Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner laut Telekom Madznu, versendet Mails

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.05.2016, 14:01   #1
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Hallo,
uns wurden jetzt 2 Briefe von der Telekom geschickt wegen Mail spams.
Habe alle PCs mit netstat überprüft und Malewarebytes drüber laufen lassen. Bei meiner Oma habe ich dann verdächtige Verbindungen und Dateien gefunden. Bin mir jetzt aber nicht sicher wie die Dateien zu entfernen sind und auch nicht wirklich Lust den PC neu aufzusetzen da ich net so viel Zeit hab.

Anbei 3 Screenshots und Malwarebytes hat diese Dateien auf Virsutotal nicht erkannt.

Einmal Reg Eintrag run & run once und aus dem Temp Verzeichnis.

Vielen Dank im Voraus.
Angehängte Grafiken
Dateityp: png runconce.PNG (6,9 KB, 97x aufgerufen)
Dateityp: png run.PNG (9,0 KB, 149x aufgerufen)
Dateityp: png temp.PNG (21,9 KB, 134x aufgerufen)
Dateityp: png tempexe.PNG (2,3 KB, 98x aufgerufen)

Alt 31.05.2016, 18:13   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 31.05.2016, 22:24   #3
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
durchgeführt von Waltraud (2016-05-31 23:15:10)
Gestartet von D:\Dokumente\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-04-10 00:25:16)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-496538639-4282283023-1573704931-500 - Administrator - Disabled)
Gast (S-1-5-21-496538639-4282283023-1573704931-501 - Limited - Disabled)
Sysadmin (S-1-5-21-496538639-4282283023-1573704931-1000 - Administrator - Enabled) => C:\Users\Sysadmin
Waltraud (S-1-5-21-496538639-4282283023-1573704931-1001 - Administrator - Enabled) => C:\Users\Waltraud

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.2.0 - SlySoft)
Apple Application Support (32-Bit) (HKLM\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{8086BC53-E9B3-4D8B-A39C-469E64FAC30C}) (Version: 2.44.1 - Kovid Goyal)
Camera Recorder (HKLM\...\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}) (Version: 1.0.909.0801 - Camera Recorder)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Elevated Installer (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
FLAC To MP3 V4.0.4 (HKLM\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
Garmin Express (HKLM\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
HDClone 5.1.4 Enterprise Edition (HKLM\...\Miray.HDClone.Professional.5.1.4.1033-{517DC6BE-CD86-448B-AFA4-07396C28AA23}) (Version: 5.1 - Miray Software AG)
iTunes (HKLM\...\{9E9CFD9F-64D6-498F-8584-E5CD08BA60BE}) (Version: 12.3.0.44 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 de) (HKLM\...\Mozilla Thunderbird 38.7.2 (x86 de)) (Version: 38.7.2 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Secunia PSI (3.0.0.10004) (HKLM\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.1106.005.10 - Micro-Star International Co., Ltd.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {3FCD887C-5069-4021-8A4B-391C16DE0C0A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5503116A-88EC-4CC3-872E-28800914CE43} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {55C147C9-13F6-419D-B037-6BACF82053D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6D3D396B-4F08-4762-9C28-9218BBA17C02} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {78272178-ED76-4446-9352-4E022A55130D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DFDA3CA5-4835-4B80-AAE8-083F30FEF370} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-13 19:38 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu
2015-04-10 17:16 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-09-17 15:30 - 2015-09-17 15:30 - 00108544 __RSH () C:\Program Files\SlySoft\AnyDVD\BRD.dll
2014-10-06 05:55 - 2014-10-06 05:55 - 00132608 _____ () C:\Program Files\Miray Virtual Disk 5.0\mvdextx86.dll
2015-04-10 16:55 - 2014-04-30 08:51 - 00123536 _____ () C:\totalcmd\wcmzip32.dll
2016-04-11 08:00 - 2016-04-11 22:03 - 00153032 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2016-04-11 08:00 - 2016-04-11 22:03 - 00022472 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2016-05-30 20:26 - 00001339 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost.loc



==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Waltraud\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B44C59C7-CFE1-43B5-B7FC-933265DDB051}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{61F7CA5C-C755-4611-B2E8-25549309F9D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1505A26C-D065-491D-BBC8-D746AC964E20}] => (Allow) C:\Program Files\Brother\Brmfl10g\FAXRX.exe
FirewallRules: [{80F55C84-541C-479F-B509-F8A3A87160CC}] => (Allow) C:\Program Files\Brother\Brmfl10g\FAXRX.exe
FirewallRules: [{9A8C17F5-E462-495D-99A1-CC266434C640}] => (Allow) LPort=54925
FirewallRules: [{1D2FF277-C59C-49E2-85FA-A04AE321F213}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{EE7A8F75-3D0A-4D10-BB62-5190B20349BF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6CD9E3D0-04BE-4C5A-8B0A-5924C69ABFCD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05B6DDF4-B795-4D54-8FAC-047214524CFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5565BE0D-70ED-4FD7-AC6B-DC09848259FD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A05022D5-47DF-4CA8-B5FC-FEC5D241238F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A3BB4000-056B-4B5E-8E6A-763D4F8687C5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29B0ABA7-EA83-4B28-9A71-2E60DEC483FE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3D145F50-7F87-4CA2-9B76-1C927C2B74E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFFBF6C6-983C-4501-9873-BEB36576036C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4307685-E3F5-46A1-B04F-B87B1353C6F5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3954BDCC-6CB8-434F-BD41-9D6847A775CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{488959AB-7E71-460B-B210-71C7D5F99ECA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D7D19A8-F93E-4515-BF2C-45AFEFE6B8E3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6965E4A5-573C-4459-BED7-34125518C002}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{67DF7829-A75E-4BC5-8CBF-C65158BA3586}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F1D71FE5-7B99-4F38-856B-2293E4657FFE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/31/2016 02:25:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2016 01:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 863294

Error: (05/31/2016 01:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 863294

Error: (05/31/2016 01:31:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2016 12:06:34 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (05/31/2016 12:01:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c19c
ID des fehlerhaften Prozesses: 0x81c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (05/31/2016 11:56:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2016 08:33:34 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (05/30/2016 08:28:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x726f7461
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (05/30/2016 08:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (05/31/2016 11:11:22 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (05/31/2016 10:22:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/31/2016 09:46:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/31/2016 08:46:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/31/2016 01:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (05/31/2016 12:01:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2016 09:03:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR13.

Error: (05/30/2016 09:03:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR13.

Error: (05/30/2016 09:03:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR13.

Error: (05/30/2016 09:03:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR13.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 3037.16 MB
Verfügbarer physikalischer RAM: 2010.96 MB
Summe virtueller Speicher: 6072.64 MB
Verfügbarer virtueller Speicher: 4663.81 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:15.86 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:159.64 GB) (Free:108.27 GB) NTFS
Drive f: (INTENSO) (Fixed) (Total:2794.25 GB) (Free:1316.63 GB) FAT32
Drive h: () (Removable) (Total:14.45 GB) (Free:14.45 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 16662839)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=159.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== Ende vom Addition.txt ============================
         
FRST :

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
durchgeführt von Waltraud (Administrator) auf WALTRAUD-PC (31-05-2016 23:14:01)
Gestartet von D:\Dokumente\Desktop
Geladene Profile: Waltraud (Verfügbare Profile: Sysadmin & Waltraud)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Everything\Everything.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) D:\programme\kies\KiesTrayAgent.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(DEVGURU Co., LTD.) D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\Utilman.exe
(Microsoft Corporation) C:\Windows\System32\grpconv.exe
(Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Sysinternals - www.sysinternals.com) D:\Dokumente\Downloads\Tcpview.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Sysinternals - www.sysinternals.com) D:\Dokumente\Downloads\ProcessExplorer\procexp.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2244608 2009-11-06] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-16] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-15] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => D:\programme\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [9268136 2015-07-20] (SlySoft, Inc.)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [massachusettsburn] => C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe [257336 2016-05-22] () <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [majorityform] => C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe [247808 2016-05-14] () <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [edge-introduce] => C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe [209168 2016-05-20] ()
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [massachusettsfield] => C:\Users\Waltraud\AppData\Local\Temp\Massachusettsdocument\massachusetts_candy.exe <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\RunOnce: [massachusettsburn] => C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe [257336 2016-05-22] () <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\RunOnce: [majorityform] => C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe [247808 2016-05-14] () <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-01]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\PROGRAM FILES\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{D016697E-9AED-4911-837D-EF7A82D70341}: [NameServer] 8.8.8.8,192.168.2.254

Internet Explorer:
==================
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-16] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF user.js: detected! => C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\user.js [2015-04-13]
FF SearchPlugin: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\searchplugins\forestle-de.xml [2010-01-14]
FF Extension: Garmin Communicator - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-27]
FF Extension: Avira Browser Safety - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\abs@avira.com [2016-05-14]
FF Extension: Xmarks - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\foxmarks@kei.com [2016-05-30]
FF Extension: Flagfox - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-05-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-04-13] [ist nicht signiert]
FF Extension: WOT - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: Video DownloadHelper - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Add Bookmark Here - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{F33233B3-EDB1-41f4-8482-917AB190E647} [2015-04-13] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-24]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 Everything; C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] () [Datei ist nicht signiert] <==== ACHTUNG
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 ss_conn_service; D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-04-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [191952 2014-10-06] (Miray)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2015-03-30] (TeamViewer GmbH)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Tosrfcom; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-31 23:13 - 2016-05-31 23:14 - 00000000 ____D C:\FRST
2016-05-31 13:10 - 2016-05-31 13:10 - 00000000 ____D C:\Windows\rescache
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\Program Files\Recuva
2016-05-20 16:29 - 2016-05-20 16:29 - 00000000 ___HD C:\Users\Waltraud\AppData\Roaming\Edgestaff
2016-05-20 09:34 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-20 09:34 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-20 09:34 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-20 09:34 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-20 09:34 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-20 09:34 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-20 09:34 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-20 09:34 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-20 09:34 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-20 09:34 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-20 09:34 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-20 09:34 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-20 09:34 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-20 09:34 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 09:34 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-20 09:34 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-20 09:34 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-20 09:34 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-20 09:34 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-20 09:34 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-20 09:34 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-20 09:34 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-20 09:34 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-20 09:34 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-20 09:34 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-20 09:34 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-20 09:34 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-18 17:19 - 2016-05-31 13:33 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 17:19 - 2016-05-18 17:19 - 00000736 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-18 17:19 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-16 09:58 - 2016-05-19 12:26 - 00000000 ___HD C:\Users\Waltraud\AppData\Roaming\Edge-plant
2016-05-11 12:39 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:39 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:39 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:39 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:39 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:39 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:39 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:39 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:39 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:39 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 12:39 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:39 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:39 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:35 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:35 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:35 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-10 22:50 - 2016-05-10 22:50 - 00000000 ____D C:\Users\Waltraud\AppData\Local\VirtualStore
2016-05-10 17:02 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 17:02 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 17:02 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-10 17:02 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-10 17:01 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-10 17:01 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-10 17:01 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-10 17:01 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-10 17:01 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-10 16:57 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-10 16:57 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-10 16:57 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-10 16:56 - 2016-02-05 20:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-09 07:09 - 2016-05-09 07:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-31 23:07 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-31 23:07 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-31 23:03 - 2015-04-10 14:58 - 00000000 ____D C:\Program Files\TeamViewer
2016-05-31 22:24 - 2015-04-19 18:58 - 00000000 ____D C:\Users\Waltraud\AppData\Roaming\vlc
2016-05-31 14:25 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-31 11:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system
2016-05-30 22:16 - 2011-04-12 03:30 - 00699222 _____ C:\Windows\system32\perfh007.dat
2016-05-30 22:16 - 2011-04-12 03:30 - 00149330 _____ C:\Windows\system32\perfc007.dat
2016-05-30 22:16 - 2010-11-20 23:01 - 01618792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 22:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-25 21:52 - 2015-04-10 20:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-21 12:22 - 2016-01-15 12:59 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-21 12:22 - 2015-07-23 22:14 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-20 20:14 - 2016-02-12 19:38 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-20 18:05 - 2015-04-24 14:40 - 00000000 ____D C:\Users\Waltraud\AppData\Local\calibre-cache
2016-05-20 10:15 - 2015-04-11 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 12:40 - 2015-04-15 21:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 12:40 - 2015-04-10 20:45 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 12:32 - 2015-04-10 20:45 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 10:09 - 2009-07-14 06:33 - 00311616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 10:06 - 2011-04-12 03:39 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 15:40 - 2015-09-17 15:29 - 00000040 ___SH C:\ProgramData\.zreglib
2016-05-09 22:00 - 2015-04-10 02:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-17 15:29 - 2016-05-10 15:40 - 0000040 ___SH () C:\ProgramData\.zreglib

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe


Einige Dateien in TEMP:
====================
C:\Users\Sysadmin\AppData\Local\Temp\bassmod.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-15 10:54

==================== Ende vom FRST.txt ============================
         
__________________

Alt 01.06.2016, 17:17   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Jup, der PC hat erstmal Onlineshoppingpause. Falls sensible Logins vorgenommen wurden, Passwörter von einem anderen PC aus ändern.

