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2010-03-05 06:34 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-03-05 06:38 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-07-27 22:17 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-10-27 17:54 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-10-30 00:01 - 2013-09-05 11:59 - 00023784 _____ () C:\Users\Marc\AppData\Local\Temp\cleaner\rcNwLoad_de.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Marc\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50AD84C6-CB9F-4960-975D-204E09E70424}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{73A89CE8-C770-4A9C-AA94-515609E7CA3D}] => (Allow) C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{6528E41A-0AFF-4D0C-9924-6B475AFD85BC}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{946287B3-DD28-45DB-9D84-E1117E1130E7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F29FACAB-A5EC-495E-BBCC-21A7C1E133AE}] => (Allow) svchost.exe
FirewallRules: [{427ECCEB-8DE8-4203-8D80-40333E6293BF}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{4865749E-7B8D-4CFC-9F91-FCAEACDA5401}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{60BC5F66-26E8-4C1C-9AFC-E6AFB692D357}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{0EAE4CE7-9C9F-43B0-9602-49B1B177D048}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{D64BA38D-9733-49ED-A0EB-D8C3C12702ED}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{196EDCA6-83C8-457B-B4AA-AF07514FF7E4}C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe
FirewallRules: [UDP Query User{95A21D70-4CA0-4097-8A0E-585EFE8C2889}C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe] => (Block) C:\program files\cambridgesoft\chemoffice2008\chemfinder\chemfinder.exe
FirewallRules: [{3B14570E-FD92-4663-A48A-B8CD39EF671B}] => (Allow) C:\Program Files\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{58D59B8C-BC4B-4ECD-9C29-C80D00CD8F86}] => (Allow) C:\Program Files\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{FDFE41B5-D570-4962-9F30-306364F4B6FC}] => (Allow) LPort=54925
FirewallRules: [{8E14E87C-645B-48FE-9550-A1783F046C5A}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2956DE90-2D4A-417B-AC1A-83AE7963D721}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B301959E-FCB6-49DF-BE5A-DE2AED81EA91}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1B414D3A-BE4F-44E9-ACF7-DBE8F77797D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{03B4E052-4F50-4C3D-8F89-FC9EEC1BB1FA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{92176855-11AF-4EB3-8E21-6C973844A039}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{096BE2EB-5976-4125-B2CE-3AF451B1DC6A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{128A0223-06FF-4824-8EFF-EAFA899FCFEF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 07:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2015 07:16:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2015 07:16:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2015 06:35:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:35:22.771]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/03/2015 06:34:47 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:34:47.546]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/03/2015 06:34:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:34:12.321]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/03/2015 06:33:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/03 18:33:37.096]: [00002240]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/02/2015 10:11:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:11:01.238]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/02/2015 10:10:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:10:26.019]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error

Error: (06/02/2015 10:09:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/06/02 22:09:50.909]: [00003284]: GetDeviceIpAddress: GetAddressByName [BRW9439E50BD2F4] Error


System errors:
=============
Error: (06/03/2015 06:33:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 06:33:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfsync02

Error: (06/03/2015 06:33:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (06/03/2015 06:32:45 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (06/02/2015 07:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/02/2015 07:16:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfsync02

Error: (06/02/2015 07:15:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (06/02/2015 07:15:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/02/2015 07:15:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (06/02/2015 07:14:31 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.


Microsoft Office:
=========================
Error: (12/17/2014 08:14:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 204 seconds with 120 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-03-12 20:09:04.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-12 19:49:13.881
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-12 19:38:26.037
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-12 19:26:56.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-10 20:51:30.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-10 20:44:02.406
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-08 21:09:44.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-08 20:16:25.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-02 18:37:47.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-10 12:00:54.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 51%
Total physical RAM: 3060.55 MB
Available physical RAM: 1469.62 MB
Total Pagefile: 6119.41 MB
Available Pagefile: 4195.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:101.88 GB) (Free:22.78 GB) NTFS
Drive d: () (Fixed) (Total:181.12 GB) (Free:17.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B0FD1CB0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=181.1 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

Und hier das LOG von Defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:57 on 03/06/2015 (Marc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Und das File von Gmer:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-03 21:27:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Marc\AppData\Local\Temp\pflcapow.sys


---- System - GMER 2.1 ----

SSDT            920E8F66                                                                                          ZwCreateSection
SSDT            920E8F3E                                                                                          ZwCreateSymbolicLinkObject
SSDT            920E8F43                                                                                          ZwLoadDriver
SSDT            920E8F39                                                                                          ZwOpenSection
SSDT            920E8F70                                                                                          ZwRequestWaitReplyPort
SSDT            920E8F6B                                                                                          ZwSetContextThread
SSDT            920E8F75                                                                                          ZwSetSecurityObject
SSDT            920E8F48                                                                                          ZwSetSystemInformation
SSDT            920E8F7A                                                                                          ZwSystemDebugControl
SSDT            920E8F07                                                                                          ZwTerminateProcess
SSDT            920E8F02                                                                                          ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRequestPort + 14AD                                                                83859BB5 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            83893B92 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              8389B0BC 4 Bytes  [66, 8F, 0E, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              8389B0C4 4 Bytes  [3E, 8F, 0E, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                              8389B1D8 4 Bytes  [43, 8F, 0E, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                              8389B274 4 Bytes  [39, 8F, 0E, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              8389B418 4 Bytes  [70, 8F, 0E, 92] {JO 0xffffff91; PUSH CS; XCHG EDX, EAX}
.text          ...                                                                                             

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtCreateFile                        76F75620 5 Bytes  JMP 543D0BCB C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtFlushBuffersFile                  76F759B0 5 Bytes  JMP 543D0916 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtQueryFullAttributesFile            76F76040 5 Bytes  JMP 543D0A43 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtReadFile                          76F76310 5 Bytes  JMP 543D0950 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtReadFileScatter                    76F76320 5 Bytes  JMP 546E9BCE C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtWriteFile                          76F76AC0 5 Bytes  JMP 543D0D6F C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!NtWriteFileGather                    76F76AD0 5 Bytes  JMP 546E9C1E C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] ntdll.dll!LdrLoadDll                          76F924C6 5 Bytes  JMP 6F6F921C C:\Program Files\Mozilla Firefox\mozglue.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  76E994E6 7 Bytes  JMP 546D5622 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!QueryPerformanceCounter + 13      76E9C4E5 7 Bytes  JMP 546D6DFA C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] kernel32.dll!LoadAppInitDlls + 355            76E9F5A6 7 Bytes  JMP 54476358 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] USER32.dll!GetWindowInfo                      75464B5E 5 Bytes  JMP 550E8E4A C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4160] GDI32.dll!GetViewportOrgEx + 26C              7708884B 7 Bytes  JMP 546D3E16 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) 
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active               
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@94F30138      2494

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 04.06.2015 11:15
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Marc.223 04.06.2015 12:55
Hallo, erstmal vielen Dank für deine schnellen Rückmeldungen!

Ich habe ein Problem beim scannen mit Malwarebytes...
Der Scan startet und wird auch bis zum Ende durchgeführt. Dann erscheint eine Fehlermeldung "An Error occured" und das Programm reagiert nicht mehr und wird beendet. Es wird auch kein Log-File erstellt. Ich komme nicht bis zum Clean-up!

TDSSKiller habe ich durchgeführt, ohne etwas zu finden: Hier der Report:

Code:
13:42:26.0048 0x06d4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:42:31.0940 0x06d4  ============================================================
13:42:31.0940 0x06d4  Current date / time: 2015/06/04 13:42:31.0940
13:42:31.0940 0x06d4  SystemInfo:
13:42:31.0940 0x06d4 
13:42:31.0940 0x06d4  OS Version: 6.1.7601 ServicePack: 1.0
13:42:31.0940 0x06d4  Product type: Workstation
13:42:31.0940 0x06d4  ComputerName: C***
13:42:31.0941 0x06d4  UserName: Marc
13:42:31.0941 0x06d4  Windows directory: C:\windows
13:42:31.0941 0x06d4  System windows directory: C:\windows
13:42:31.0941 0x06d4  Processor architecture: Intel x86
13:42:31.0941 0x06d4  Number of processors: 4
13:42:31.0941 0x06d4  Page size: 0x1000
13:42:31.0941 0x06d4  Boot type: Normal boot
13:42:31.0941 0x06d4  ============================================================
13:42:32.0287 0x06d4  KLMD registered as C:\windows\system32\drivers\71901026.sys
13:42:32.0590 0x06d4  System UUID: {5EB7D5DB-5B9C-9A43-66A4-67E9DC50BE1A}
13:42:33.0349 0x06d4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:42:33.0414 0x06d4  ============================================================
13:42:33.0414 0x06d4  \Device\Harddisk0\DR0:
13:42:33.0444 0x06d4  MBR partitions:
13:42:33.0444 0x06d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
13:42:33.0444 0x06d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xCBC0800
13:42:33.0444 0x06d4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE9F3000, BlocksNum 0x16A3B000
13:42:33.0444 0x06d4  ============================================================
13:42:33.0576 0x06d4  C: <-> \Device\Harddisk0\DR0\Partition2
13:42:33.0687 0x06d4  D: <-> \Device\Harddisk0\DR0\Partition3
13:42:33.0718 0x06d4  ============================================================
13:42:33.0718 0x06d4  Initialize success
13:42:33.0718 0x06d4  ============================================================
13:44:11.0203 0x1668  ============================================================
13:44:11.0203 0x1668  Scan started
13:44:11.0203 0x1668  Mode: Manual; SigCheck; TDLFS;
13:44:11.0203 0x1668  ============================================================
13:44:11.0203 0x1668  KSN ping started
13:44:25.0040 0x1668  KSN ping finished: true
13:44:25.0758 0x1668  ================ Scan system memory ========================
13:44:25.0758 0x1668  System memory - ok
13:44:25.0758 0x1668  ================ Scan services =============================
13:44:25.0976 0x1668  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
13:44:26.0148 0x1668  1394ohci - ok
13:44:26.0226 0x1668  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:44:26.0257 0x1668  ACPI - ok
13:44:26.0273 0x1668  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
13:44:26.0366 0x1668  AcpiPmi - ok
13:44:26.0507 0x1668  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:26.0538 0x1668  AdobeARMservice - ok
13:44:26.0616 0x1668  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:26.0663 0x1668  AdobeFlashPlayerUpdateSvc - ok
13:44:26.0725 0x1668  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
13:44:26.0756 0x1668  adp94xx - ok
13:44:26.0772 0x1668  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
13:44:26.0787 0x1668  adpahci - ok
13:44:26.0819 0x1668  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
13:44:26.0834 0x1668  adpu320 - ok
13:44:26.0865 0x1668  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
13:44:26.0928 0x1668  AeLookupSvc - ok
13:44:27.0006 0x1668  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD            C:\windows\system32\drivers\afd.sys
13:44:27.0068 0x1668  AFD - ok
13:44:27.0099 0x1668  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
13:44:27.0131 0x1668  agp440 - ok
13:44:27.0193 0x1668  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx        C:\windows\system32\DRIVERS\djsvs.sys
13:44:27.0224 0x1668  aic78xx - ok
13:44:27.0255 0x1668  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG            C:\windows\System32\alg.exe
13:44:27.0318 0x1668  ALG - ok
13:44:27.0349 0x1668  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
13:44:27.0365 0x1668  aliide - ok
13:44:27.0380 0x1668  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
13:44:27.0396 0x1668  amdagp - ok
13:44:27.0427 0x1668  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
13:44:27.0427 0x1668  amdide - ok
13:44:27.0458 0x1668  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
13:44:27.0505 0x1668  AmdK8 - ok
13:44:27.0521 0x1668  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
13:44:27.0536 0x1668  AmdPPM - ok
13:44:27.0583 0x1668  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata        C:\windows\system32\drivers\amdsata.sys
13:44:27.0614 0x1668  amdsata - ok
13:44:27.0630 0x1668  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
13:44:27.0661 0x1668  amdsbs - ok
13:44:27.0677 0x1668  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata        C:\windows\system32\drivers\amdxata.sys
13:44:27.0677 0x1668  amdxata - ok
13:44:27.0864 0x1668  [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
13:44:27.0895 0x1668  AntiVirMailService - ok
13:44:28.0004 0x1668  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:44:28.0035 0x1668  AntiVirSchedulerService - ok
13:44:28.0129 0x1668  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:44:28.0160 0x1668  AntiVirService - ok
13:44:28.0238 0x1668  [ 266C0506DF8BA3990E12885E64EE4420, 60995CFE54B8594179BEAB06C4498CBF997B0C85147E5DD747CE238C89F6979D ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:44:28.0285 0x1668  AntiVirWebService - ok
13:44:28.0394 0x1668  [ 2BB7E9A887F26CDB5C19C76636E85394, 21E22E750DA3682511D1DD906414D7C74B63BAAF8BB9694393465B396201BB4F ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
13:44:28.0425 0x1668  APNMCP - ok
13:44:28.0457 0x1668  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID          C:\windows\system32\drivers\appid.sys
13:44:28.0503 0x1668  AppID - ok
13:44:28.0550 0x1668  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:44:28.0581 0x1668  AppIDSvc - ok
13:44:28.0613 0x1668  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo        C:\windows\System32\appinfo.dll
13:44:28.0659 0x1668  Appinfo - ok
13:44:28.0691 0x1668  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc            C:\windows\system32\DRIVERS\arc.sys
13:44:28.0722 0x1668  arc - ok
13:44:28.0753 0x1668  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
13:44:28.0769 0x1668  arcsas - ok
13:44:28.0893 0x1668  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:44:28.0925 0x1668  aspnet_state - ok
13:44:28.0956 0x1668  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:44:29.0081 0x1668  AsyncMac - ok
13:44:29.0143 0x1668  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi          C:\windows\system32\drivers\atapi.sys
13:44:29.0174 0x1668  atapi - ok
13:44:29.0361 0x1668  [ 49F17A2E79469BE6581D491706720671, C6D1497847286A0C63779B27F730526235250D2113B4BED66AF630DC1CF22527 ] athr            C:\windows\system32\DRIVERS\athr.sys
13:44:29.0564 0x1668  athr - ok
13:44:29.0658 0x1668  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:44:29.0705 0x1668  AudioEndpointBuilder - ok
13:44:29.0720 0x1668  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\windows\System32\Audiosrv.dll
13:44:29.0751 0x1668  Audiosrv - ok
13:44:29.0751 0x1668  AVFSFilter - ok
13:44:29.0829 0x1668  [ EC17E91BC9026C5ED580FB2B13E341AB, 2D9421AE05F3D4A8DBD69D73B4B562EA4F93FBD12AB2F77C52DA8B411626EBF1 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
13:44:29.0876 0x1668  avgntflt - ok
13:44:29.0923 0x1668  [ 7BAA36ED6C6098899D9E1269A61085C3, 2D101F1C6C79B0BD722BDB5939344F65728EC2F5B747B6619640775E6FDEFC0A ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
13:44:29.0939 0x1668  avipbb - ok
13:44:30.0048 0x1668  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
13:44:30.0079 0x1668  Avira.OE.ServiceHost - ok
13:44:30.0110 0x1668  [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
13:44:30.0126 0x1668  avkmgr - ok
13:44:30.0173 0x1668  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:44:30.0375 0x1668  AxInstSV - ok
13:44:30.0438 0x1668  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv        C:\windows\system32\DRIVERS\bxvbdx.sys
13:44:30.0500 0x1668  b06bdrv - ok
13:44:30.0578 0x1668  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
13:44:30.0641 0x1668  b57nd60x - ok
13:44:30.0750 0x1668  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
13:44:30.0828 0x1668  BDESVC - ok
13:44:30.0875 0x1668  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
13:44:30.0921 0x1668  Beep - ok
13:44:31.0093 0x1668  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE            C:\windows\System32\bfe.dll
13:44:31.0187 0x1668  BFE - ok
13:44:31.0265 0x1668  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
13:44:31.0421 0x1668  BITS - ok
13:44:31.0452 0x1668  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
13:44:31.0467 0x1668  blbdrive - ok
13:44:31.0514 0x1668  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:44:31.0561 0x1668  bowser - ok
13:44:31.0577 0x1668  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
13:44:31.0639 0x1668  BrFiltLo - ok
13:44:31.0655 0x1668  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
13:44:31.0686 0x1668  BrFiltUp - ok
13:44:31.0717 0x1668  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser        C:\windows\System32\browser.dll
13:44:31.0779 0x1668  Browser - ok
13:44:31.0873 0x1668  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid        C:\windows\System32\Drivers\Brserid.sys
13:44:32.0045 0x1668  Brserid - ok
13:44:32.0091 0x1668  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
13:44:32.0201 0x1668  BrSerWdm - ok
13:44:32.0216 0x1668  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
13:44:32.0279 0x1668  BrUsbMdm - ok
13:44:32.0310 0x1668  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
13:44:32.0357 0x1668  BrUsbSer - ok
13:44:32.0606 0x1668  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc        C:\Program Files\Browny02\BrYNSvc.exe
13:44:32.0684 0x1668  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:44:35.0367 0x1668  Detect skipped due to KSN trusted
13:44:35.0367 0x1668  BrYNSvc - ok
13:44:35.0445 0x1668  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
13:44:35.0477 0x1668  BthEnum - ok
13:44:35.0586 0x1668  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
13:44:35.0617 0x1668  BTHMODEM - ok
13:44:35.0648 0x1668  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
13:44:35.0679 0x1668  BthPan - ok