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 01.06.2016, 18:04   #5
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Hab beim scannen vergessen 4 Haken auf skip zu stellen, daraufhin das Programm geschlossen und erneut gescanned.

1.
Code:
ATTFilter
18:51:19.0985 0x15c0  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:51:23.0235 0x15c0  ============================================================
18:51:23.0235 0x15c0  Current date / time: 2016/06/01 18:51:23.0235
18:51:23.0235 0x15c0  SystemInfo:
18:51:23.0235 0x15c0  
18:51:23.0235 0x15c0  OS Version: 6.1.7601 ServicePack: 1.0
18:51:23.0235 0x15c0  Product type: Workstation
18:51:23.0235 0x15c0  ComputerName: WALTRAUD-PC
18:51:23.0235 0x15c0  UserName: Waltraud
18:51:23.0235 0x15c0  Windows directory: C:\Windows
18:51:23.0235 0x15c0  System windows directory: C:\Windows
18:51:23.0235 0x15c0  Processor architecture: Intel x86
18:51:23.0235 0x15c0  Number of processors: 2
18:51:23.0235 0x15c0  Page size: 0x1000
18:51:23.0235 0x15c0  Boot type: Normal boot
18:51:23.0235 0x15c0  ============================================================
18:51:28.0457 0x15c0  KLMD registered as C:\Windows\system32\drivers\00281336.sys
18:51:28.0762 0x15c0  System UUID: {852B4409-D84E-E480-DEE1-89BE361F532C}
18:51:29.0261 0x15c0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:51:29.0266 0x15c0  Drive \Device\Harddisk1\DR1 - Size: 0x39D400000 ( 14.46 Gb ), SectorSize: 0x200, Cylinders: 0x75F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:51:29.0266 0x15c0  Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:51:29.0266 0x15c0  ============================================================
18:51:29.0266 0x15c0  \Device\Harddisk0\DR0:
18:51:29.0266 0x15c0  MBR partitions:
18:51:29.0266 0x15c0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:51:29.0266 0x15c0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x924A000
18:51:29.0266 0x15c0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x13F48000
18:51:29.0266 0x15c0  \Device\Harddisk1\DR1:
18:51:29.0266 0x15c0  MBR partitions:
18:51:29.0271 0x15c0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1CE8000
18:51:29.0271 0x15c0  \Device\Harddisk2\DR2:
18:51:29.0491 0x15c0  MBR partitions:
18:51:29.0491 0x15c0  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x100, BlocksNum 0x2BAA0920
18:51:29.0491 0x15c0  ============================================================
18:51:29.0526 0x15c0  C: <-> \Device\Harddisk0\DR0\Partition2
18:51:29.0526 0x15c0  F: <-> \Device\Harddisk2\DR2\Partition1
18:51:29.0586 0x15c0  D: <-> \Device\Harddisk0\DR0\Partition3
18:51:29.0586 0x15c0  ============================================================
18:51:29.0586 0x15c0  Initialize success
18:51:29.0586 0x15c0  ============================================================
18:51:35.0444 0x1618  ============================================================
18:51:35.0444 0x1618  Scan started
18:51:35.0444 0x1618  Mode: Manual; SigCheck; TDLFS; 
18:51:35.0444 0x1618  ============================================================
18:51:35.0444 0x1618  KSN ping started
18:51:58.0546 0x1618  KSN ping finished: false
18:51:59.0801 0x1618  ================ Scan system memory ========================
18:51:59.0801 0x1618  System memory - ok
18:51:59.0801 0x1618  ================ Scan services =============================
18:52:00.0011 0x1618  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:52:00.0116 0x1618  1394ohci - ok
18:52:00.0171 0x1618  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:52:00.0196 0x1618  ACPI - ok
18:52:00.0231 0x1618  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:52:00.0316 0x1618  AcpiPmi - ok
18:52:00.0496 0x1618  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:52:00.0526 0x1618  AdobeARMservice - ok
18:52:00.0561 0x1618  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:52:00.0601 0x1618  adp94xx - ok
18:52:00.0641 0x1618  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:52:00.0661 0x1618  adpahci - ok
18:52:00.0686 0x1618  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:52:00.0706 0x1618  adpu320 - ok
18:52:00.0761 0x1618  [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:52:00.0846 0x1618  AeLookupSvc - ok
18:52:00.0921 0x1618  [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD             C:\Windows\system32\drivers\afd.sys
18:52:00.0981 0x1618  AFD - ok
18:52:01.0011 0x1618  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:52:01.0026 0x1618  agp440 - ok
18:52:01.0386 0x1618  [ C17171E63E84F5711DF23B8F1E7A100E, C2AFDDA0A1A502FAE6B51BD00FF5884F46A74D9AEC76856B32E82D244D14FA97 ] AGSService      C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
18:52:01.0477 0x1618  AGSService - ok
18:52:01.0518 0x1618  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:52:01.0538 0x1618  aic78xx - ok
18:52:01.0583 0x1618  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
18:52:01.0633 0x1618  ALG - ok
18:52:01.0688 0x1618  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:52:01.0718 0x1618  aliide - ok
18:52:01.0738 0x1618  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:52:01.0758 0x1618  amdagp - ok
18:52:01.0788 0x1618  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:52:01.0803 0x1618  amdide - ok
18:52:01.0833 0x1618  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:52:01.0873 0x1618  AmdK8 - ok
18:52:01.0893 0x1618  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:52:01.0933 0x1618  AmdPPM - ok
18:52:01.0983 0x1618  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:52:02.0003 0x1618  amdsata - ok
18:52:02.0028 0x1618  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:52:02.0048 0x1618  amdsbs - ok
18:52:02.0068 0x1618  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:52:02.0083 0x1618  amdxata - ok
18:52:02.0158 0x1618  [ 40DC9657AA9A31C76AF36CA66BF18C8F, 7D9C19D4920A8A9B2527FA50A8EE951A1087DF30325D49B849DFC68AA8E50DB8 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
18:52:02.0178 0x1618  AnyDVD - ok
18:52:02.0223 0x1618  [ C7F5CAE0B450BE875EEE0E6DDFA771FE, 4FDDC802C245606C8A9140F8DF3445FDD6F7112A516F68A04EA15CEB92852E67 ] AppID           C:\Windows\system32\drivers\appid.sys
18:52:02.0283 0x1618  AppID - ok
18:52:02.0308 0x1618  [ 8333787D8FCA460C0DD70436464A8A8D, 00AE5CE2FB2DF53B5850B561120A29F757A482115E4D8A52D8033502A45B138D ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:52:02.0333 0x1618  AppIDSvc - ok
18:52:02.0373 0x1618  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\Windows\System32\appinfo.dll
18:52:02.0403 0x1618  Appinfo - ok
18:52:02.0483 0x1618  [ A9AE03362A846898368653E94B6DB1AA, EF6EE35E85C75561C1E6D38D0005C8E31FF492F0B2CDEB914ACA4E026759511D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:52:02.0493 0x1618  Apple Mobile Device - ok
18:52:02.0543 0x1618  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:52:02.0583 0x1618  AppMgmt - ok
18:52:02.0623 0x1618  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
18:52:02.0643 0x1618  arc - ok
18:52:02.0663 0x1618  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:52:02.0684 0x1618  arcsas - ok
18:52:02.0805 0x1618  [ 4170FD789CDDE8767972C7C87E6B3400, 36403DF991F451A2A539B7C9BBF1310768701F68AC5EFFA1E5EE0C07A427E5ED ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:52:02.0895 0x1618  aspnet_state - ok
18:52:02.0920 0x1618  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:03.0035 0x1618  AsyncMac - ok
18:52:03.0065 0x1618  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:52:03.0080 0x1618  atapi - ok
18:52:03.0225 0x1618  [ 9B8C87C27A166CE84BE6EDDBA3854527, 1E549EF760B9D5A1245E76CA936F96472973E1C306BC83ABF28FE104E4BE7370 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:52:03.0395 0x1618  athr - ok
18:52:03.0475 0x1618  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:52:03.0545 0x1618  AudioEndpointBuilder - ok
18:52:03.0565 0x1618  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:52:03.0595 0x1618  Audiosrv - ok
18:52:03.0635 0x1618  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:52:03.0700 0x1618  AxInstSV - ok
18:52:03.0765 0x1618  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
18:52:03.0815 0x1618  b06bdrv - ok
18:52:03.0845 0x1618  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:52:03.0890 0x1618  b57nd60x - ok
18:52:03.0942 0x1618  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
18:52:03.0992 0x1618  BDESVC - ok
18:52:04.0017 0x1618  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:52:04.0047 0x1618  Beep - ok
18:52:04.0092 0x1618  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
18:52:04.0187 0x1618  BFE - ok
18:52:04.0262 0x1618  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
18:52:04.0412 0x1618  BITS - ok
18:52:04.0437 0x1618  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:52:04.0452 0x1618  blbdrive - ok
18:52:04.0572 0x1618  [ 5EA9C80F18CBC393EA7D9A2991DED4B5, 7E5EB1CE44FEBE93686174058D51581FA00BDFF0EBB84BD74BC08F6386019253 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:52:04.0602 0x1618  Bonjour Service - ok
18:52:04.0637 0x1618  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:52:04.0677 0x1618  bowser - ok
18:52:04.0702 0x1618  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:52:04.0747 0x1618  BrFiltLo - ok
18:52:04.0772 0x1618  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:52:04.0807 0x1618  BrFiltUp - ok
18:52:04.0872 0x1618  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
18:52:04.0942 0x1618  Browser - ok
18:52:04.0967 0x1618  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:52:05.0017 0x1618  Brserid - ok
18:52:05.0042 0x1618  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:52:05.0077 0x1618  BrSerWdm - ok
18:52:05.0102 0x1618  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:52:05.0122 0x1618  BrUsbMdm - ok
18:52:05.0132 0x1618  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:52:05.0182 0x1618  BrUsbSer - ok
18:52:05.0329 0x1618  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
18:52:05.0379 0x1618  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:52:13.0615 0x1618  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
18:52:13.0632 0x1618  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:52:13.0697 0x1618  BTHMODEM - ok
18:52:13.0762 0x1618  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
18:52:13.0812 0x1618  bthserv - ok
18:52:13.0832 0x1618  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:52:13.0867 0x1618  cdfs - ok
18:52:13.0922 0x1618  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:52:13.0962 0x1618  cdrom - ok
18:52:13.0992 0x1618  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:52:14.0032 0x1618  CertPropSvc - ok
18:52:14.0057 0x1618  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:52:14.0107 0x1618  circlass - ok
18:52:14.0147 0x1618  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
18:52:14.0172 0x1618  CLFS - ok
18:52:14.0232 0x1618  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:14.0252 0x1618  clr_optimization_v2.0.50727_32 - ok
18:52:14.0312 0x1618  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:14.0377 0x1618  clr_optimization_v4.0.30319_32 - ok
18:52:14.0397 0x1618  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:14.0442 0x1618  CmBatt - ok
18:52:14.0462 0x1618  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:52:14.0477 0x1618  cmdide - ok
18:52:14.0537 0x1618  [ FAE0008AB5BF34E41EC95A8087E94454, AE97D2057FCC5CA2E7DFBE81EA9A84E5EF955CC1F0F21B437ECBB602C85F9B96 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:52:14.0587 0x1618  CNG - ok
18:52:14.0627 0x1618  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:52:14.0642 0x1618  Compbatt - ok
18:52:14.0672 0x1618  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:52:14.0707 0x1618  CompositeBus - ok
18:52:14.0717 0x1618  COMSysApp - ok
18:52:14.0742 0x1618  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:52:14.0757 0x1618  crcdisk - ok
18:52:14.0807 0x1618  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:52:14.0857 0x1618  CryptSvc - ok
18:52:14.0907 0x1618  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
18:52:14.0947 0x1618  CSC - ok
18:52:14.0992 0x1618  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
18:52:15.0032 0x1618  CscService - ok
18:52:15.0082 0x1618  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:52:15.0132 0x1618  DcomLaunch - ok
18:52:15.0166 0x1618  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
18:52:15.0199 0x1618  defragsvc - ok
18:52:15.0229 0x1618  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:52:15.0274 0x1618  DfsC - ok
18:52:15.0309 0x1618  dgderdrv - ok
18:52:15.0349 0x1618  [ CFD472DDF02D675D74144A8BD63B4B10, 58D7142129F49F38D832419BDAC70F21851807918343222F6B58FDFA2408F8EF ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:52:15.0369 0x1618  dg_ssudbus - ok