13:44:35.0792 0x1668  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
13:44:35.0837 0x1668  BTHPORT - ok
13:44:35.0877 0x1668  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv        C:\windows\system32\bthserv.dll
13:44:35.0967 0x1668  bthserv - ok
13:44:35.0997 0x1668  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
13:44:36.0027 0x1668  BTHUSB - ok
13:44:36.0067 0x1668  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:44:36.0117 0x1668  cdfs - ok
13:44:36.0187 0x1668  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom          C:\windows\system32\drivers\cdrom.sys
13:44:36.0237 0x1668  cdrom - ok
13:44:36.0287 0x1668  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc    C:\windows\System32\certprop.dll
13:44:36.0348 0x1668  CertPropSvc - ok
13:44:36.0379 0x1668  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
13:44:36.0395 0x1668  circlass - ok
13:44:36.0441 0x1668  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\windows\system32\CLFS.sys
13:44:36.0473 0x1668  CLFS - ok
13:44:36.0535 0x1668  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:36.0582 0x1668  clr_optimization_v2.0.50727_32 - ok
13:44:36.0629 0x1668  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:36.0644 0x1668  clr_optimization_v4.0.30319_32 - ok
13:44:36.0675 0x1668  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
13:44:36.0707 0x1668  CmBatt - ok
13:44:36.0753 0x1668  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
13:44:36.0769 0x1668  cmdide - ok
13:44:36.0816 0x1668  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG            C:\windows\system32\Drivers\cng.sys
13:44:36.0847 0x1668  CNG - ok
13:44:36.0878 0x1668  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
13:44:36.0894 0x1668  Compbatt - ok
13:44:36.0987 0x1668  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
13:44:37.0050 0x1668  CompositeBus - ok
13:44:37.0112 0x1668  COMSysApp - ok
13:44:37.0128 0x1668  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
13:44:37.0159 0x1668  crcdisk - ok
13:44:37.0253 0x1668  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:44:37.0284 0x1668  CryptSvc - ok
13:44:37.0409 0x1668  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
13:44:37.0502 0x1668  DcomLaunch - ok
13:44:37.0611 0x1668  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc      C:\windows\System32\defragsvc.dll
13:44:37.0689 0x1668  defragsvc - ok
13:44:37.0767 0x1668  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
13:44:37.0845 0x1668  DfsC - ok
13:44:37.0970 0x1668  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:44:38.0064 0x1668  Dhcp - ok
13:44:38.0251 0x1668  [ E95DE5B790B2D16706DAC8472E51F31A, 9D7A72742D369B9F0E4ACEC9C1850D0D60E975AEBEFF5BA06B954EA3AB3E9FF6 ] DiagTrack      C:\windows\system32\diagtrack.dll
13:44:38.0360 0x1668  DiagTrack - ok
13:44:38.0407 0x1668  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
13:44:38.0469 0x1668  discache - ok
13:44:38.0579 0x1668  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
13:44:40.0497 0x1668  Disk - ok
13:44:40.0575 0x1668  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:44:40.0778 0x1668  Dnscache - ok
13:44:40.0887 0x1668  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc        C:\windows\System32\dot3svc.dll
13:44:41.0043 0x1668  dot3svc - ok
13:44:41.0168 0x1668  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS            C:\windows\system32\dps.dll
13:44:41.0277 0x1668  DPS - ok
13:44:41.0371 0x1668  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
13:44:41.0558 0x1668  drmkaud - ok
13:44:41.0683 0x1668  dtpd - ok
13:44:41.0948 0x1668  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
13:44:42.0089 0x1668  DXGKrnl - ok
13:44:42.0229 0x1668  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost        C:\windows\System32\eapsvc.dll
13:44:42.0385 0x1668  EapHost - ok
13:44:42.0775 0x1668  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv          C:\windows\system32\DRIVERS\evbdx.sys
13:44:43.0212 0x1668  ebdrv - ok
13:44:43.0243 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] EFS            C:\windows\System32\lsass.exe
13:44:43.0337 0x1668  EFS - ok
13:44:43.0508 0x1668  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr        C:\windows\ehome\ehRecvr.exe
13:44:43.0758 0x1668  ehRecvr - ok
13:44:43.0805 0x1668  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched        C:\windows\ehome\ehsched.exe
13:44:43.0914 0x1668  ehSched - ok
13:44:43.0976 0x1668  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
13:44:44.0039 0x1668  elxstor - ok
13:44:44.0117 0x1668  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
13:44:44.0273 0x1668  ErrDev - ok
13:44:44.0335 0x1668  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem    C:\windows\system32\es.dll
13:44:44.0397 0x1668  EventSystem - ok
13:44:44.0507 0x1668  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat          C:\windows\system32\drivers\exfat.sys
13:44:44.0600 0x1668  exfat - ok
13:44:44.0631 0x1668  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat        C:\windows\system32\drivers\fastfat.sys
13:44:44.0709 0x1668  fastfat - ok
13:44:44.0787 0x1668  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax            C:\windows\system32\fxssvc.exe
13:44:44.0943 0x1668  Fax - ok
13:44:44.0990 0x1668  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc            C:\windows\system32\DRIVERS\fdc.sys
13:44:45.0037 0x1668  fdc - ok
13:44:45.0084 0x1668  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost        C:\windows\system32\fdPHost.dll
13:44:45.0146 0x1668  fdPHost - ok
13:44:45.0177 0x1668  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
13:44:45.0255 0x1668  FDResPub - ok
13:44:45.0287 0x1668  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:44:45.0333 0x1668  FileInfo - ok
13:44:45.0333 0x1668  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
13:44:45.0411 0x1668  Filetrace - ok
13:44:45.0599 0x1668  [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:44:45.0786 0x1668  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
13:44:48.0469 0x1668  Detect skipped due to KSN trusted
13:44:48.0469 0x1668  FLEXnet Licensing Service - ok
13:44:48.0516 0x1668  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
13:44:48.0609 0x1668  flpydisk - ok
13:44:48.0641 0x1668  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:44:48.0687 0x1668  FltMgr - ok
13:44:48.0797 0x1668  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache      C:\windows\system32\FntCache.dll
13:44:48.0937 0x1668  FontCache - ok
13:44:48.0999 0x1668  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:44:49.0046 0x1668  FontCache3.0.0.0 - ok
13:44:49.0093 0x1668  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
13:44:49.0155 0x1668  FsDepends - ok
13:44:49.0187 0x1668  [ B74B0578FD1D3F897E95F2A2B69EA051, 64FCA8452CB37D55679AC8BEF221D6BA1D91E50680D37FFCFB81619ADAA5889C ] fssfltr        C:\windows\system32\DRIVERS\fssfltr.sys
13:44:49.0249 0x1668  fssfltr - ok
13:44:49.0327 0x1668  [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:44:49.0405 0x1668  fsssvc - ok
13:44:49.0452 0x1668  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:44:49.0483 0x1668  Fs_Rec - ok
13:44:49.0545 0x1668  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:44:49.0655 0x1668  fvevol - ok
13:44:49.0686 0x1668  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
13:44:49.0748 0x1668  gagp30kx - ok
13:44:49.0889 0x1668  [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:44:49.0904 0x1668  Garmin Core Update Service - ok
13:44:49.0951 0x1668  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc          C:\windows\System32\gpsvc.dll
13:44:50.0076 0x1668  gpsvc - ok
13:44:50.0201 0x1668  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:50.0232 0x1668  gupdate - ok
13:44:50.0263 0x1668  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:50.0294 0x1668  gupdatem - ok
13:44:50.0310 0x1668  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
13:44:50.0403 0x1668  hcw85cir - ok
13:44:50.0513 0x1668  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:44:50.0669 0x1668  HdAudAddService - ok
13:44:50.0700 0x1668  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
13:44:50.0747 0x1668  HDAudBus - ok
13:44:50.0778 0x1668  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
13:44:50.0809 0x1668  HidBatt - ok
13:44:50.0825 0x1668  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
13:44:50.0903 0x1668  HidBth - ok
13:44:50.0934 0x1668  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
13:44:51.0012 0x1668  HidIr - ok
13:44:51.0027 0x1668  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv        C:\windows\system32\hidserv.dll
13:44:51.0121 0x1668  hidserv - ok
13:44:51.0168 0x1668  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
13:44:51.0277 0x1668  HidUsb - ok
13:44:51.0308 0x1668  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
13:44:51.0417 0x1668  hkmsvc - ok
13:44:51.0449 0x1668  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:44:51.0527 0x1668  HomeGroupListener - ok
13:44:51.0573 0x1668  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:44:51.0667 0x1668  HomeGroupProvider - ok
13:44:51.0714 0x1668  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:44:51.0776 0x1668  HpSAMD - ok
13:44:51.0854 0x1668  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:44:51.0979 0x1668  HTTP - ok
13:44:52.0010 0x1668  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:44:52.0073 0x1668  hwpolicy - ok
13:44:52.0119 0x1668  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
13:44:52.0197 0x1668  i8042prt - ok
13:44:52.0260 0x1668  [ EDF5ECC965FAAA533D35E02F47B9132E, 09CF93344C399A5F3C3984557EE09A70072727579D3EFEE5D442940D679CF35A ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
13:44:52.0291 0x1668  iaStor - ok
13:44:52.0369 0x1668  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
13:44:52.0447 0x1668  iaStorV - ok
13:44:52.0541 0x1668  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc          C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:44:52.0619 0x1668  idsvc - ok
13:44:52.0650 0x1668  IEEtwCollectorService - ok
13:44:52.0899 0x1668  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
13:44:53.0227 0x1668  igfx - ok
13:44:53.0289 0x1668  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
13:44:53.0352 0x1668  iirsp - ok
13:44:53.0352 0x1668  iked - ok
13:44:53.0430 0x1668  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
13:44:53.0523 0x1668  IKEEXT - ok
13:44:53.0601 0x1668  [ 4A31216A5E97D46EE06069D9E06428FA, 90DA208F12EBB12324B62A982F077447A31A696612C36CB65488B9F342299D4B ] Impcd          C:\windows\system32\DRIVERS\Impcd.sys