18:52:15.0419 0x1618  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:52:15.0469 0x1618  Dhcp - ok
18:52:15.0559 0x1618  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:52:15.0659 0x1618  DiagTrack - ok
18:52:15.0694 0x1618  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
18:52:15.0734 0x1618  discache - ok
18:52:15.0804 0x1618  [ B7B470F163002A0D0E381EE45834BF6B, 5B5E204341A6B1689C3F8717C41782B1A077A026F8B19DA3DE08CA44AB1D95B2 ] Disk            C:\Windows\system32\drivers\disk.sys
18:52:15.0844 0x1618  Disk - ok
18:52:15.0881 0x1618  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:52:15.0931 0x1618  dmvsc - ok
18:52:15.0976 0x1618  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:52:16.0051 0x1618  Dnscache - ok
18:52:16.0101 0x1618  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:52:16.0151 0x1618  dot3svc - ok
18:52:16.0186 0x1618  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
18:52:16.0236 0x1618  DPS - ok
18:52:16.0281 0x1618  [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:52:16.0316 0x1618  drmkaud - ok
18:52:16.0386 0x1618  [ 4B21D102E49E9D44C478D6766A7FCBE5, 7CEEBCF81EE23876F039ED1222020D6F45FE6B3A5CE3BB93DDA3B8BBEAA15E47 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:52:16.0421 0x1618  DXGKrnl - ok
18:52:16.0463 0x1618  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
18:52:16.0508 0x1618  EapHost - ok
18:52:16.0683 0x1618  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
18:52:16.0848 0x1618  ebdrv - ok
18:52:16.0893 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] EFS             C:\Windows\System32\lsass.exe
18:52:16.0938 0x1618  EFS - ok
18:52:17.0018 0x1618  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:52:17.0093 0x1618  ehRecvr - ok
18:52:17.0118 0x1618  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
18:52:17.0153 0x1618  ehSched - ok
18:52:17.0205 0x1618  [ 72753D5CC94A90F5CFC6C00ECC47163F, 824EEDCB94334912D8C44BC9626723F142DA95E9494C4B7D2F6EC7899CFF1DD2 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
18:52:17.0215 0x1618  ElbyCDIO - ok
18:52:17.0300 0x1618  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:52:17.0335 0x1618  elxstor - ok
18:52:17.0350 0x1618  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:52:17.0385 0x1618  ErrDev - ok
18:52:17.0435 0x1618  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
18:52:17.0505 0x1618  EventSystem - ok
18:52:17.0625 0x1618  [ 9D54F3E5E4D102AB27E190CBEC14B355, AECF6C3634557937F8CE2D353A3C3B1FC31E33CB66C2926ADD2C99756EB09F88 ] Everything      C:\Program Files\Everything\Everything.exe
18:52:17.0700 0x1618  Everything - detected UnsignedFile.Multi.Generic ( 1 )
18:52:17.0700 0x1618  Everything ( UnsignedFile.Multi.Generic ) - warning
18:52:17.0745 0x1618  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:52:17.0780 0x1618  exfat - ok
18:52:17.0810 0x1618  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:52:17.0855 0x1618  fastfat - ok
18:52:17.0905 0x1618  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
18:52:17.0975 0x1618  Fax - ok
18:52:17.0990 0x1618  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
18:52:18.0020 0x1618  fdc - ok
18:52:18.0040 0x1618  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
18:52:18.0070 0x1618  fdPHost - ok
18:52:18.0090 0x1618  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:52:18.0135 0x1618  FDResPub - ok
18:52:18.0165 0x1618  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:52:18.0180 0x1618  FileInfo - ok
18:52:18.0195 0x1618  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:52:18.0240 0x1618  Filetrace - ok
18:52:18.0265 0x1618  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:52:18.0280 0x1618  flpydisk - ok
18:52:18.0315 0x1618  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:52:18.0335 0x1618  FltMgr - ok
18:52:18.0460 0x1618  [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache       C:\Windows\system32\FntCache.dll
18:52:18.0575 0x1618  FontCache - ok
18:52:18.0645 0x1618  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:52:18.0670 0x1618  FontCache3.0.0.0 - ok
18:52:18.0685 0x1618  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:52:18.0700 0x1618  FsDepends - ok
18:52:18.0745 0x1618  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:52:18.0760 0x1618  Fs_Rec - ok
18:52:18.0810 0x1618  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:52:18.0835 0x1618  fvevol - ok
18:52:18.0885 0x1618  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:52:18.0900 0x1618  gagp30kx - ok
18:52:19.0065 0x1618  [ 5CEA11F0A0F8ECC5549A36219563B3A7, 2DF35C089BD78D6CBBFDE8E8554DD82F9591B1F549E8F0BF332804C6A19042AC ] Garmin Device Interaction Service C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
18:52:19.0100 0x1618  Garmin Device Interaction Service - ok
18:52:19.0160 0x1618  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:52:19.0170 0x1618  GEARAspiWDM - ok
18:52:19.0250 0x1618  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:52:19.0320 0x1618  gpsvc - ok
18:52:19.0345 0x1618  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:52:19.0390 0x1618  hcw85cir - ok
18:52:19.0445 0x1618  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:52:19.0485 0x1618  HdAudAddService - ok
18:52:19.0515 0x1618  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:52:19.0550 0x1618  HDAudBus - ok
18:52:19.0575 0x1618  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:52:19.0630 0x1618  HidBatt - ok
18:52:19.0655 0x1618  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:52:19.0676 0x1618  HidBth - ok
18:52:19.0696 0x1618  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:52:19.0711 0x1618  HidIr - ok
18:52:19.0751 0x1618  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
18:52:19.0801 0x1618  hidserv - ok
18:52:19.0846 0x1618  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:52:19.0876 0x1618  HidUsb - ok
18:52:19.0921 0x1618  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:52:19.0951 0x1618  hkmsvc - ok
18:52:19.0986 0x1618  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:52:20.0021 0x1618  HomeGroupListener - ok
18:52:20.0066 0x1618  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:52:20.0091 0x1618  HomeGroupProvider - ok
18:52:20.0141 0x1618  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:52:20.0161 0x1618  HpSAMD - ok
18:52:20.0216 0x1618  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:52:20.0286 0x1618  HTTP - ok
18:52:20.0301 0x1618  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:52:20.0316 0x1618  hwpolicy - ok
18:52:20.0356 0x1618  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:52:20.0386 0x1618  i8042prt - ok
18:52:20.0436 0x1618  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:52:20.0461 0x1618  iaStorV - ok
18:52:20.0541 0x1618  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:52:20.0611 0x1618  idsvc - ok
18:52:20.0631 0x1618  IEEtwCollectorService - ok
18:52:20.0878 0x1618  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:52:21.0148 0x1618  igfx - ok
18:52:21.0201 0x1618  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:52:21.0215 0x1618  iirsp - ok
18:52:21.0290 0x1618  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:52:21.0350 0x1618  IKEEXT - ok
18:52:21.0534 0x1618  [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:52:21.0702 0x1618  IntcAzAudAddService - ok
18:52:21.0737 0x1618  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:52:21.0752 0x1618  intelide - ok
18:52:21.0822 0x1618  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:52:21.0887 0x1618  intelppm - ok
18:52:21.0922 0x1618  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:52:21.0982 0x1618  IPBusEnum - ok
18:52:22.0007 0x1618  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:52:22.0037 0x1618  IpFilterDriver - ok
18:52:22.0097 0x1618  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:52:22.0177 0x1618  iphlpsvc - ok
18:52:22.0187 0x1618  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:52:22.0226 0x1618  IPMIDRV - ok
18:52:22.0259 0x1618  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:52:22.0309 0x1618  IPNAT - ok
18:52:22.0394 0x1618  [ 909FC8F4260295FEFE28DF3DBE85A497, 0FE8615217F3832A8C851A1E4A91C97F722818BD875EB054B86E428ECE4109FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:52:22.0454 0x1618  iPod Service - ok
18:52:22.0474 0x1618  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:52:22.0489 0x1618  IRENUM - ok
18:52:22.0509 0x1618  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:52:22.0524 0x1618  isapnp - ok
18:52:22.0579 0x1618  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:52:22.0634 0x1618  iScsiPrt - ok
18:52:22.0665 0x1618  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:52:22.0676 0x1618  kbdclass - ok
18:52:22.0711 0x1618  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:52:22.0741 0x1618  kbdhid - ok
18:52:22.0766 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] KeyIso          C:\Windows\system32\lsass.exe
18:52:22.0781 0x1618  KeyIso - ok
18:52:22.0826 0x1618  [ 37507B2F0EA8C2A7CFE120E6EE2128B5, 0691D6F9E47FF46A7B58FB2A7298F13EABE3125848B7966F6B38A38A829820B9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:52:22.0841 0x1618  KSecDD - ok
18:52:22.0861 0x1618  [ D94D58A52BFC1352E82EBECADE518B6D, 8B5418D2026C2081BD5124D1BE167BED315AB5F88CC57A9BDBB688A30B50F8EE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:52:22.0881 0x1618  KSecPkg - ok
18:52:22.0916 0x1618  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:52:22.0966 0x1618  KtmRm - ok
18:52:23.0006 0x1618  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:52:23.0041 0x1618  LanmanServer - ok
18:52:23.0076 0x1618  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:52:23.0111 0x1618  LanmanWorkstation - ok
18:52:23.0166 0x1618  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:52:23.0216 0x1618  lltdio - ok
18:52:23.0256 0x1618  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:52:23.0321 0x1618  lltdsvc - ok
18:52:23.0336 0x1618  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:52:23.0376 0x1618  lmhosts - ok
18:52:23.0401 0x1618  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:52:23.0421 0x1618  LSI_FC - ok
18:52:23.0456 0x1618  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:52:23.0476 0x1618  LSI_SAS - ok
18:52:23.0496 0x1618  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:52:23.0511 0x1618  LSI_SAS2 - ok
18:52:23.0526 0x1618  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:52:23.0546 0x1618  LSI_SCSI - ok
18:52:23.0581 0x1618  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:52:23.0611 0x1618  luafv - ok
18:52:23.0661 0x1618  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:52:23.0685 0x1618  Mcx2Svc - ok
18:52:23.0708 0x1618  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:52:23.0722 0x1618  megasas - ok
18:52:23.0742 0x1618  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:52:23.0767 0x1618  MegaSR - ok
18:52:23.0857 0x1618  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
18:52:23.0892 0x1618  Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
18:52:23.0892 0x1618  Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
18:52:23.0892 0x1618  Force sending object to P2P due to detect: Micro Star SCM
18:52:23.0897 0x1618  Object send P2P result: false
18:52:23.0957 0x1618  [ 6DA1A915A9E71C8E4B44D15586E7E9E7, B36D1AFA41967DC7C5B54E175112D8E1516D401DACC0A0AC23F2DCEC7B64F8F2 ] MirayVirtualDisk C:\Windows\system32\DRIVERS\mvdo.sys
18:52:23.0977 0x1618  MirayVirtualDisk - ok
18:52:24.0007 0x1618  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
18:52:24.0052 0x1618  MMCSS - ok
18:52:24.0082 0x1618  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
18:52:24.0147 0x1618  Modem - ok
18:52:24.0182 0x1618  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:52:24.0202 0x1618  monitor - ok
18:52:24.0237 0x1618  [ 111A023266532C621EE69AE96E47081E, D933340AF838D94F25C74F9D46A74DE3B45F29B896AFA49A03676BAB8CD400CF ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
18:52:24.0247 0x1618  MonitorFunction - ok
18:52:24.0277 0x1618  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:52:24.0292 0x1618  mouclass - ok
18:52:24.0317 0x1618  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:52:24.0342 0x1618  mouhid - ok
18:52:24.0382 0x1618  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:52:24.0397 0x1618  mountmgr - ok
18:52:24.0452 0x1618  [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:52:24.0472 0x1618  MozillaMaintenance - ok
18:52:24.0492 0x1618  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:52:24.0512 0x1618  mpio - ok
18:52:24.0542 0x1618  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:52:24.0582 0x1618  mpsdrv - ok
18:52:24.0632 0x1618  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:52:24.0697 0x1618  MpsSvc - ok
18:52:24.0752 0x1618  [ 6430A074F6E32176FBEF2DEB110AE952, 0161B3CBCF427F5F9C47EDBA7F6848D9D6EB58B7EF203881E0D288B5ABAEEB98 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:52:24.0797 0x1618  MRxDAV - ok
18:52:24.0842 0x1618  [ C04D36B97BCEE4A83EC34325A3424768, 904C8A4875E0016C3F3659B5E1A748EE284789BF7C380E4F83148C2B1FC09D3B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:52:24.0862 0x1618  mrxsmb - ok
18:52:24.0887 0x1618  [ 84D65385A4DF3577C9CA697B67DFCE26, 19838CC40945403988C4533A2CF09CA5305BEBD8170093C7567722CC3E918AA5 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:52:24.0907 0x1618  mrxsmb10 - ok
18:52:24.0927 0x1618  [ 8758312AE2602620E6C972F527EC64ED, 4DFFEAE6A34F5EDBD8D53FCEE63A3742BEAF93A01769AD3BCB8D5C25C51D0A45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:52:24.0962 0x1618  mrxsmb20 - ok
18:52:24.0992 0x1618  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:52:25.0007 0x1618  msahci - ok
18:52:25.0037 0x1618  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:52:25.0057 0x1618  msdsm - ok
18:52:25.0082 0x1618  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
18:52:25.0117 0x1618  MSDTC - ok
18:52:25.0162 0x1618  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:52:25.0212 0x1618  Msfs - ok
18:52:25.0227 0x1618  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:52:25.0257 0x1618  mshidkmdf - ok
18:52:25.0277 0x1618  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:52:25.0292 0x1618  msisadrv - ok
18:52:25.0337 0x1618  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:52:25.0377 0x1618  MSiSCSI - ok
18:52:25.0387 0x1618  msiserver - ok
18:52:25.0407 0x1618  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:52:25.0462 0x1618  MSKSSRV - ok
18:52:25.0482 0x1618  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:52:25.0512 0x1618  MSPCLOCK - ok
18:52:25.0527 0x1618  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:52:25.0557 0x1618  MSPQM - ok
18:52:25.0587 0x1618  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:52:25.0607 0x1618  MsRPC - ok
18:52:25.0632 0x1618  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:52:25.0642 0x1618  mssmbios - ok
18:52:25.0667 0x1618  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:52:25.0717 0x1618  MSTEE - ok
18:52:25.0737 0x1618  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:52:25.0752 0x1618  MTConfig - ok
18:52:25.0772 0x1618  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:52:25.0787 0x1618  Mup - ok
18:52:25.0864 0x1618  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
18:52:25.0914 0x1618  napagent - ok
18:52:25.0954 0x1618  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:52:25.0994 0x1618  NativeWifiP - ok
18:52:26.0079 0x1618  [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:52:26.0129 0x1618  NDIS - ok
18:52:26.0159 0x1618  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:52:26.0204 0x1618  NdisCap - ok
18:52:26.0239 0x1618  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:52:26.0284 0x1618  NdisTapi - ok
18:52:26.0499 0x1618  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:52:26.0539 0x1618  Ndisuio - ok
18:52:26.0564 0x1618  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:52:26.0614 0x1618  NdisWan - ok
18:52:26.0634 0x1618  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:52:26.0684 0x1618  NDProxy - ok
18:52:26.0709 0x1618  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:52:26.0744 0x1618  NetBIOS - ok
18:52:26.0754 0x1618  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:52:26.0809 0x1618  NetBT - ok
18:52:26.0842 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] Netlogon        C:\Windows\system32\lsass.exe
18:52:26.0864 0x1618  Netlogon - ok
18:52:26.0910 0x1618  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
18:52:26.0956 0x1618  Netman - ok
18:52:27.0006 0x1618  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:52:27.0046 0x1618  NetMsmqActivator - ok
18:52:27.0056 0x1618  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:52:27.0076 0x1618  NetPipeActivator - ok
18:52:27.0116 0x1618  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
18:52:27.0166 0x1618  netprofm - ok
18:52:27.0186 0x1618  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:52:27.0206 0x1618  NetTcpActivator - ok
18:52:27.0216 0x1618  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:52:27.0236 0x1618  NetTcpPortSharing - ok
18:52:27.0266 0x1618  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:52:27.0281 0x1618  nfrd960 - ok
18:52:27.0331 0x1618  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:52:27.0396 0x1618  NlaSvc - ok
18:52:27.0421 0x1618  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:52:27.0461 0x1618  Npfs - ok
18:52:27.0496 0x1618  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
18:52:27.0526 0x1618  nsi - ok
18:52:27.0546 0x1618  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:52:27.0591 0x1618  nsiproxy - ok
18:52:27.0681 0x1618  [ 978E7A2E4BF4E8E70D0776EF0D9E97FB, B6C82BB9B3025FD2D37B6AB6FA9C2944F8B3020CD4588BE464CE73A992B7FF00 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:52:27.0756 0x1618  Ntfs - ok
18:52:27.0791 0x1618  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
18:52:27.0841 0x1618  Null - ok
18:52:27.0888 0x1618  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:52:27.0908 0x1618  nvraid - ok
18:52:27.0923 0x1618  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:52:27.0938 0x1618  nvstor - ok
18:52:27.0963 0x1618  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:52:27.0983 0x1618  nv_agp - ok
18:52:27.0993 0x1618  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:52:28.0008 0x1618  ohci1394 - ok
18:52:28.0078 0x1618  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:52:28.0093 0x1618  ose - ok
18:52:28.0383 0x1618  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:52:28.0636 0x1618  osppsvc - ok
18:52:28.0710 0x1618  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:52:28.0765 0x1618  p2pimsvc - ok
18:52:28.0805 0x1618  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:52:28.0845 0x1618  p2psvc - ok
18:52:28.0880 0x1618  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
18:52:28.0930 0x1618  Parport - ok
18:52:28.0965 0x1618  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:52:28.0980 0x1618  partmgr - ok
18:52:28.0995 0x1618  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:52:29.0020 0x1618  Parvdm - ok
18:52:29.0065 0x1618  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:52:29.0125 0x1618  PcaSvc - ok
18:52:29.0150 0x1618  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
18:52:29.0165 0x1618  pci - ok
18:52:29.0210 0x1618  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:52:29.0220 0x1618  pciide - ok
18:52:29.0250 0x1618  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:52:29.0270 0x1618  pcmcia - ok
18:52:29.0285 0x1618  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:52:29.0300 0x1618  pcw - ok
18:52:29.0355 0x1618  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:52:29.0405 0x1618  PEAUTH - ok
18:52:29.0470 0x1618  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:52:29.0570 0x1618  PeerDistSvc - ok
18:52:29.0675 0x1618  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
18:52:29.0791 0x1618  pla - ok
18:52:29.0846 0x1618  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:52:29.0906 0x1618  PlugPlay - ok
18:52:29.0921 0x1618  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:52:29.0951 0x1618  PNRPAutoReg - ok
18:52:29.0976 0x1618  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:52:30.0001 0x1618  PNRPsvc - ok
18:52:30.0046 0x1618  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:52:30.0097 0x1618  PolicyAgent - ok
18:52:30.0138 0x1618  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
18:52:30.0188 0x1618  Power - ok
18:52:30.0223 0x1618  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:52:30.0263 0x1618  PptpMiniport - ok
18:52:30.0283 0x1618  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
18:52:30.0308 0x1618  Processor - ok
18:52:30.0353 0x1618  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:52:30.0378 0x1618  ProfSvc - ok
18:52:30.0403 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:52:30.0418 0x1618  ProtectedStorage - ok
18:52:30.0468 0x1618  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:52:30.0518 0x1618  Psched - ok
18:52:30.0568 0x1618  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
18:52:30.0583 0x1618  PSI - ok
18:52:30.0683 0x1618  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:52:30.0778 0x1618  ql2300 - ok
18:52:30.0803 0x1618  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:52:30.0818 0x1618  ql40xx - ok
18:52:30.0863 0x1618  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
18:52:30.0898 0x1618  QWAVE - ok
18:52:30.0918 0x1618  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:52:30.0943 0x1618  QWAVEdrv - ok
18:52:30.0963 0x1618  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:52:31.0008 0x1618  RasAcd - ok
18:52:31.0033 0x1618  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:52:31.0063 0x1618  RasAgileVpn - ok
18:52:31.0103 0x1618  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
18:52:31.0138 0x1618  RasAuto - ok
18:52:31.0153 0x1618  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:52:31.0183 0x1618  Rasl2tp - ok
18:52:31.0213 0x1618  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
18:52:31.0253 0x1618  RasMan - ok
18:52:31.0273 0x1618  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:52:31.0303 0x1618  RasPppoe - ok
18:52:31.0353 0x1618  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:52:31.0378 0x1618  RasSstp - ok
18:52:31.0408 0x1618  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:52:31.0443 0x1618  rdbss - ok
18:52:31.0463 0x1618  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:52:31.0503 0x1618  rdpbus - ok
18:52:31.0518 0x1618  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:52:31.0543 0x1618  RDPCDD - ok
18:52:31.0573 0x1618  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:52:31.0603 0x1618  RDPDR - ok
18:52:31.0628 0x1618  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:52:31.0663 0x1618  RDPENCDD - ok
18:52:31.0683 0x1618  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:52:31.0708 0x1618  RDPREFMP - ok
18:52:31.0798 0x1618  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:52:31.0848 0x1618  RdpVideoMiniport - ok
18:52:31.0888 0x1618  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:52:31.0933 0x1618  RDPWD - ok
18:52:31.0968 0x1618  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:52:31.0988 0x1618  rdyboost - ok
18:52:32.0028 0x1618  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:52:32.0058 0x1618  RemoteAccess - ok
18:52:32.0093 0x1618  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:52:32.0128 0x1618  RemoteRegistry - ok
18:52:32.0153 0x1618  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:52:32.0203 0x1618  RpcEptMapper - ok
18:52:32.0228 0x1618  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
18:52:32.0259 0x1618  RpcLocator - ok
18:52:32.0294 0x1618  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] RpcSs           C:\Windows\system32\rpcss.dll
18:52:32.0324 0x1618  RpcSs - ok
18:52:32.0369 0x1618  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:52:32.0419 0x1618  rspndr - ok
18:52:32.0499 0x1618  [ B87F999E05DD9C0312C83A8752E8E66B, 88FCCFDC3C51396BC495CCB734B829D55D17B9C56FC21F5A57555A5A3236C9D7 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:52:32.0529 0x1618  RSUSBSTOR - ok
18:52:32.0594 0x1618  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
18:52:32.0619 0x1618  RTL8167 - ok
18:52:32.0639 0x1618  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:52:32.0654 0x1618  s3cap - ok
18:52:32.0674 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] SamSs           C:\Windows\system32\lsass.exe
18:52:32.0699 0x1618  SamSs - ok
18:52:32.0727 0x1618  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:52:32.0741 0x1618  sbp2port - ok
18:52:32.0796 0x1618  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:52:32.0841 0x1618  SCardSvr - ok
18:52:32.0856 0x1618  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:52:32.0901 0x1618  scfilter - ok
18:52:32.0986 0x1618  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
18:52:33.0056 0x1618  Schedule - ok
18:52:33.0081 0x1618  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:52:33.0111 0x1618  SCPolicySvc - ok
18:52:33.0136 0x1618  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:52:33.0166 0x1618  SDRSVC - ok
18:52:33.0206 0x1618  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:52:33.0246 0x1618  secdrv - ok