13:44:53.0711 0x1668  Impcd - ok
13:44:53.0882 0x1668  [ 96282FBCE4534C9BF147CFFE9E1FA8DB, 91801002545FFF336A46A6D8B365491D2A21DD561DC8C7FA1EF6A1D9CFE1893C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:44:54.0038 0x1668  IntcAzAudAddService - ok
13:44:54.0085 0x1668  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
13:44:54.0147 0x1668  intelide - ok
13:44:54.0210 0x1668  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
13:44:54.0288 0x1668  intelppm - ok
13:44:54.0319 0x1668  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum      C:\windows\system32\ipbusenum.dll
13:44:54.0428 0x1668  IPBusEnum - ok
13:44:54.0459 0x1668  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:44:54.0553 0x1668  IpFilterDriver - ok
13:44:54.0631 0x1668  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:44:54.0709 0x1668  iphlpsvc - ok
13:44:54.0740 0x1668  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
13:44:54.0787 0x1668  IPMIDRV - ok
13:44:54.0818 0x1668  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT          C:\windows\system32\drivers\ipnat.sys
13:44:54.0912 0x1668  IPNAT - ok
13:44:54.0912 0x1668  ipsecd - ok
13:44:54.0943 0x1668  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:44:55.0068 0x1668  IRENUM - ok
13:44:55.0083 0x1668  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:44:55.0146 0x1668  isapnp - ok
13:44:55.0177 0x1668  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
13:44:55.0224 0x1668  iScsiPrt - ok
13:44:55.0271 0x1668  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
13:44:55.0333 0x1668  kbdclass - ok
13:44:55.0395 0x1668  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
13:44:55.0458 0x1668  kbdhid - ok
13:44:55.0489 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] KeyIso          C:\windows\system32\lsass.exe
13:44:55.0505 0x1668  KeyIso - ok
13:44:55.0551 0x1668  [ 6DD2A1064DD8AFBED22E71176E2AF59B, 915F36860DAA72DA89E906A7F6F255A854A2A91EEA536A7C2EDB4A63250F66CC ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:44:55.0629 0x1668  KSecDD - ok
13:44:55.0645 0x1668  [ 76C0D35167B1369C68388FEDB56A3048, 2788962AB21DBB0A4D130AE5F822E9FDB96D7FF6320E2798714BF18BCB9CAE4F ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
13:44:55.0692 0x1668  KSecPkg - ok
13:44:55.0739 0x1668  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm          C:\windows\system32\msdtckrm.dll
13:44:55.0817 0x1668  KtmRm - ok
13:44:55.0848 0x1668  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
13:44:55.0941 0x1668  LanmanServer - ok
13:44:55.0957 0x1668  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:44:56.0035 0x1668  LanmanWorkstation - ok
13:44:56.0097 0x1668  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:44:56.0175 0x1668  lltdio - ok
13:44:56.0207 0x1668  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc        C:\windows\System32\lltdsvc.dll
13:44:56.0285 0x1668  lltdsvc - ok
13:44:56.0300 0x1668  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts        C:\windows\System32\lmhsvc.dll
13:44:56.0409 0x1668  lmhosts - ok
13:44:56.0441 0x1668  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
13:44:56.0503 0x1668  LSI_FC - ok
13:44:56.0534 0x1668  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
13:44:56.0612 0x1668  LSI_SAS - ok
13:44:56.0628 0x1668  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
13:44:56.0659 0x1668  LSI_SAS2 - ok
13:44:56.0675 0x1668  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
13:44:56.0721 0x1668  LSI_SCSI - ok
13:44:56.0753 0x1668  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv          C:\windows\system32\drivers\luafv.sys
13:44:56.0862 0x1668  luafv - ok
13:44:56.0940 0x1668  [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon  C:\windows\system32\drivers\mbamchameleon.sys
13:44:57.0018 0x1668  mbamchameleon - ok
13:44:57.0065 0x1668  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy  C:\windows\system32\drivers\MBAMSwissArmy.sys
13:44:57.0127 0x1668  MBAMSwissArmy - ok
13:44:57.0174 0x1668  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
13:44:57.0267 0x1668  Mcx2Svc - ok
13:44:57.0299 0x1668  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
13:44:57.0345 0x1668  megasas - ok
13:44:57.0392 0x1668  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
13:44:57.0470 0x1668  MegaSR - ok
13:44:57.0486 0x1668  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS          C:\windows\system32\mmcss.dll
13:44:57.0548 0x1668  MMCSS - ok
13:44:57.0564 0x1668  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem          C:\windows\system32\drivers\modem.sys
13:44:57.0657 0x1668  Modem - ok
13:44:57.0689 0x1668  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
13:44:57.0720 0x1668  monitor - ok
13:44:57.0751 0x1668  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
13:44:57.0813 0x1668  mouclass - ok
13:44:57.0845 0x1668  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
13:44:57.0907 0x1668  mouhid - ok
13:44:57.0969 0x1668  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:44:58.0032 0x1668  mountmgr - ok
13:44:58.0094 0x1668  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:44:58.0157 0x1668  MozillaMaintenance - ok
13:44:58.0188 0x1668  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
13:44:58.0250 0x1668  mpio - ok
13:44:58.0297 0x1668  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:44:58.0406 0x1668  mpsdrv - ok
13:44:58.0531 0x1668  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:44:58.0640 0x1668  MpsSvc - ok
13:44:58.0671 0x1668  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:44:58.0749 0x1668  MRxDAV - ok
13:44:58.0796 0x1668  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:44:58.0905 0x1668  mrxsmb - ok
13:44:58.0952 0x1668  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:44:59.0046 0x1668  mrxsmb10 - ok
13:44:59.0061 0x1668  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:44:59.0093 0x1668  mrxsmb20 - ok
13:44:59.0124 0x1668  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
13:44:59.0186 0x1668  msahci - ok
13:44:59.0217 0x1668  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm          C:\windows\system32\drivers\msdsm.sys
13:44:59.0295 0x1668  msdsm - ok
13:44:59.0311 0x1668  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC          C:\windows\System32\msdtc.exe
13:44:59.0420 0x1668  MSDTC - ok
13:44:59.0467 0x1668  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:44:59.0545 0x1668  Msfs - ok
13:44:59.0561 0x1668  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
13:44:59.0654 0x1668  mshidkmdf - ok
13:44:59.0701 0x1668  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:44:59.0763 0x1668  msisadrv - ok
13:44:59.0810 0x1668  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI        C:\windows\system32\iscsiexe.dll
13:44:59.0904 0x1668  MSiSCSI - ok
13:44:59.0904 0x1668  msiserver - ok
13:44:59.0935 0x1668  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
13:45:00.0029 0x1668  MSKSSRV - ok
13:45:00.0044 0x1668  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:45:00.0138 0x1668  MSPCLOCK - ok
13:45:00.0153 0x1668  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
13:45:00.0247 0x1668  MSPQM - ok
13:45:00.0263 0x1668  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
13:45:00.0309 0x1668  MsRPC - ok
13:45:00.0341 0x1668  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
13:45:00.0372 0x1668  mssmbios - ok
13:45:00.0387 0x1668  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
13:45:00.0497 0x1668  MSTEE - ok
13:45:00.0512 0x1668  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
13:45:00.0543 0x1668  MTConfig - ok
13:45:00.0559 0x1668  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup            C:\windows\system32\Drivers\mup.sys
13:45:00.0621 0x1668  Mup - ok
13:45:00.0668 0x1668  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
13:45:00.0746 0x1668  napagent - ok
13:45:00.0793 0x1668  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
13:45:00.0824 0x1668  NativeWifiP - ok
13:45:00.0887 0x1668  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
13:45:00.0918 0x1668  NDIS - ok
13:45:00.0949 0x1668  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
13:45:01.0011 0x1668  NdisCap - ok
13:45:01.0027 0x1668  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:45:01.0089 0x1668  NdisTapi - ok
13:45:01.0152 0x1668  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
13:45:01.0230 0x1668  Ndisuio - ok
13:45:01.0261 0x1668  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
13:45:01.0339 0x1668  NdisWan - ok
13:45:01.0386 0x1668  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
13:45:01.0464 0x1668  NDProxy - ok
13:45:01.0635 0x1668  [ C7F5C284B6F46FCAF6910EA4E644700B, 754B11B71C06BC597EC5685E20772B604326C421BBD234BCD90678FD57C07768 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:45:01.0667 0x1668  Nero BackItUp Scheduler 4.0 - ok
13:45:01.0698 0x1668  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
13:45:01.0791 0x1668  NetBIOS - ok
13:45:01.0823 0x1668  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
13:45:01.0901 0x1668  NetBT - ok
13:45:01.0916 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] Netlogon        C:\windows\system32\lsass.exe
13:45:01.0932 0x1668  Netlogon - ok
13:45:01.0963 0x1668  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
13:45:02.0057 0x1668  Netman - ok
13:45:02.0119 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0213 0x1668  NetMsmqActivator - ok
13:45:02.0244 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0275 0x1668  NetPipeActivator - ok
13:45:02.0306 0x1668  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
13:45:02.0369 0x1668  netprofm - ok
13:45:02.0384 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0400 0x1668  NetTcpActivator - ok
13:45:02.0415 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:45:02.0431 0x1668  NetTcpPortSharing - ok
13:45:02.0462 0x1668  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
13:45:02.0509 0x1668  nfrd960 - ok
13:45:02.0556 0x1668  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
13:45:02.0696 0x1668  NlaSvc - ok
13:45:02.0727 0x1668  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:45:02.0805 0x1668  Npfs - ok
13:45:02.0837 0x1668  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi            C:\windows\system32\nsisvc.dll
13:45:02.0915 0x1668  nsi - ok
13:45:02.0946 0x1668  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:45:03.0039 0x1668  nsiproxy - ok