18:52:33.0286 0x1618  [ 38CBFFED5FC39CDFE6B4014401ED2629, 7BA730E2EDB8387190E45DA2F475BFE42AB3B12319DE088BD8E9F59227EDA4DD ] seclogon        C:\Windows\system32\seclogon.dll
18:52:33.0326 0x1618  seclogon - ok
18:52:33.0446 0x1618  [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
18:52:33.0543 0x1618  Secunia PSI Agent - ok
18:52:33.0618 0x1618  [ 508DD2E1D5F272B2D3196335DEA2BC26, 2BDC828DB9D9766445C345E82751FA7EF94A089EC84565675EDADE3EC7EB5748 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
18:52:33.0678 0x1618  Secunia Update Agent - ok
18:52:33.0714 0x1618  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
18:52:33.0749 0x1618  SENS - ok
18:52:33.0779 0x1618  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:52:33.0809 0x1618  SensrSvc - ok
18:52:33.0839 0x1618  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:52:33.0854 0x1618  Serenum - ok
18:52:33.0879 0x1618  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
18:52:33.0899 0x1618  Serial - ok
18:52:33.0919 0x1618  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:52:33.0934 0x1618  sermouse - ok
18:52:33.0964 0x1618  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:52:34.0009 0x1618  SessionEnv - ok
18:52:34.0024 0x1618  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:52:34.0054 0x1618  sffdisk - ok
18:52:34.0064 0x1618  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:52:34.0089 0x1618  sffp_mmc - ok
18:52:34.0094 0x1618  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:52:34.0114 0x1618  sffp_sd - ok
18:52:34.0139 0x1618  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:52:34.0164 0x1618  sfloppy - ok
18:52:34.0204 0x1618  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:52:34.0244 0x1618  SharedAccess - ok
18:52:34.0289 0x1618  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:52:34.0334 0x1618  ShellHWDetection - ok
18:52:34.0354 0x1618  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:52:34.0369 0x1618  sisagp - ok
18:52:34.0396 0x1618  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:52:34.0411 0x1618  SiSRaid2 - ok
18:52:34.0426 0x1618  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:52:34.0446 0x1618  SiSRaid4 - ok
18:52:34.0506 0x1618  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:52:34.0531 0x1618  SkypeUpdate - ok
18:52:34.0556 0x1618  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:52:34.0606 0x1618  Smb - ok
18:52:34.0701 0x1618  [ 19301C27F3425DC39F6C599F527E507D, 1BCE0369997D223931B692AC5933417A121AA19E8C07479B315B5CC392AC57F8 ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
18:52:34.0780 0x1618  smserial - ok
18:52:34.0823 0x1618  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:52:34.0858 0x1618  SNMPTRAP - ok
18:52:34.0878 0x1618  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:52:34.0893 0x1618  spldr - ok
18:52:34.0948 0x1618  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
18:52:35.0023 0x1618  Spooler - ok
18:52:35.0190 0x1618  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
18:52:35.0375 0x1618  sppsvc - ok
18:52:35.0405 0x1618  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:52:35.0452 0x1618  sppuinotify - ok
18:52:35.0517 0x1618  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:52:35.0562 0x1618  srv - ok
18:52:35.0617 0x1618  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:52:35.0642 0x1618  srv2 - ok
18:52:35.0662 0x1618  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:52:35.0697 0x1618  srvnet - ok
18:52:35.0722 0x1618  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:52:35.0767 0x1618  SSDPSRV - ok
18:52:35.0782 0x1618  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:52:35.0814 0x1618  SstpSvc - ok
18:52:35.0881 0x1618  [ ECAD7536931CDEC9988E64DDD9AC08DE, A0B582774123F09141A0C083CB15424B81A070737228DBF015FF59F99B44667B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:52:35.0906 0x1618  ssudmdm - ok
18:52:36.0023 0x1618  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe
18:52:36.0077 0x1618  ss_conn_service - ok
18:52:36.0115 0x1618  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:52:36.0130 0x1618  stexstor - ok
18:52:36.0182 0x1618  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:52:36.0217 0x1618  StillCam - ok
18:52:36.0267 0x1618  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:52:36.0322 0x1618  StiSvc - ok
18:52:36.0343 0x1618  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:52:36.0357 0x1618  storflt - ok
18:52:36.0380 0x1618  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
18:52:36.0429 0x1618  StorSvc - ok
18:52:36.0454 0x1618  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:52:36.0469 0x1618  storvsc - ok
18:52:36.0509 0x1618  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:52:36.0529 0x1618  swenum - ok
18:52:36.0581 0x1618  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
18:52:36.0621 0x1618  swprv - ok
18:52:36.0693 0x1618  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
18:52:36.0802 0x1618  SysMain - ok
18:52:36.0834 0x1618  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
18:52:36.0857 0x1618  TabletInputService - ok
18:52:36.0882 0x1618  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:52:36.0944 0x1618  TapiSrv - ok
18:52:37.0036 0x1618  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:52:37.0113 0x1618  Tcpip - ok
18:52:37.0195 0x1618  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:52:37.0246 0x1618  TCPIP6 - ok
18:52:37.0287 0x1618  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:52:37.0317 0x1618  tcpipreg - ok
18:52:37.0346 0x1618  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:52:37.0369 0x1618  TDPIPE - ok
18:52:37.0394 0x1618  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:52:37.0414 0x1618  TDTCP - ok
18:52:37.0454 0x1618  [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:52:37.0466 0x1618  tdx - ok
18:52:37.0825 0x1618  [ D6DDCFFF145CB7D334EECC2F9A8E304F, DC2E19A799F336DF299460C8DB4EE0B2597ADC6C4728F2BB3BBCFA1192BE809C ] TeamViewer      C:\Program Files\TeamViewer\TeamViewer_Service.exe
18:52:38.0045 0x1618  TeamViewer - ok
18:52:38.0117 0x1618  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:52:38.0128 0x1618  TermDD - ok
18:52:38.0190 0x1618  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
18:52:38.0275 0x1618  TermService - ok
18:52:38.0305 0x1618  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
18:52:38.0345 0x1618  Themes - ok
18:52:38.0370 0x1618  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:52:38.0405 0x1618  THREADORDER - ok
18:52:38.0480 0x1618  [ CF3AE1FE5D5D55747F1338DE5C07852A, 97269446847B8F2A9D621FBF7845360DF8D595787102291C6F03AB9A84D67A7F ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:52:38.0505 0x1618  TOSHIBA Bluetooth Service - ok
18:52:38.0522 0x1618  Tosrfcom - ok
18:52:38.0583 0x1618  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
18:52:38.0628 0x1618  TrkWks - ok
18:52:38.0699 0x1618  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:52:38.0749 0x1618  TrustedInstaller - ok
18:52:38.0793 0x1618  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:52:38.0811 0x1618  tssecsrv - ok
18:52:38.0848 0x1618  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:52:38.0898 0x1618  TsUsbFlt - ok
18:52:38.0933 0x1618  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:52:38.0968 0x1618  TsUsbGD - ok
18:52:39.0018 0x1618  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:52:39.0048 0x1618  tunnel - ok
18:52:39.0065 0x1618  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:52:39.0081 0x1618  uagp35 - ok
18:52:39.0107 0x1618  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:52:39.0169 0x1618  udfs - ok
18:52:39.0209 0x1618  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:52:39.0227 0x1618  UI0Detect - ok
18:52:39.0247 0x1618  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:52:39.0263 0x1618  uliagpkx - ok
18:52:39.0284 0x1618  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:52:39.0315 0x1618  umbus - ok
18:52:39.0335 0x1618  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:52:39.0360 0x1618  UmPass - ok
18:52:39.0405 0x1618  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:52:39.0430 0x1618  UmRdpService - ok
18:52:39.0460 0x1618  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
18:52:39.0495 0x1618  upnphost - ok
18:52:39.0562 0x1618  [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:52:39.0607 0x1618  USBAAPL - ok
18:52:39.0652 0x1618  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:52:39.0687 0x1618  usbccgp - ok
18:52:39.0722 0x1618  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:52:39.0767 0x1618  usbcir - ok
18:52:39.0797 0x1618  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:52:39.0822 0x1618  usbehci - ok
18:52:39.0862 0x1618  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:52:39.0882 0x1618  usbhub - ok
18:52:39.0917 0x1618  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:52:39.0937 0x1618  usbohci - ok
18:52:39.0965 0x1618  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:52:39.0984 0x1618  usbprint - ok
18:52:40.0024 0x1618  [ 144DA53294922A84FFAA3D90B1453745, A8DC6B534E4526E2226CF6C9D53A4B6B251D2F23728E41737063D24024C5266F ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:52:40.0054 0x1618  USBSTOR - ok
18:52:40.0094 0x1618  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:52:40.0109 0x1618  usbuhci - ok
18:52:40.0169 0x1618  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:52:40.0189 0x1618  usbvideo - ok
18:52:40.0222 0x1618  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
18:52:40.0251 0x1618  UxSms - ok
18:52:40.0268 0x1618  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] VaultSvc        C:\Windows\system32\lsass.exe
18:52:40.0283 0x1618  VaultSvc - ok
18:52:40.0338 0x1618  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:52:40.0348 0x1618  vdrvroot - ok
18:52:40.0393 0x1618  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
18:52:40.0455 0x1618  vds - ok
18:52:40.0475 0x1618  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:52:40.0510 0x1618  vga - ok
18:52:40.0515 0x1618  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:52:40.0556 0x1618  VgaSave - ok
18:52:40.0586 0x1618  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:52:40.0607 0x1618  vhdmp - ok
18:52:40.0649 0x1618  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:52:40.0669 0x1618  viaagp - ok
18:52:40.0689 0x1618  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:52:40.0714 0x1618  ViaC7 - ok
18:52:40.0756 0x1618  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:52:40.0776 0x1618  viaide - ok
18:52:40.0818 0x1618  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:52:40.0843 0x1618  vmbus - ok
18:52:40.0900 0x1618  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:52:40.0915 0x1618  VMBusHID - ok
18:52:40.0935 0x1618  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:52:40.0955 0x1618  volmgr - ok
18:52:40.0980 0x1618  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:52:41.0005 0x1618  volmgrx - ok
18:52:41.0022 0x1618  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:52:41.0042 0x1618  volsnap - ok
18:52:41.0069 0x1618  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:52:41.0087 0x1618  vsmraid - ok
18:52:41.0159 0x1618  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
18:52:41.0247 0x1618  VSS - ok
18:52:41.0272 0x1618  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:52:41.0303 0x1618  vwifibus - ok
18:52:41.0328 0x1618  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:52:41.0351 0x1618  vwififlt - ok
18:52:41.0376 0x1618  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
18:52:41.0432 0x1618  W32Time - ok
18:52:41.0470 0x1618  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:52:41.0497 0x1618  WacomPen - ok
18:52:41.0529 0x1618  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:52:41.0554 0x1618  WANARP - ok
18:52:41.0569 0x1618  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:52:41.0599 0x1618  Wanarpv6 - ok
18:52:41.0671 0x1618  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
18:52:41.0759 0x1618  wbengine - ok
18:52:41.0785 0x1618  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:52:41.0830 0x1618  WbioSrvc - ok
18:52:41.0860 0x1618  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:52:41.0905 0x1618  wcncsvc - ok
18:52:41.0920 0x1618  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:52:41.0967 0x1618  WcsPlugInService - ok
18:52:42.0007 0x1618  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
18:52:42.0022 0x1618  Wd - ok
18:52:42.0079 0x1618  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:52:42.0134 0x1618  Wdf01000 - ok
18:52:42.0176 0x1618  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:52:42.0201 0x1618  WdiServiceHost - ok