13:45:03.0133 0x1668  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:45:03.0242 0x1668  Ntfs - ok
13:45:03.0273 0x1668  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
13:45:03.0383 0x1668  Null - ok
13:45:03.0445 0x1668  [ FBEC0FD36ED61EFEE1E3063281EAB984, AE4BC81897FDDE6EBEE7A9A3C9252A8E454B80831A853F9D1DCC0C2F8FA7DAAC ] NVHDA          C:\windows\system32\drivers\nvhda32v.sys
13:45:03.0507 0x1668  NVHDA - ok
13:45:03.0866 0x1668  [ 61B13F70B75EE35526549CFEE7850613, 07E8E593188F4A971FDE7D30F4B401A966944CFC268852A35D428C635370BB78 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
13:45:04.0459 0x1668  nvlddmkm - ok
13:45:04.0506 0x1668  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:45:04.0568 0x1668  nvraid - ok
13:45:04.0615 0x1668  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:45:04.0677 0x1668  nvstor - ok
13:45:04.0724 0x1668  [ FAEFC55E4F7CED7DE6CB9EE5BC8827F9, 0ECC007D8138032B80CD00DD5C329691BC9408EE711DC7E69B263CADECE6B4DA ] nvsvc          C:\windows\system32\nvvsvc.exe
13:45:04.0755 0x1668  nvsvc - ok
13:45:04.0927 0x1668  [ 4BAE67FFDC0E1AE2B4FB5FC21F07B65C, 7F2F8B5CA7B175A1F9B4C77B6512FD7F6FD2DBC14175631E2E342A52B5EC0730 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:45:04.0974 0x1668  nvUpdatusService - ok
13:45:05.0021 0x1668  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:45:05.0067 0x1668  nv_agp - ok
13:45:05.0192 0x1668  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:45:05.0286 0x1668  odserv - ok
13:45:05.0333 0x1668  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
13:45:05.0395 0x1668  ohci1394 - ok
13:45:05.0426 0x1668  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:05.0489 0x1668  ose - ok
13:45:05.0535 0x1668  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:45:05.0629 0x1668  p2pimsvc - ok
13:45:05.0676 0x1668  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
13:45:05.0785 0x1668  p2psvc - ok
13:45:05.0816 0x1668  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport        C:\windows\system32\DRIVERS\parport.sys
13:45:05.0847 0x1668  Parport - ok
13:45:05.0879 0x1668  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr        C:\windows\system32\drivers\partmgr.sys
13:45:05.0925 0x1668  partmgr - ok
13:45:05.0941 0x1668  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
13:45:05.0972 0x1668  Parvdm - ok
13:45:06.0003 0x1668  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\windows\System32\pcasvc.dll
13:45:06.0066 0x1668  PcaSvc - ok
13:45:06.0097 0x1668  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci            C:\windows\system32\drivers\pci.sys
13:45:06.0159 0x1668  pci - ok
13:45:06.0206 0x1668  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
13:45:06.0237 0x1668  pciide - ok
13:45:06.0284 0x1668  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
13:45:06.0331 0x1668  pcmcia - ok
13:45:06.0347 0x1668  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw            C:\windows\system32\drivers\pcw.sys
13:45:06.0393 0x1668  pcw - ok
13:45:06.0487 0x1668  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
13:45:06.0534 0x1668  PDFProFiltSrvPP - ok
13:45:06.0627 0x1668  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:45:06.0721 0x1668  PEAUTH - ok
13:45:06.0846 0x1668  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla            C:\windows\system32\pla.dll
13:45:06.0986 0x1668  pla - ok
13:45:07.0064 0x1668  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:45:07.0173 0x1668  PlugPlay - ok
13:45:07.0205 0x1668  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
13:45:07.0236 0x1668  PNRPAutoReg - ok
13:45:07.0267 0x1668  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
13:45:07.0283 0x1668  PNRPsvc - ok
13:45:07.0345 0x1668  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
13:45:07.0423 0x1668  PolicyAgent - ok
13:45:07.0454 0x1668  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power          C:\windows\system32\umpo.dll
13:45:07.0517 0x1668  Power - ok
13:45:07.0563 0x1668  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:45:07.0673 0x1668  PptpMiniport - ok
13:45:07.0688 0x1668  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor      C:\windows\system32\DRIVERS\processr.sys
13:45:07.0751 0x1668  Processor - ok
13:45:07.0797 0x1668  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc        C:\windows\system32\profsvc.dll
13:45:07.0860 0x1668  ProfSvc - ok
13:45:07.0875 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] ProtectedStorage C:\windows\system32\lsass.exe
13:45:07.0891 0x1668  ProtectedStorage - ok
13:45:07.0922 0x1668  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:45:08.0016 0x1668  Psched - ok
13:45:08.0109 0x1668  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
13:45:08.0203 0x1668  ql2300 - ok
13:45:08.0234 0x1668  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
13:45:08.0297 0x1668  ql40xx - ok
13:45:08.0343 0x1668  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE          C:\windows\system32\qwave.dll
13:45:08.0421 0x1668  QWAVE - ok
13:45:08.0437 0x1668  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:45:08.0531 0x1668  QWAVEdrv - ok
13:45:08.0546 0x1668  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:45:08.0640 0x1668  RasAcd - ok
13:45:08.0671 0x1668  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
13:45:08.0780 0x1668  RasAgileVpn - ok
13:45:08.0811 0x1668  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto        C:\windows\System32\rasauto.dll
13:45:08.0874 0x1668  RasAuto - ok
13:45:08.0905 0x1668  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
13:45:08.0967 0x1668  Rasl2tp - ok
13:45:09.0014 0x1668  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
13:45:09.0092 0x1668  RasMan - ok
13:45:09.0123 0x1668  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:45:09.0201 0x1668  RasPppoe - ok
13:45:09.0217 0x1668  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
13:45:09.0264 0x1668  RasSstp - ok
13:45:09.0311 0x1668  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
13:45:09.0420 0x1668  rdbss - ok
13:45:09.0435 0x1668  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
13:45:09.0482 0x1668  rdpbus - ok
13:45:09.0607 0x1668  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
13:45:09.0685 0x1668  RDPCDD - ok
13:45:09.0747 0x1668  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
13:45:09.0857 0x1668  RDPENCDD - ok
13:45:09.0872 0x1668  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
13:45:09.0935 0x1668  RDPREFMP - ok
13:45:10.0044 0x1668  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:45:10.0153 0x1668  RdpVideoMiniport - ok
13:45:10.0200 0x1668  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
13:45:10.0262 0x1668  RDPWD - ok
13:45:10.0340 0x1668  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:45:10.0403 0x1668  rdyboost - ok
13:45:10.0434 0x1668  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
13:45:10.0512 0x1668  RemoteAccess - ok
13:45:10.0527 0x1668  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:45:10.0605 0x1668  RemoteRegistry - ok
13:45:10.0637 0x1668  [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip          C:\windows\SYSTEM32\Rezip.exe
13:45:10.0652 0x1668  Rezip - detected UnsignedFile.Multi.Generic ( 1 )
13:45:13.0351 0x1668  Detect skipped due to KSN trusted
13:45:13.0351 0x1668  Rezip - ok
13:45:13.0491 0x1668  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
13:45:13.0601 0x1668  RFCOMM - ok
13:45:13.0803 0x1668  [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo      C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:45:13.0835 0x1668  RichVideo - ok
13:45:13.0897 0x1668  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:45:13.0991 0x1668  RpcEptMapper - ok
13:45:14.0022 0x1668  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
13:45:14.0053 0x1668  RpcLocator - ok
13:45:14.0100 0x1668  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs          C:\windows\system32\rpcss.dll
13:45:14.0147 0x1668  RpcSs - ok
13:45:14.0193 0x1668  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:45:14.0303 0x1668  rspndr - ok
13:45:14.0334 0x1668  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167        C:\windows\system32\DRIVERS\Rt86win7.sys
13:45:14.0396 0x1668  RTL8167 - ok
13:45:14.0443 0x1668  [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI            C:\windows\system32\Drivers\SABI.sys
13:45:14.0521 0x1668  SABI - ok
13:45:14.0537 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] SamSs          C:\windows\system32\lsass.exe
13:45:14.0568 0x1668  SamSs - ok
13:45:14.0646 0x1668  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:45:14.0661 0x1668  sbp2port - ok
13:45:14.0693 0x1668  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:45:14.0771 0x1668  SCardSvr - ok
13:45:14.0802 0x1668  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:45:14.0864 0x1668  scfilter - ok
13:45:14.0958 0x1668  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
13:45:15.0083 0x1668  Schedule - ok
13:45:15.0129 0x1668  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc    C:\windows\System32\certprop.dll
13:45:15.0192 0x1668  SCPolicySvc - ok
13:45:15.0223 0x1668  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:45:15.0301 0x1668  SDRSVC - ok
13:45:15.0332 0x1668  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:45:15.0395 0x1668  secdrv - ok
13:45:15.0410 0x1668  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
13:45:15.0519 0x1668  seclogon - ok
13:45:15.0551 0x1668  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
13:45:15.0613 0x1668  SENS - ok
13:45:15.0644 0x1668  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
13:45:15.0722 0x1668  SensrSvc - ok
13:45:15.0738 0x1668  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
13:45:15.0769 0x1668  Serenum - ok
13:45:15.0800 0x1668  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
13:45:15.0878 0x1668  Serial - ok
13:45:15.0909 0x1668  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
13:45:15.0925 0x1668  sermouse - ok
13:45:15.0972 0x1668  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
13:45:16.0097 0x1668  SessionEnv - ok
13:45:16.0128 0x1668  [ B7018644E132A8DFB12ED90106E06739, E25D2621F2651F56CE836DB9656AB44D535EA5DF99D5D7DB49B8BEF17114E9CC ] sfdrv01        C:\windows\system32\drivers\sfdrv01.sys
13:45:16.0175 0x1668  sfdrv01 - ok
13:45:16.0221 0x1668  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
13:45:16.0284 0x1668  sffdisk - ok
13:45:16.0299 0x1668  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
13:45:16.0362 0x1668  sffp_mmc - ok
13:45:16.0377 0x1668  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
13:45:16.0471 0x1668  sffp_sd - ok
13:45:16.0518 0x1668  [ DAAD4C099EBF5094D32C373AC1AC0F3C, 4783DBDB18B4388D63BAF7D1E266D176DD4D25E6084E67A835DBC16732FCD9BC ] sfhlp02        C:\windows\system32\drivers\sfhlp02.sys
13:45:16.0549 0x1668  sfhlp02 - ok
13:45:16.0643 0x1668  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
13:45:16.0721 0x1668  sfloppy - ok
13:45:16.0845 0x1668  [ 6DC03269F4C71E4AB313C3597F42A340, A5E33E2E8006321FF93651D623A018B1CD61538C1773F45D4683839F1A87DDE6 ] sfsync02        C:\windows\system32\drivers\sfsync02.sys
13:45:16.0908 0x1668  sfsync02 - ok
13:45:16.0986 0x1668  [ 197CEF62EB4BC043E1578529FA2B9A48, 3D0FFF46671E6B7805D917FCE53C73904903464216BB7C8AA0C0B88C00ACEEB5 ] sfvfs02        C:\windows\system32\drivers\sfvfs02.sys
13:45:17.0048 0x1668  sfvfs02 - ok
13:45:17.0235 0x1668  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:45:17.0454 0x1668  SharedAccess - ok
13:45:17.0532 0x1668  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:45:17.0625 0x1668  ShellHWDetection - ok
13:45:17.0641 0x1668  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
13:45:17.0688 0x1668  sisagp - ok
13:45:17.0766 0x1668  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
13:45:17.0781 0x1668  SiSRaid2 - ok
13:45:17.0797 0x1668  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
13:45:17.0813 0x1668  SiSRaid4 - ok
13:45:17.0844 0x1668  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb            C:\windows\system32\DRIVERS\smb.sys
13:45:17.0953 0x1668  Smb - ok
13:45:18.0078 0x1668  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:45:18.0125 0x1668  SNMPTRAP - ok
13:45:18.0140 0x1668  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr          C:\windows\system32\drivers\spldr.sys
13:45:18.0187 0x1668  spldr - ok
13:45:18.0390 0x1668  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler        C:\windows\System32\spoolsv.exe
13:45:18.0546 0x1668  Spooler - ok
13:45:19.0357 0x1668  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
13:45:19.0693 0x1668  sppsvc - ok
13:45:19.0743 0x1668  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify    C:\windows\system32\sppuinotify.dll
13:45:19.0843 0x1668  sppuinotify - ok
13:45:19.0933 0x1668  [ 54902536AAD0E9B99BC65F89C0CAF93F, 312B6F1ECBAA42EA8FAC374E446FC6B686F747B38D903E1B181F95AECCB2BFD1 ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:45:19.0993 0x1668  SQLWriter - ok
13:45:20.0043 0x1668  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv            C:\windows\system32\DRIVERS\srv.sys
13:45:20.0123 0x1668  srv - ok
13:45:20.0153 0x1668  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:45:20.0223 0x1668  srv2 - ok
13:45:20.0249 0x1668  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:45:20.0327 0x1668  srvnet - ok
13:45:20.0358 0x1668  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
13:45:20.0436 0x1668  SSDPSRV - ok
13:45:20.0514 0x1668  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
13:45:20.0577 0x1668  ssmdrv - ok
13:45:20.0608 0x1668  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc        C:\windows\system32\sstpsvc.dll
13:45:20.0670 0x1668  SstpSvc - ok
13:45:20.0701 0x1668  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
13:45:20.0764 0x1668  stexstor - ok
13:45:20.0811 0x1668  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
13:45:20.0889 0x1668  StillCam - ok
13:45:20.0935 0x1668  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
13:45:21.0029 0x1668  StiSvc - ok
13:45:21.0107 0x1668  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
13:45:21.0138 0x1668  swenum - ok
13:45:21.0185 0x1668  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv          C:\windows\System32\swprv.dll
13:45:21.0294 0x1668  swprv - ok
13:45:21.0372 0x1668  [ 069E5728E565BD401347CB94732C4733, 16D6F0DE070E0A00FEE2512A9F238DA8175C4C44D76FBC5DD49CAF2EBB779C1F ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
13:45:21.0388 0x1668  SynTP - ok
13:45:21.0700 0x1668  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain        C:\windows\system32\sysmain.dll
13:45:21.0809 0x1668  SysMain - ok
13:45:21.0840 0x1668  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
13:45:21.0903 0x1668  TabletInputService - ok
13:45:21.0934 0x1668  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv        C:\windows\System32\tapisrv.dll
13:45:22.0012 0x1668  TapiSrv - ok
13:45:22.0043 0x1668  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS            C:\windows\System32\tbssvc.dll
13:45:22.0121 0x1668  TBS - ok
13:45:22.0199 0x1668  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
13:45:22.0308 0x1668  Tcpip - ok
13:45:22.0355 0x1668  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:45:22.0417 0x1668  TCPIP6 - ok
13:45:22.0449 0x1668  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:45:22.0495 0x1668  tcpipreg - ok
13:45:22.0527 0x1668  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
13:45:22.0605 0x1668  TDPIPE - ok
13:45:22.0636 0x1668  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
13:45:22.0698 0x1668  TDTCP - ok
13:45:22.0745 0x1668  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx            C:\windows\system32\DRIVERS\tdx.sys
13:45:22.0823 0x1668  tdx - ok
13:45:22.0839 0x1668  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
13:45:22.0885 0x1668  TermDD - ok
13:45:22.0948 0x1668  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService    C:\windows\System32\termsrv.dll
13:45:23.0041 0x1668  TermService - ok
13:45:23.0073 0x1668  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
13:45:23.0119 0x1668  Themes - ok
13:45:23.0151 0x1668  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER    C:\windows\system32\mmcss.dll
13:45:23.0182 0x1668  THREADORDER - ok
13:45:23.0229 0x1668  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
13:45:23.0307 0x1668  TrkWks - ok
13:45:23.0369 0x1668  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:45:23.0431 0x1668  TrustedInstaller - ok
13:45:23.0463 0x1668  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
13:45:23.0478 0x1668  tssecsrv - ok
13:45:23.0541 0x1668  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:45:23.0619 0x1668  TsUsbFlt - ok
13:45:23.0665 0x1668  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:45:23.0743 0x1668  tunnel - ok
13:45:23.0775 0x1668  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
13:45:23.0790 0x1668  uagp35 - ok
13:45:23.0853 0x1668  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:45:23.0931 0x1668  udfs - ok
13:45:23.0962 0x1668  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect      C:\windows\system32\UI0Detect.exe
13:45:24.0009 0x1668  UI0Detect - ok
13:45:24.0055 0x1668  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:45:24.0071 0x1668  uliagpkx - ok
13:45:24.0102 0x1668  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus          C:\windows\system32\drivers\umbus.sys
13:45:24.0149 0x1668  umbus - ok
13:45:24.0180 0x1668  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
13:45:24.0321 0x1668  UmPass - ok
13:45:24.0399 0x1668  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
13:45:24.0461 0x1668  upnphost - ok
13:45:24.0508 0x1668  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
13:45:24.0617 0x1668  usbccgp - ok
13:45:24.0695 0x1668  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
13:45:24.0820 0x1668  usbcir - ok
13:45:24.0882 0x1668  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci        C:\windows\system32\drivers\usbehci.sys
13:45:24.0960 0x1668  usbehci - ok
13:45:25.0023 0x1668  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
13:45:25.0116 0x1668  usbhub - ok
13:45:25.0147 0x1668  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci        C:\windows\system32\drivers\usbohci.sys
13:45:25.0210 0x1668  usbohci - ok
13:45:25.0241 0x1668  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
13:45:25.0288 0x1668  usbprint - ok
13:45:25.0319 0x1668  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan        C:\windows\system32\DRIVERS\usbscan.sys
13:45:25.0381 0x1668  usbscan - ok
13:45:25.0397 0x1668  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
13:45:25.0475 0x1668  USBSTOR - ok
13:45:25.0537 0x1668  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
13:45:25.0584 0x1668  usbuhci - ok
13:45:25.0631 0x1668  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
13:45:25.0725 0x1668  usbvideo - ok
13:45:25.0756 0x1668  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms          C:\windows\System32\uxsms.dll
13:45:25.0818 0x1668  UxSms - ok
13:45:25.0849 0x1668  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] VaultSvc        C:\windows\system32\lsass.exe
13:45:25.0865 0x1668  VaultSvc - ok
13:45:25.0896 0x1668  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:45:25.0943 0x1668  vdrvroot - ok
13:45:26.0005 0x1668  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds            C:\windows\System32\vds.exe
13:45:26.0083 0x1668  vds - ok
13:45:26.0146 0x1668  [ 032A1F7357BA2C235C3BA8002D52F870, A594C875469A2194AE23DA3B2BD35B2B800D475C46508EDD7A41063A9380F7D8 ] vflt            C:\windows\system32\DRIVERS\vfilter.sys
13:45:26.0224 0x1668  vflt - ok
13:45:26.0271 0x1668  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
13:45:26.0349 0x1668  vga - ok
13:45:26.0364 0x1668  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave        C:\windows\System32\drivers\vga.sys
13:45:26.0473 0x1668  VgaSave - ok
13:45:26.0505 0x1668  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
13:45:26.0567 0x1668  vhdmp - ok
13:45:26.0598 0x1668  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
13:45:26.0614 0x1668  viaagp - ok
13:45:26.0629 0x1668  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7          C:\windows\system32\DRIVERS\viac7.sys
13:45:26.0692 0x1668  ViaC7 - ok
13:45:26.0739 0x1668  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
13:45:26.0801 0x1668  viaide - ok
13:45:26.0832 0x1668  [ FBD7E0A5B543480A69896811CB66A1FB, 7EC73712356D794AD7F9685ED1FA8663A5A44355A4C92CB3C87E2B9B8A693E16 ] vnet            C:\windows\system32\DRIVERS\virtualnet.sys
13:45:26.0910 0x1668  vnet - ok
13:45:26.0957 0x1668  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:45:27.0019 0x1668  volmgr - ok
13:45:27.0051 0x1668  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
13:45:27.0097 0x1668  volmgrx - ok
13:45:27.0129 0x1668  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap        C:\windows\system32\drivers\volsnap.sys
13:45:27.0175 0x1668  volsnap - ok
13:45:27.0207 0x1668  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