18:52:42.0211 0x1618  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:52:42.0226 0x1618  WdiSystemHost - ok
18:52:42.0276 0x1618  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
18:52:42.0331 0x1618  WebClient - ok
18:52:42.0356 0x1618  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:52:42.0401 0x1618  Wecsvc - ok
18:52:42.0414 0x1618  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:52:42.0463 0x1618  wercplsupport - ok
18:52:42.0488 0x1618  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
18:52:42.0523 0x1618  WerSvc - ok
18:52:42.0549 0x1618  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:52:42.0594 0x1618  WfpLwf - ok
18:52:42.0630 0x1618  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:52:42.0655 0x1618  WIMMount - ok
18:52:42.0747 0x1618  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:52:42.0824 0x1618  WinDefend - ok
18:52:42.0860 0x1618  WinHttpAutoProxySvc - ok
18:52:42.0931 0x1618  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:52:42.0981 0x1618  Winmgmt - ok
18:52:43.0058 0x1618  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:52:43.0157 0x1618  WinRM - ok
18:52:43.0227 0x1618  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:52:43.0262 0x1618  WinUsb - ok
18:52:43.0327 0x1618  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:52:43.0404 0x1618  Wlansvc - ok
18:52:43.0434 0x1618  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:52:43.0459 0x1618  WmiAcpi - ok
18:52:43.0494 0x1618  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:52:43.0531 0x1618  wmiApSrv - ok
18:52:43.0636 0x1618  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:52:43.0730 0x1618  WMPNetworkSvc - ok
18:52:43.0770 0x1618  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:52:43.0800 0x1618  WPCSvc - ok
18:52:43.0825 0x1618  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:52:43.0857 0x1618  WPDBusEnum - ok
18:52:43.0877 0x1618  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:52:43.0917 0x1618  ws2ifsl - ok
18:52:43.0939 0x1618  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:52:43.0969 0x1618  wscsvc - ok
18:52:43.0979 0x1618  WSearch - ok
18:52:44.0113 0x1618  [ E51B294DC4A0A944DDE468356CFBB4AC, 0C1B8768C0F8CD7A76E926A068AA994D9FC546A4FBFC8935C93F683A9A052762 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:52:44.0250 0x1618  wuauserv - ok
18:52:44.0285 0x1618  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:52:44.0315 0x1618  WudfPf - ok
18:52:44.0350 0x1618  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:52:44.0370 0x1618  WUDFRd - ok
18:52:44.0427 0x1618  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:52:44.0452 0x1618  wudfsvc - ok
18:52:44.0497 0x1618  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:52:44.0554 0x1618  WwanSvc - ok
18:52:44.0579 0x1618  ================ Scan global ===============================
18:52:44.0616 0x1618  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
18:52:44.0666 0x1618  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
18:52:44.0711 0x1618  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
18:52:44.0751 0x1618  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
18:52:44.0801 0x1618  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
18:52:44.0821 0x1618  [ Global ] - ok
18:52:44.0821 0x1618  ================ Scan MBR ==================================
18:52:44.0831 0x1618  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:52:45.0146 0x1618  \Device\Harddisk0\DR0 - ok
18:52:45.0156 0x1618  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:52:45.0271 0x1618  \Device\Harddisk1\DR1 - ok
18:52:45.0513 0x1618  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:52:45.0653 0x1618  \Device\Harddisk2\DR2 - ok
18:52:45.0658 0x1618  ================ Scan VBR ==================================
18:52:45.0663 0x1618  [ AC53FEDA759680143AB3DD78D1DB5586 ] \Device\Harddisk0\DR0\Partition1
18:52:45.0668 0x1618  \Device\Harddisk0\DR0\Partition1 - ok
18:52:45.0673 0x1618  [ C00BC20C8830B4EB97E300D739F46B54 ] \Device\Harddisk0\DR0\Partition2
18:52:45.0678 0x1618  \Device\Harddisk0\DR0\Partition2 - ok
18:52:45.0683 0x1618  [ 87416DF15CE692F7010F8B910B1CF2C8 ] \Device\Harddisk0\DR0\Partition3
18:52:45.0688 0x1618  \Device\Harddisk0\DR0\Partition3 - ok
18:52:45.0698 0x1618  [ 11FA00257320542645E6A792D2F4B284 ] \Device\Harddisk1\DR1\Partition1
18:52:45.0698 0x1618  \Device\Harddisk1\DR1\Partition1 - ok
18:52:45.0703 0x1618  [ 215C1667E254373A6C00FA6F432777C9 ] \Device\Harddisk2\DR2\Partition1
18:52:45.0703 0x1618  \Device\Harddisk2\DR2\Partition1 - ok
18:52:45.0708 0x1618  ================ Scan generic autorun ======================
18:52:46.0081 0x1618  [ 967DCD9F36AAEA34FE859C9B82E6A4B9, C3D5CA9E972912C014421DDC8E2D8DD9240983F0BDAF47A52FE39F28AA9553AD ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
18:52:46.0438 0x1618  RtHDVCpl - ok
18:52:46.0637 0x1618  [ B259A1B11711AA566745BC7B238EF8EF, 9826F9DA9D9F122B5DEE88BA91CCC3B7F271ABE78949D50DE1D1145866CE07B1 ] C:\Program Files\System Control Manager\MGSysCtrl.exe
18:52:46.0766 0x1618  MGSysCtrl - detected UnsignedFile.Multi.Generic ( 1 )
18:52:46.0766 0x1618  MGSysCtrl ( UnsignedFile.Multi.Generic ) - warning
18:52:46.0811 0x1618  [ 56B5D6BC06CDB731ABED4711CA0A66D9, C626626554CAB357086DEFACAB2F15497CEE3ADC715518469EC38ECADF81FF14 ] C:\Windows\System32\runas.exe
18:52:46.0826 0x1618  Everything - ok
18:52:46.0991 0x1618  [ B6990DF4D73FCB28525FA9E674453739, 042C48C1C854340A34A175E1510C2A826157AA3A603A78AAB66369CE86F3FCFC ] C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe
18:52:47.0086 0x1618  Acrobat Assistant 8.0 - ok
18:52:47.0195 0x1618  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:52:47.0287 0x1618  Sidebar - ok
18:52:47.0332 0x1618  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
18:52:47.0352 0x1618  mctadmin - ok
18:52:47.0402 0x1618  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:52:47.0447 0x1618  Sidebar - ok
18:52:47.0457 0x1618  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
18:52:47.0482 0x1618  mctadmin - ok
18:52:47.0557 0x1618  [ 3AAA9DF77D5F41555B0587B0E1332EA5, D138F54F61BF7A6C734F1D97BA0D5F81B2C677B9006E51BBAD7952889FC36FFA ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
18:52:47.0602 0x1618  WinPatrol - ok
18:52:47.0657 0x1618  [ 3AAA9DF77D5F41555B0587B0E1332EA5, D138F54F61BF7A6C734F1D97BA0D5F81B2C677B9006E51BBAD7952889FC36FFA ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
18:52:47.0697 0x1618  WinPatrol - ok
18:52:47.0742 0x1618  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
18:52:47.0787 0x1618  Sidebar - ok
18:52:47.0923 0x1618  [ A4B616276AB31908EC0BD8963A26E433, B6D63E023529764F51D5F5004B2D5F3A11F8A74F7C2D517DCE71FF883C9F2A0B ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
18:52:47.0968 0x1618  GarminExpressTrayApp - ok
18:52:48.0413 0x1618  [ 3E96ACD6A8169DBFA6B3F82C2E6A97C9, 120B07B0CC30829166110F509365E0A7DE58A9DF4C633102BA39924763360C04 ] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
18:52:48.0858 0x1618  AnyDVD - ok
18:52:49.0073 0x1618  [ 97242CF00947D7642F69C2988C9EB26C, 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8 ] C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:52:49.0078 0x1618  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe. md5: 97242CF00947D7642F69C2988C9EB26C, sha256: 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8
18:52:49.0103 0x1618  massachusettsburn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:52:49.0103 0x1618  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:52:49.0103 0x1618  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:52:49.0108 0x1618  Object send P2P result: false
18:52:49.0155 0x1618  [ 917E80DDF53BBD0A1E8128B6B8FE1E70, 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF ] C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:52:49.0155 0x1618  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe. md5: 917E80DDF53BBD0A1E8128B6B8FE1E70, sha256: 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF
18:52:49.0170 0x1618  majorityform - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:52:49.0170 0x1618  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:52:49.0170 0x1618  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:52:49.0170 0x1618  Object send P2P result: false
18:52:49.0230 0x1618  [ D978362CA4DBDF1C6FDE2CA6691EB50A, 49CB9B1AB6D726081F68CE0E6BA20CEF352D205A17EEBAD9EF6497C88E0595A5 ] C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe
18:52:49.0245 0x1618  edge-introduce - detected UnsignedFile.Multi.Generic ( 1 )
18:52:49.0245 0x1618  edge-introduce ( UnsignedFile.Multi.Generic ) - warning
18:52:49.0245 0x1618  massachusettsfield - ok
18:52:49.0275 0x1618  [ 97242CF00947D7642F69C2988C9EB26C, 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8 ] C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:52:49.0275 0x1618  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe. md5: 97242CF00947D7642F69C2988C9EB26C, sha256: 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8
18:52:49.0285 0x1618  massachusettsburn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:52:49.0285 0x1618  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:52:49.0285 0x1618  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:52:49.0285 0x1618  Object send P2P result: false
18:52:49.0320 0x1618  [ 917E80DDF53BBD0A1E8128B6B8FE1E70, 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF ] C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:52:49.0320 0x1618  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe. md5: 917E80DDF53BBD0A1E8128B6B8FE1E70, sha256: 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF
18:52:49.0325 0x1618  majorityform - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:52:49.0325 0x1618  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:52:49.0325 0x1618  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:52:49.0325 0x1618  Object send P2P result: false
18:52:49.0350 0x1618  Win FW state via NFP2: enabled ( trusted )
18:52:49.0350 0x1618  ============================================================
18:52:49.0350 0x1618  Scan finished
18:52:49.0350 0x1618  ============================================================
18:52:49.0370 0x1610  Detected object count: 9
18:52:49.0370 0x1610  Actual detected object count: 9
18:53:32.0742 0x1610  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:32.0742 0x1610  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:53:32.0748 0x1610  Everything ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:32.0748 0x1610  Everything ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:53:32.0759 0x1610  Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:32.0759 0x1610  Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:53:32.0759 0x1610  MGSysCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:32.0759 0x1610  MGSysCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:53:32.0874 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe - copied to quarantine
18:53:32.0874 0x1610  HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\Run:massachusettsburn - will be deleted on reboot
18:53:32.0874 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe - will be deleted on reboot
18:53:32.0874 0x1610  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
18:53:32.0904 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe - copied to quarantine
18:53:32.0904 0x1610  HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\Run:majorityform - will be deleted on reboot
18:53:32.0909 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe - will be deleted on reboot
18:53:32.0909 0x1610  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
18:53:32.0914 0x1610  edge-introduce ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:32.0914 0x1610  edge-introduce ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:53:32.0952 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe - copied to quarantine
18:53:32.0952 0x1610  HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce:massachusettsburn - will be deleted on reboot
18:53:32.0953 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe - will be deleted on reboot
18:53:32.0953 0x1610  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
18:53:33.0021 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe - copied to quarantine
18:53:33.0021 0x1610  HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce:majorityform - will be deleted on reboot
18:53:33.0021 0x1610  C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe - will be deleted on reboot
18:53:33.0021 0x1610  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
18:53:33.0721 0x1610  KLMD registered as C:\Windows\system32\drivers\78941426.sys
18:54:33.0046 0x15b8  Deinitialize success
         