13:45:27.0253 0x1668  vsmraid - ok
13:45:27.0316 0x1668  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS            C:\windows\system32\vssvc.exe
13:45:27.0425 0x1668  VSS - ok
13:45:27.0441 0x1668  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
13:45:27.0487 0x1668  vwifibus - ok
13:45:27.0519 0x1668  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:45:27.0581 0x1668  vwififlt - ok
13:45:27.0612 0x1668  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
13:45:27.0659 0x1668  vwifimp - ok
13:45:27.0690 0x1668  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time        C:\windows\system32\w32time.dll
13:45:27.0753 0x1668  W32Time - ok
13:45:27.0768 0x1668  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
13:45:27.0815 0x1668  WacomPen - ok
13:45:27.0846 0x1668  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
13:45:27.0924 0x1668  WANARP - ok
13:45:27.0924 0x1668  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:45:27.0971 0x1668  Wanarpv6 - ok
13:45:28.0033 0x1668  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
13:45:28.0143 0x1668  wbengine - ok
13:45:28.0189 0x1668  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:45:28.0236 0x1668  WbioSrvc - ok
13:45:28.0267 0x1668  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc        C:\windows\System32\wcncsvc.dll
13:45:28.0345 0x1668  wcncsvc - ok
13:45:28.0361 0x1668  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:45:28.0423 0x1668  WcsPlugInService - ok
13:45:28.0470 0x1668  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
13:45:28.0517 0x1668  Wd - ok
13:45:28.0564 0x1668  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:45:28.0626 0x1668  Wdf01000 - ok
13:45:28.0657 0x1668  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:45:28.0751 0x1668  WdiServiceHost - ok
13:45:28.0751 0x1668  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost  C:\windows\system32\wdi.dll
13:45:28.0782 0x1668  WdiSystemHost - ok
13:45:28.0829 0x1668  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient      C:\windows\System32\webclnt.dll
13:45:28.0938 0x1668  WebClient - ok
13:45:28.0985 0x1668  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:45:29.0079 0x1668  Wecsvc - ok
13:45:29.0094 0x1668  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport  C:\windows\System32\wercplsupport.dll
13:45:29.0172 0x1668  wercplsupport - ok
13:45:29.0203 0x1668  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
13:45:29.0281 0x1668  WerSvc - ok
13:45:29.0328 0x1668  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
13:45:29.0406 0x1668  WfpLwf - ok
13:45:29.0422 0x1668  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:45:29.0453 0x1668  WIMMount - ok
13:45:29.0562 0x1668  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
13:45:29.0656 0x1668  WinDefend - ok
13:45:29.0671 0x1668  WinHttpAutoProxySvc - ok
13:45:29.0734 0x1668  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
13:45:29.0812 0x1668  Winmgmt - ok
13:45:29.0890 0x1668  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM          C:\windows\system32\WsmSvc.dll
13:45:30.0030 0x1668  WinRM - ok
13:45:30.0093 0x1668  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc        C:\windows\System32\wlansvc.dll
13:45:30.0186 0x1668  Wlansvc - ok
13:45:30.0218 0x1668  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
13:45:30.0249 0x1668  WmiAcpi - ok
13:45:30.0280 0x1668  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:45:30.0342 0x1668  wmiApSrv - ok
13:45:30.0498 0x1668  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
13:45:30.0654 0x1668  WMPNetworkSvc - ok
13:45:30.0686 0x1668  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:45:30.0779 0x1668  WPCSvc - ok
13:45:30.0810 0x1668  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:45:30.0873 0x1668  WPDBusEnum - ok
13:45:30.0904 0x1668  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
13:45:30.0982 0x1668  ws2ifsl - ok
13:45:30.0998 0x1668  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
13:45:31.0060 0x1668  wscsvc - ok
13:45:31.0076 0x1668  WSearch - ok
13:45:31.0185 0x1668  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\windows\system32\wuaueng.dll
13:45:31.0310 0x1668  wuauserv - ok
13:45:31.0356 0x1668  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:45:31.0434 0x1668  WudfPf - ok
13:45:31.0466 0x1668  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:31.0528 0x1668  WUDFRd - ok
13:45:31.0559 0x1668  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc        C:\windows\System32\WUDFSvc.dll
13:45:31.0590 0x1668  wudfsvc - ok
13:45:31.0622 0x1668  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc        C:\windows\System32\wwansvc.dll
13:45:31.0684 0x1668  WwanSvc - ok
13:45:31.0746 0x1668  [ 30B73EB97218A16CBC6DE535782A1B35, 5B034F39FA5B902BD6899717F7696871CDAFB8698B48BB0E95DAE51234715A28 ] yukonw7        C:\windows\system32\DRIVERS\yk62x86.sys
13:45:31.0840 0x1668  yukonw7 - ok
13:45:31.0871 0x1668  ================ Scan global ===============================
13:45:31.0934 0x1668  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
13:45:31.0996 0x1668  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
13:45:32.0058 0x1668  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
13:45:32.0090 0x1668  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
13:45:32.0168 0x1668  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\windows\system32\services.exe
13:45:32.0230 0x1668  [ Global ] - ok
13:45:32.0230 0x1668  ================ Scan MBR ==================================
13:45:32.0246 0x1668  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
13:45:32.0760 0x1668  \Device\Harddisk0\DR0 - ok
13:45:32.0760 0x1668  ================ Scan VBR ==================================
13:45:32.0760 0x1668  [ E2C8715762CF8E54F0EB9259D90FFD81 ] \Device\Harddisk0\DR0\Partition1
13:45:32.0792 0x1668  \Device\Harddisk0\DR0\Partition1 - ok
13:45:32.0807 0x1668  [ 1F0DFC15CE7F27D9DA08EEB12F0650C4 ] \Device\Harddisk0\DR0\Partition2
13:45:32.0807 0x1668  \Device\Harddisk0\DR0\Partition2 - ok
13:45:32.0807 0x1668  [ C418A24D8E6D4D267CB8596FC4625A14 ] \Device\Harddisk0\DR0\Partition3
13:45:32.0807 0x1668  \Device\Harddisk0\DR0\Partition3 - ok
13:45:32.0807 0x1668  ================ Scan generic autorun ======================
13:45:33.0150 0x1668  [ 97101B7CCCFA2BDFEFC2E0B84205D144, 10C6EC4903DB85A1517F788049E726B22FF87C012A936CBF26EF0F2222C9251B ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
13:45:33.0556 0x1668  RtHDVCpl - ok
13:45:33.0681 0x1668  [ E4A94D17436B4E9F53CD64D08E53D964, E3B2D336A1E90C1C520B834FA986AE2CFBD2807664C35E8AB9059CC899E58CFC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
13:45:33.0743 0x1668  SynTPEnh - ok
13:45:33.0806 0x1668  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
13:45:33.0868 0x1668  UpdateLBPShortCut - ok
13:45:33.0899 0x1668  [ 54FA8528EDA1B6B34615F4EA3FCB35E6, B078821475D6FDED19579A487484D0752DC6E1AA0D1ACA71353C743B00291C61 ] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
13:45:33.0915 0x1668  CLMLServer - ok
13:45:33.0962 0x1668  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
13:45:33.0993 0x1668  UpdateP2GoShortCut - ok
13:45:34.0071 0x1668  [ AAD52179D4A526AD4A705B87C6E4F72A, 0015F316DD2E73D5D2434DAC7CAB47050B21BF8CAE23482302A0E1982EF8A3BD ] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
13:45:34.0149 0x1668  UpdatePDRShortCut - ok
13:45:34.0196 0x1668  [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
13:45:34.0211 0x1668  RemoteControl8 - ok
13:45:34.0227 0x1668  [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
13:45:34.0258 0x1668  PDVD8LanguageShortcut - ok
13:45:34.0336 0x1668  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
13:45:34.0398 0x1668  UpdatePPShortCut - ok
13:45:34.0476 0x1668  [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
13:45:34.0523 0x1668  UpdatePSTShortCut - ok
13:45:34.0554 0x1668  [ 36086951E7475DC238830173163186D3, 513D3CCCDA92F624889EC593538A702897BEE0EA99549BBB68697BBB828E9286 ] C:\Program Files\AnyPC Client\APLangApp.exe
13:45:34.0601 0x1668  APLangApp - ok
13:45:34.0679 0x1668  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
13:45:34.0710 0x1668  UCam_Menu - ok
13:45:34.0773 0x1668  [ AEB3E8A6308604C3490A36D06D6685DC, CAFAE7697261CDA6934E324FC45D893BB452F23A1196FECC6930B72FFA8A2738 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
13:45:34.0804 0x1668  Adobe Acrobat Speed Launcher - ok
13:45:34.0929 0x1668  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0069 0x1668  Sidebar - ok
13:45:35.0100 0x1668  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0163 0x1668  mctadmin - ok
13:45:35.0194 0x1668  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0241 0x1668  Sidebar - ok
13:45:35.0256 0x1668  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0272 0x1668  mctadmin - ok
13:45:35.0412 0x1668  [ 66E3878250E18FEDBA32CB90DA917005, 199DA21E7A269334E6F0BE7A73D3CA28F716CF32183DF9D50B282DAAFAE1D309 ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
13:45:35.0459 0x1668  GarminExpressTrayApp - ok
13:45:35.0568 0x1668  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
13:45:35.0600 0x1668  ISUSPM - ok
13:45:35.0615 0x1668  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
13:45:35.0631 0x1668  ISUSPM - ok
13:45:35.0678 0x1668  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:45:35.0724 0x1668  Sidebar - ok
13:45:35.0756 0x1668  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:45:35.0771 0x1668  mctadmin - ok
13:45:35.0771 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:36.0785 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:37.0799 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:38.0813 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:39.0827 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:40.0841 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:41.0855 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:42.0869 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:43.0883 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:44.0897 0x1668  Waiting for KSN requests completion. In queue: 337
13:45:46.0067 0x1668  AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
13:45:46.0098 0x1668  Win FW state via NFP2: enabled
13:45:48.0844 0x1668  ============================================================
13:45:48.0844 0x1668  Scan finished
13:45:48.0844 0x1668  ============================================================
13:45:48.0891 0x1144  Detected object count: 0
13:45:48.0891 0x1144  Actual detected object count: 0