Alt 01.06.2016, 18:05   #6
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



2.

Code:
ATTFilter
18:54:50.0914 0x11d8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:54:54.0204 0x11d8  ============================================================
18:54:54.0204 0x11d8  Current date / time: 2016/06/01 18:54:54.0204
18:54:54.0204 0x11d8  SystemInfo:
18:54:54.0204 0x11d8  
18:54:54.0204 0x11d8  OS Version: 6.1.7601 ServicePack: 1.0
18:54:54.0204 0x11d8  Product type: Workstation
18:54:54.0204 0x11d8  ComputerName: WALTRAUD-PC
18:54:54.0209 0x11d8  UserName: Waltraud
18:54:54.0209 0x11d8  Windows directory: C:\Windows
18:54:54.0209 0x11d8  System windows directory: C:\Windows
18:54:54.0209 0x11d8  Processor architecture: Intel x86
18:54:54.0209 0x11d8  Number of processors: 2
18:54:54.0209 0x11d8  Page size: 0x1000
18:54:54.0209 0x11d8  Boot type: Normal boot
18:54:54.0209 0x11d8  ============================================================
18:54:54.0470 0x11d8  System UUID: {852B4409-D84E-E480-DEE1-89BE361F532C}
18:54:54.0925 0x11d8  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:54.0927 0x11d8  Drive \Device\Harddisk1\DR1 - Size: 0x39D400000 ( 14.46 Gb ), SectorSize: 0x200, Cylinders: 0x75F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:54.0928 0x11d8  Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:54.0929 0x11d8  ============================================================
18:54:54.0929 0x11d8  \Device\Harddisk0\DR0:
18:54:54.0929 0x11d8  MBR partitions:
18:54:54.0929 0x11d8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:54:54.0929 0x11d8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x924A000
18:54:54.0929 0x11d8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x13F48000
18:54:54.0929 0x11d8  \Device\Harddisk1\DR1:
18:54:54.0930 0x11d8  MBR partitions:
18:54:54.0930 0x11d8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1CE8000
18:54:54.0930 0x11d8  \Device\Harddisk2\DR2:
18:54:55.0163 0x11d8  MBR partitions:
18:54:55.0163 0x11d8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x100, BlocksNum 0x2BAA0920
18:54:55.0163 0x11d8  ============================================================
18:54:55.0213 0x11d8  C: <-> \Device\Harddisk0\DR0\Partition2
18:54:55.0213 0x11d8  F: <-> \Device\Harddisk2\DR2\Partition1
18:54:55.0435 0x11d8  D: <-> \Device\Harddisk0\DR0\Partition3
18:54:55.0435 0x11d8  ============================================================
18:54:55.0435 0x11d8  Initialize success
18:54:55.0435 0x11d8  ============================================================
18:55:00.0490 0x1184  ============================================================
18:55:00.0490 0x1184  Scan started
18:55:00.0490 0x1184  Mode: Manual; SigCheck; TDLFS; 
18:55:00.0490 0x1184  ============================================================
18:55:00.0490 0x1184  KSN ping started
18:55:23.0574 0x1184  KSN ping finished: false
18:55:25.0451 0x1184  ================ Scan system memory ========================
18:55:25.0451 0x1184  System memory - ok
18:55:25.0451 0x1184  ================ Scan services =============================
18:55:25.0796 0x1184  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:55:25.0881 0x1184  1394ohci - ok
18:55:25.0996 0x1184  [ F89CFC2155C96291DA1848FBD37D08D9, 73EA0DC5A2270B5AB752EEFD62C01007452FC1B667AD5C66263F96328BBBE190 ] 21028735        C:\Windows\system32\drivers\78941426.sys
18:55:26.0031 0x1184  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:55:26.0056 0x1184  ACPI - ok
18:55:26.0116 0x1184  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:55:26.0141 0x1184  AcpiPmi - ok
18:55:26.0686 0x1184  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:55:26.0706 0x1184  AdobeARMservice - ok
18:55:26.0746 0x1184  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:55:26.0776 0x1184  adp94xx - ok
18:55:26.0811 0x1184  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:55:26.0836 0x1184  adpahci - ok
18:55:26.0861 0x1184  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:55:26.0881 0x1184  adpu320 - ok
18:55:27.0246 0x1184  [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:55:27.0281 0x1184  AeLookupSvc - ok
18:55:27.0361 0x1184  [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD             C:\Windows\system32\drivers\afd.sys
18:55:27.0386 0x1184  AFD - ok
18:55:27.0496 0x1184  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:55:27.0531 0x1184  agp440 - ok
18:55:27.0756 0x1184  [ C17171E63E84F5711DF23B8F1E7A100E, C2AFDDA0A1A502FAE6B51BD00FF5884F46A74D9AEC76856B32E82D244D14FA97 ] AGSService      C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
18:55:27.0826 0x1184  AGSService - ok
18:55:27.0891 0x1184  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:55:27.0916 0x1184  aic78xx - ok
18:55:27.0971 0x1184  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
18:55:27.0986 0x1184  ALG - ok
18:55:28.0041 0x1184  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:55:28.0056 0x1184  aliide - ok
18:55:28.0081 0x1184  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:55:28.0096 0x1184  amdagp - ok
18:55:28.0141 0x1184  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:55:28.0161 0x1184  amdide - ok
18:55:28.0196 0x1184  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:55:28.0216 0x1184  AmdK8 - ok
18:55:28.0241 0x1184  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:55:28.0261 0x1184  AmdPPM - ok
18:55:28.0301 0x1184  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:55:28.0321 0x1184  amdsata - ok
18:55:28.0346 0x1184  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:55:28.0366 0x1184  amdsbs - ok
18:55:28.0386 0x1184  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:55:28.0401 0x1184  amdxata - ok
18:55:28.0456 0x1184  [ 40DC9657AA9A31C76AF36CA66BF18C8F, 7D9C19D4920A8A9B2527FA50A8EE951A1087DF30325D49B849DFC68AA8E50DB8 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
18:55:28.0476 0x1184  AnyDVD - ok
18:55:28.0541 0x1184  [ C7F5CAE0B450BE875EEE0E6DDFA771FE, 4FDDC802C245606C8A9140F8DF3445FDD6F7112A516F68A04EA15CEB92852E67 ] AppID           C:\Windows\system32\drivers\appid.sys
18:55:28.0561 0x1184  AppID - ok
18:55:28.0596 0x1184  [ 8333787D8FCA460C0DD70436464A8A8D, 00AE5CE2FB2DF53B5850B561120A29F757A482115E4D8A52D8033502A45B138D ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:55:28.0611 0x1184  AppIDSvc - ok
18:55:28.0646 0x1184  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\Windows\System32\appinfo.dll
18:55:28.0671 0x1184  Appinfo - ok
18:55:28.0786 0x1184  [ A9AE03362A846898368653E94B6DB1AA, EF6EE35E85C75561C1E6D38D0005C8E31FF492F0B2CDEB914ACA4E026759511D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:55:28.0801 0x1184  Apple Mobile Device - ok
18:55:28.0896 0x1184  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:55:28.0916 0x1184  AppMgmt - ok
18:55:28.0951 0x1184  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
18:55:28.0971 0x1184  arc - ok
18:55:28.0991 0x1184  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:55:29.0011 0x1184  arcsas - ok
18:55:29.0120 0x1184  [ 4170FD789CDDE8767972C7C87E6B3400, 36403DF991F451A2A539B7C9BBF1310768701F68AC5EFFA1E5EE0C07A427E5ED ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:55:29.0145 0x1184  aspnet_state - ok
18:55:29.0160 0x1184  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:29.0202 0x1184  AsyncMac - ok
18:55:29.0252 0x1184  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:55:29.0267 0x1184  atapi - ok
18:55:29.0402 0x1184  [ 9B8C87C27A166CE84BE6EDDBA3854527, 1E549EF760B9D5A1245E76CA936F96472973E1C306BC83ABF28FE104E4BE7370 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:55:29.0482 0x1184  athr - ok
18:55:29.0562 0x1184  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:55:29.0597 0x1184  AudioEndpointBuilder - ok
18:55:29.0642 0x1184  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:55:29.0677 0x1184  Audiosrv - ok
18:55:29.0719 0x1184  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:55:29.0749 0x1184  AxInstSV - ok
18:55:29.0814 0x1184  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
18:55:29.0844 0x1184  b06bdrv - ok
18:55:29.0874 0x1184  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:55:29.0899 0x1184  b57nd60x - ok
18:55:29.0934 0x1184  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
18:55:29.0954 0x1184  BDESVC - ok
18:55:29.0969 0x1184  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:55:29.0999 0x1184  Beep - ok
18:55:30.0054 0x1184  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
18:55:30.0084 0x1184  BFE - ok
18:55:30.0149 0x1184  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
18:55:30.0194 0x1184  BITS - ok
18:55:30.0209 0x1184  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:55:30.0229 0x1184  blbdrive - ok
18:55:30.0806 0x1184  [ 5EA9C80F18CBC393EA7D9A2991DED4B5, 7E5EB1CE44FEBE93686174058D51581FA00BDFF0EBB84BD74BC08F6386019253 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:55:30.0831 0x1184  Bonjour Service - ok
18:55:31.0126 0x1184  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:55:31.0156 0x1184  bowser - ok
18:55:31.0241 0x1184  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:55:31.0266 0x1184  BrFiltLo - ok
18:55:31.0276 0x1184  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:55:31.0296 0x1184  BrFiltUp - ok
18:55:31.0371 0x1184  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
18:55:31.0391 0x1184  Browser - ok
18:55:31.0426 0x1184  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:55:31.0451 0x1184  Brserid - ok
18:55:31.0481 0x1184  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:55:31.0501 0x1184  BrSerWdm - ok
18:55:31.0566 0x1184  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:55:31.0586 0x1184  BrUsbMdm - ok
18:55:31.0591 0x1184  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:55:31.0616 0x1184  BrUsbSer - ok
18:55:31.0706 0x1184  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
18:55:31.0721 0x1184  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:55:39.0970 0x1184  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
18:55:40.0005 0x1184  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:55:40.0025 0x1184  BTHMODEM - ok
18:55:40.0092 0x1184  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
18:55:40.0122 0x1184  bthserv - ok
18:55:40.0137 0x1184  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:55:40.0172 0x1184  cdfs - ok
18:55:40.0247 0x1184  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:55:40.0272 0x1184  cdrom - ok
18:55:40.0297 0x1184  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:55:40.0337 0x1184  CertPropSvc - ok
18:55:40.0352 0x1184  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:55:40.0372 0x1184  circlass - ok
18:55:40.0627 0x1184  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
18:55:40.0667 0x1184  CLFS - ok
18:55:40.0752 0x1184  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:40.0782 0x1184  clr_optimization_v2.0.50727_32 - ok
18:55:40.0867 0x1184  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:40.0887 0x1184  clr_optimization_v4.0.30319_32 - ok
18:55:40.0902 0x1184  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:40.0917 0x1184  CmBatt - ok
18:55:40.0937 0x1184  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:55:40.0952 0x1184  cmdide - ok
18:55:41.0057 0x1184  [ FAE0008AB5BF34E41EC95A8087E94454, AE97D2057FCC5CA2E7DFBE81EA9A84E5EF955CC1F0F21B437ECBB602C85F9B96 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:55:41.0087 0x1184  CNG - ok
18:55:41.0148 0x1184  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:55:41.0163 0x1184  Compbatt - ok
18:55:41.0183 0x1184  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:55:41.0208 0x1184  CompositeBus - ok
18:55:41.0223 0x1184  COMSysApp - ok
18:55:41.0238 0x1184  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:55:41.0258 0x1184  crcdisk - ok
18:55:41.0313 0x1184  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:55:41.0333 0x1184  CryptSvc - ok
18:55:41.0433 0x1184  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