Marc.223 04.06.2015 19:58
Übrigens habe ich mittlerweile auch einen Scan der ganzen Systems mit AntiVir durchgeführt und habe nichts gefunden, was aber wahrscheinlich auch nicht viel heißt, trotzdem hier der Report von Antivir:

Code:

Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 4. Juni 2015  00:48


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Antivirus Free
Seriennummer  : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Marc
Computername  : C***

Versionsinformationen:
BUILD.DAT      : 15.0.10.434  109882 Bytes  16.04.2015 15:24:00
AVSCAN.EXE    : 15.0.10.430  1028856 Bytes  07.05.2015 17:26:25
AVSCANRC.DLL  : 15.0.10.236    64760 Bytes  07.05.2015 17:26:25
LUKE.DLL      : 15.0.10.414    59696 Bytes  07.05.2015 17:26:33
AVSCPLR.DLL    : 15.0.10.414    97736 Bytes  07.05.2015 17:26:25
REPAIR.DLL    : 15.0.10.414  375088 Bytes  07.05.2015 17:26:25
REPAIR.RDF    : 1.0.8.20      898451 Bytes  02.06.2015 17:25:40
AVREG.DLL      : 15.0.10.414  275248 Bytes  07.05.2015 17:26:24
AVLODE.DLL    : 15.0.10.414  597240 Bytes  07.05.2015 17:26:23
AVLODE.RDF    : 14.0.4.70      79227 Bytes  07.05.2015 17:26:21
XBV00021.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00022.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00023.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00024.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00025.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00026.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00027.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00028.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00029.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00030.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00031.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00032.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00033.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00034.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00035.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:01
XBV00036.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00037.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00038.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00039.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00040.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00041.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 16:52:02
XBV00054.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00055.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00056.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00057.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00058.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00059.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00060.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00061.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00062.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00063.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00064.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00065.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00066.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00067.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00068.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00069.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00070.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00071.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00072.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00073.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00074.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00075.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00076.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00077.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00078.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00079.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00080.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00081.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00082.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00083.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00084.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00085.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00086.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00087.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00088.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00089.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00090.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00091.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00092.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00093.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00094.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:30
XBV00095.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00096.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00097.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00098.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00099.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00100.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00101.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00102.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00103.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00104.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00105.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00106.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00107.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00108.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00109.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00110.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00111.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00112.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00113.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00114.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00115.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00116.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00117.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00118.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00119.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00120.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00121.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00122.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00123.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00124.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00125.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00126.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00127.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00128.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00129.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00130.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:31
XBV00131.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00132.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00133.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00134.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00135.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00136.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00137.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00138.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00139.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00140.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00141.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00142.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00143.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00144.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00145.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00146.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00147.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00148.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00149.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00150.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00151.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00152.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00153.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00154.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00155.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00156.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00157.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00158.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00159.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00160.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00161.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00162.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00163.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00164.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00165.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00166.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00167.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00168.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00169.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00170.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00171.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00172.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:32
XBV00173.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00174.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00175.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00176.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00177.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00178.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00179.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00180.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00181.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00182.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00183.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00184.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00185.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00186.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00187.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00188.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00189.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00190.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00191.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00192.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00193.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00194.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00195.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00196.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00197.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00198.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00199.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00200.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00201.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00202.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:33
XBV00203.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00204.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00205.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00206.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00207.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00208.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00209.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00210.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00211.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00212.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00213.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00214.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00215.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00216.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00217.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00218.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00219.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00220.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00221.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00222.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00223.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00224.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00225.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00226.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00227.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00228.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00229.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00230.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00231.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00232.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00233.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00234.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00235.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00236.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00237.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00238.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:34
XBV00239.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00240.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00241.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00242.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00243.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00244.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00245.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00246.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00247.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00248.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00249.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00250.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00251.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00252.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00253.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00254.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00255.VDF  : 8.11.237.30    2048 Bytes  02.06.2015 17:25:35
XBV00000.VDF  : 7.11.70.0  66736640 Bytes  04.04.2013 19:37:42
XBV00001.VDF  : 7.11.74.226  2201600 Bytes  30.04.2013 19:37:46
XBV00002.VDF  : 7.11.80.60  2751488 Bytes  28.05.2013 19:37:49
XBV00003.VDF  : 7.11.85.214  2162688 Bytes  21.06.2013 19:37:52
XBV00004.VDF  : 7.11.91.176  3903488 Bytes  23.07.2013 19:37:58
XBV00005.VDF  : 7.11.98.186  6822912 Bytes  29.08.2013 20:59:20
XBV00006.VDF  : 7.11.139.38 15708672 Bytes  27.03.2014 15:14:41
XBV00007.VDF  : 7.11.152.100  4193792 Bytes  02.06.2014 17:58:27
XBV00008.VDF  : 8.11.165.192  4251136 Bytes  07.08.2014 16:52:00
XBV00009.VDF  : 8.11.172.30  2094080 Bytes  15.09.2014 18:11:15
XBV00010.VDF  : 8.11.178.32  1581056 Bytes  14.10.2014 14:08:35
XBV00011.VDF  : 8.11.184.50  2178560 Bytes  11.11.2014 18:10:49
XBV00012.VDF  : 8.11.190.32  1876992 Bytes  03.12.2014 18:02:56
XBV00013.VDF  : 8.11.201.28  2973696 Bytes  14.01.2015 13:15:59
XBV00014.VDF  : 8.11.206.252  2695680 Bytes  04.02.2015 18:21:03
XBV00015.VDF  : 8.11.213.84  3175936 Bytes  03.03.2015 08:45:00
XBV00016.VDF  : 8.11.213.176  212480 Bytes  05.03.2015 19:56:28
XBV00017.VDF  : 8.11.219.166  2033664 Bytes  25.03.2015 19:52:01
XBV00018.VDF  : 8.11.225.88  2367488 Bytes  22.04.2015 17:24:39
XBV00019.VDF  : 8.11.230.186  1674752 Bytes  13.05.2015 18:10:25
XBV00020.VDF  : 8.11.237.30  4711936 Bytes  02.06.2015 17:25:29
XBV00042.VDF  : 8.11.237.62    34816 Bytes  02.06.2015 19:25:17
XBV00043.VDF  : 8.11.237.64    14848 Bytes  02.06.2015 19:25:17
XBV00044.VDF  : 8.11.237.96    44032 Bytes  02.06.2015 16:43:23
XBV00045.VDF  : 8.11.237.128    4096 Bytes  02.06.2015 16:43:23
XBV00046.VDF  : 8.11.237.130    12800 Bytes  02.06.2015 16:43:23
XBV00047.VDF  : 8.11.237.132    23552 Bytes  03.06.2015 16:43:23
XBV00048.VDF  : 8.11.237.134    4608 Bytes  03.06.2015 16:43:23
XBV00049.VDF  : 8.11.237.136    4096 Bytes  03.06.2015 16:43:23
XBV00050.VDF  : 8.11.237.138    6144 Bytes  03.06.2015 16:43:23
XBV00051.VDF  : 8.11.237.160    7680 Bytes  03.06.2015 16:43:23
XBV00052.VDF  : 8.11.237.182    17408 Bytes  03.06.2015 16:43:23
XBV00053.VDF  : 8.11.237.204    10240 Bytes  03.06.2015 20:43:28
LOCAL001.VDF  : 8.11.237.204 126635520 Bytes  03.06.2015 20:43:59
Engineversion  : 8.3.30.40
AEVDF.DLL      : 8.3.1.6      133992 Bytes  20.08.2014 17:31:48
AESCRIPT.DLL  : 8.2.2.68      524352 Bytes  01.06.2015 16:46:45
AESCN.DLL      : 8.3.2.10      142456 Bytes  12.05.2015 19:13:40
AESBX.DLL      : 8.2.21.0    1622072 Bytes  26.05.2015 17:13:52
AERDL.DLL      : 8.2.1.20      731040 Bytes  11.02.2015 18:01:09
AEPACK.DLL    : 8.4.0.80      793728 Bytes  26.05.2015 17:13:51
AEOFFICE.DLL  : 8.3.1.22      363376 Bytes  24.04.2015 17:16:00
AEMOBILE.DLL  : 8.1.7.2      281720 Bytes  24.04.2015 17:16:01
AEHEUR.DLL    : 8.1.4.1714  8440688 Bytes  01.06.2015 16:46:45
AEHELP.DLL    : 8.3.2.0      281456 Bytes  19.03.2015 21:56:43
AEGEN.DLL      : 8.1.7.40      456608 Bytes  19.12.2014 18:01:59
AEEXP.DLL      : 8.4.2.88      266296 Bytes  12.05.2015 19:13:40
AEEMU.DLL      : 8.1.3.4      399264 Bytes  07.08.2014 16:51:49
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  10.03.2015 16:24:55
AECORE.DLL    : 8.3.6.2      243624 Bytes  26.05.2015 17:13:49
AEBB.DLL      : 8.1.2.0        60448 Bytes  07.08.2014 16:51:49
AVWINLL.DLL    : 15.0.10.236    25904 Bytes  07.05.2015 17:26:21
AVPREF.DLL    : 15.0.10.236    52984 Bytes  07.05.2015 17:26:24
AVREP.DLL      : 15.0.10.236  220464 Bytes  07.05.2015 17:26:24
AVARKT.DLL    : 15.0.10.296  228088 Bytes  07.05.2015 17:26:21
AVEVTLOG.DLL  : 15.0.10.296  194296 Bytes  07.05.2015 17:26:22
SQLITE3.DLL    : 15.0.10.236  456440 Bytes  07.05.2015 17:26:34
AVSMTP.DLL    : 15.0.10.236    78128 Bytes  07.05.2015 17:26:25
NETNT.DLL      : 15.0.10.236    16120 Bytes  07.05.2015 17:26:33
CommonImageRc.dll: 15.0.10.236  4355376 Bytes  07.05.2015 17:26:21
CommonTextRc.DLL: 15.0.10.270    70904 Bytes  07.05.2015 17:26:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 4. Juni 2015  00:48

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrCcUxSys.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrYNSvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrCtrlCntr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrStMonW.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfPro5Hook.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'pptd40nt.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'Rezip.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDFProFiltSrvPP.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipsecd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'iked.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'Garmin.Cartography.MapUpdate.CoreService.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'dtpd.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\drivers\beep.sys'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Signiert -> 'C:\windows\system32\imm32.dll'
Signiert -> 'C:\windows\system32\dsound.dll'
Signiert -> 'C:\windows\system32\aclui.dll'
Signiert -> 'C:\windows\system32\msvcrt.dll'
Signiert -> 'C:\windows\system32\d3d9.dll'
Signiert -> 'C:\windows\system32\dnsapi.dll'
Signiert -> 'C:\windows\system32\mshtml.dll'
Signiert -> 'C:\windows\system32\regsvr32.exe'
Signiert -> 'C:\windows\system32\rundll32.exe'
Signiert -> 'C:\windows\system32\userinit.exe'
Signiert -> 'C:\windows\system32\reg.exe'
Signiert -> 'C:\windows\system32\ntvdm.exe'
Signiert -> 'C:\windows\regedit.exe'
Die Systemdateien wurden durchsucht ('35' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5496' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'


Ende des Suchlaufs: Donnerstag, 4. Juni 2015  07:14
Benötigte Zeit:  6:26:40 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  42247 Verzeichnisse wurden überprüft
 4888188 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 4888188 Dateien ohne Befall
  72003 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 209483 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
Ich habe jetzt Malwarebytes im abgesicherten Modus scannen lassen. Das hat funktioniert. Es kam die Meldung, dass der Scan erfolgreich war, keine Malware gefunden wurde und daher kein CleanUp notwendig sei.

Hier das Log File:

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.04.04
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17801
Marc :: C*** [administrator]

04.06.2015 20:29:05
mbar-log-2015-06-04 (20-29-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 89192
Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber 05.06.2015 17:09
Sieht alles gut aus :)

Marc.223 05.06.2015 19:28
Erstnochmal vielen Dank für Eure tolle Hilfe! Ich kann nicht glauben, dass ich so viel Glück gehabt haben kann...

Du meinst also, ich habe nichts eingefangen. Das wäre wirklich toll. Auf jeden Fall habe ich nun gelernt noch aufmerksamer zu sein und lieber einmal mehr zu überlegen, bevor ich auf einen Link klicke! Danke

schrauber 06.06.2015 16:21
Ja, sieht auf jeden Fall so aus :)

Marc.223 07.06.2015 11:52
Hallo Schrauber, ich bins wieder!

Habe zur Sicherheit gestern abend nochmal den EU-Cleaner von Antivir drüber laufen lassen und einen Fund gemeldet bekommen und zwar in einer Datei backup.pst den TR/Dropper.MSIL.Gen.

Bin jetzt etwas verunsichert, ob es sich um eine Falschmeldung handelt, oder sich nicht doch etwas irgendwo versteckt hat.
Wäre nett, wenn DU dich noch mal melden könntest!
DANKE!

schrauber 08.06.2015 06:11
Der Fund bedeutet nur, dass in dem backup deines Emailprogrammes irgend eine Mail drin ist, die evtl nen schädlichen Anhang hat :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131