18:55:41.0463 0x1184  CSC - ok
18:55:41.0508 0x1184  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
18:55:41.0543 0x1184  CscService - ok
18:55:41.0693 0x1184  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:55:41.0723 0x1184  DcomLaunch - ok
18:55:41.0793 0x1184  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
18:55:41.0833 0x1184  defragsvc - ok
18:55:41.0873 0x1184  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:55:41.0903 0x1184  DfsC - ok
18:55:41.0928 0x1184  dgderdrv - ok
18:55:41.0968 0x1184  [ CFD472DDF02D675D74144A8BD63B4B10, 58D7142129F49F38D832419BDAC70F21851807918343222F6B58FDFA2408F8EF ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:55:41.0988 0x1184  dg_ssudbus - ok
18:55:42.0073 0x1184  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:55:42.0098 0x1184  Dhcp - ok
18:55:42.0194 0x1184  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:55:42.0234 0x1184  DiagTrack - ok
18:55:42.0299 0x1184  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
18:55:42.0334 0x1184  discache - ok
18:55:42.0399 0x1184  [ B7B470F163002A0D0E381EE45834BF6B, 5B5E204341A6B1689C3F8717C41782B1A077A026F8B19DA3DE08CA44AB1D95B2 ] Disk            C:\Windows\system32\drivers\disk.sys
18:55:42.0414 0x1184  Disk - ok
18:55:42.0454 0x1184  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:55:42.0474 0x1184  dmvsc - ok
18:55:42.0569 0x1184  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:55:42.0589 0x1184  Dnscache - ok
18:55:42.0639 0x1184  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:55:42.0684 0x1184  dot3svc - ok
18:55:42.0726 0x1184  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
18:55:42.0761 0x1184  DPS - ok
18:55:42.0811 0x1184  [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:55:42.0826 0x1184  drmkaud - ok
18:55:42.0911 0x1184  [ 4B21D102E49E9D44C478D6766A7FCBE5, 7CEEBCF81EE23876F039ED1222020D6F45FE6B3A5CE3BB93DDA3B8BBEAA15E47 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:55:42.0943 0x1184  DXGKrnl - ok
18:55:42.0993 0x1184  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
18:55:43.0028 0x1184  EapHost - ok
18:55:43.0183 0x1184  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
18:55:43.0283 0x1184  ebdrv - ok
18:55:43.0338 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] EFS             C:\Windows\System32\lsass.exe
18:55:43.0373 0x1184  EFS - ok
18:55:43.0493 0x1184  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:55:43.0523 0x1184  ehRecvr - ok
18:55:43.0558 0x1184  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
18:55:43.0578 0x1184  ehSched - ok
18:55:43.0633 0x1184  [ 72753D5CC94A90F5CFC6C00ECC47163F, 824EEDCB94334912D8C44BC9626723F142DA95E9494C4B7D2F6EC7899CFF1DD2 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
18:55:43.0648 0x1184  ElbyCDIO - ok
18:55:43.0693 0x1184  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:55:43.0723 0x1184  elxstor - ok
18:55:43.0738 0x1184  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:55:43.0757 0x1184  ErrDev - ok
18:55:43.0855 0x1184  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
18:55:43.0895 0x1184  EventSystem - ok
18:55:43.0990 0x1184  [ 9D54F3E5E4D102AB27E190CBEC14B355, AECF6C3634557937F8CE2D353A3C3B1FC31E33CB66C2926ADD2C99756EB09F88 ] Everything      C:\Program Files\Everything\Everything.exe
18:55:44.0025 0x1184  Everything - detected UnsignedFile.Multi.Generic ( 1 )
18:55:44.0025 0x1184  Everything ( UnsignedFile.Multi.Generic ) - warning
18:55:44.0060 0x1184  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:55:44.0105 0x1184  exfat - ok
18:55:44.0144 0x1184  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:55:44.0177 0x1184  fastfat - ok
18:55:44.0222 0x1184  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
18:55:44.0257 0x1184  Fax - ok
18:55:44.0277 0x1184  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
18:55:44.0292 0x1184  fdc - ok
18:55:44.0312 0x1184  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
18:55:44.0347 0x1184  fdPHost - ok
18:55:44.0417 0x1184  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:55:44.0452 0x1184  FDResPub - ok
18:55:44.0517 0x1184  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:55:44.0567 0x1184  FileInfo - ok
18:55:44.0592 0x1184  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:55:44.0622 0x1184  Filetrace - ok
18:55:44.0672 0x1184  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:55:44.0687 0x1184  flpydisk - ok
18:55:44.0817 0x1184  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:55:44.0842 0x1184  FltMgr - ok
18:55:45.0012 0x1184  [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache       C:\Windows\system32\FntCache.dll
18:55:45.0052 0x1184  FontCache - ok
18:55:45.0147 0x1184  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:45.0162 0x1184  FontCache3.0.0.0 - ok
18:55:45.0407 0x1184  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:55:45.0422 0x1184  FsDepends - ok
18:55:45.0572 0x1184  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:55:45.0607 0x1184  Fs_Rec - ok
18:55:45.0702 0x1184  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:55:45.0737 0x1184  fvevol - ok
18:55:45.0767 0x1184  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:55:45.0787 0x1184  gagp30kx - ok
18:55:46.0112 0x1184  [ 5CEA11F0A0F8ECC5549A36219563B3A7, 2DF35C089BD78D6CBBFDE8E8554DD82F9591B1F549E8F0BF332804C6A19042AC ] Garmin Device Interaction Service C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
18:55:46.0152 0x1184  Garmin Device Interaction Service - ok
18:55:46.0267 0x1184  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:55:46.0292 0x1184  GEARAspiWDM - ok
18:55:46.0357 0x1184  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:55:46.0402 0x1184  gpsvc - ok
18:55:46.0427 0x1184  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:55:46.0447 0x1184  hcw85cir - ok
18:55:46.0497 0x1184  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:55:46.0522 0x1184  HdAudAddService - ok
18:55:46.0557 0x1184  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:55:46.0577 0x1184  HDAudBus - ok
18:55:46.0592 0x1184  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:55:46.0607 0x1184  HidBatt - ok
18:55:46.0632 0x1184  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:55:46.0652 0x1184  HidBth - ok
18:55:46.0682 0x1184  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:55:46.0703 0x1184  HidIr - ok
18:55:46.0739 0x1184  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
18:55:46.0774 0x1184  hidserv - ok
18:55:46.0809 0x1184  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:55:46.0829 0x1184  HidUsb - ok
18:55:46.0864 0x1184  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:55:46.0894 0x1184  hkmsvc - ok
18:55:46.0919 0x1184  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:55:46.0939 0x1184  HomeGroupListener - ok
18:55:46.0984 0x1184  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:55:47.0009 0x1184  HomeGroupProvider - ok
18:55:47.0029 0x1184  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:55:47.0044 0x1184  HpSAMD - ok
18:55:47.0094 0x1184  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:55:47.0133 0x1184  HTTP - ok
18:55:47.0147 0x1184  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:55:47.0172 0x1184  hwpolicy - ok
18:55:47.0190 0x1184  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:55:47.0206 0x1184  i8042prt - ok
18:55:47.0244 0x1184  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:55:47.0269 0x1184  iaStorV - ok
18:55:47.0353 0x1184  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:47.0403 0x1184  idsvc - ok
18:55:47.0425 0x1184  IEEtwCollectorService - ok
18:55:47.0665 0x1184  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:55:47.0815 0x1184  igfx - ok
18:55:48.0005 0x1184  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:55:48.0035 0x1184  iirsp - ok
18:55:48.0172 0x1184  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:55:48.0214 0x1184  IKEEXT - ok
18:55:48.0374 0x1184  [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:55:48.0484 0x1184  IntcAzAudAddService - ok
18:55:48.0524 0x1184  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:55:48.0539 0x1184  intelide - ok
18:55:48.0604 0x1184  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:55:48.0624 0x1184  intelppm - ok
18:55:48.0664 0x1184  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:55:48.0699 0x1184  IPBusEnum - ok
18:55:48.0724 0x1184  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:48.0759 0x1184  IpFilterDriver - ok
18:55:49.0139 0x1184  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:55:49.0181 0x1184  iphlpsvc - ok
18:55:49.0241 0x1184  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:55:49.0256 0x1184  IPMIDRV - ok
18:55:49.0371 0x1184  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:55:49.0426 0x1184  IPNAT - ok
18:55:49.0621 0x1184  [ 909FC8F4260295FEFE28DF3DBE85A497, 0FE8615217F3832A8C851A1E4A91C97F722818BD875EB054B86E428ECE4109FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:55:49.0656 0x1184  iPod Service - ok
18:55:49.0681 0x1184  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:55:49.0701 0x1184  IRENUM - ok
18:55:49.0751 0x1184  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:55:49.0781 0x1184  isapnp - ok
18:55:50.0051 0x1184  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:55:50.0091 0x1184  iScsiPrt - ok
18:55:50.0136 0x1184  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:50.0151 0x1184  kbdclass - ok
18:55:50.0196 0x1184  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:55:50.0211 0x1184  kbdhid - ok
18:55:50.0231 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] KeyIso          C:\Windows\system32\lsass.exe
18:55:50.0251 0x1184  KeyIso - ok
18:55:50.0433 0x1184  [ 37507B2F0EA8C2A7CFE120E6EE2128B5, 0691D6F9E47FF46A7B58FB2A7298F13EABE3125848B7966F6B38A38A829820B9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:55:50.0448 0x1184  KSecDD - ok
18:55:50.0483 0x1184  [ D94D58A52BFC1352E82EBECADE518B6D, 8B5418D2026C2081BD5124D1BE167BED315AB5F88CC57A9BDBB688A30B50F8EE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:55:50.0498 0x1184  KSecPkg - ok
18:55:50.0598 0x1184  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:55:50.0643 0x1184  KtmRm - ok
18:55:50.0693 0x1184  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:55:50.0728 0x1184  LanmanServer - ok
18:55:50.0773 0x1184  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:55:50.0808 0x1184  LanmanWorkstation - ok
18:55:50.0863 0x1184  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:55:50.0898 0x1184  lltdio - ok
18:55:50.0928 0x1184  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:55:50.0968 0x1184  lltdsvc - ok
18:55:50.0998 0x1184  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:55:51.0033 0x1184  lmhosts - ok
18:55:51.0068 0x1184  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:55:51.0088 0x1184  LSI_FC - ok
18:55:51.0135 0x1184  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:55:51.0150 0x1184  LSI_SAS - ok
18:55:51.0170 0x1184  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:55:51.0185 0x1184  LSI_SAS2 - ok
18:55:51.0210 0x1184  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:55:51.0230 0x1184  LSI_SCSI - ok
18:55:51.0310 0x1184  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:55:51.0345 0x1184  luafv - ok
18:55:51.0390 0x1184  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:55:51.0410 0x1184  Mcx2Svc - ok
18:55:51.0460 0x1184  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:55:51.0475 0x1184  megasas - ok
18:55:51.0495 0x1184  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:55:51.0520 0x1184  MegaSR - ok
18:55:51.0600 0x1184  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
18:55:51.0610 0x1184  Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
18:55:51.0610 0x1184  Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
18:55:51.0690 0x1184  [ 6DA1A915A9E71C8E4B44D15586E7E9E7, B36D1AFA41967DC7C5B54E175112D8E1516D401DACC0A0AC23F2DCEC7B64F8F2 ] MirayVirtualDisk C:\Windows\system32\DRIVERS\mvdo.sys
18:55:51.0705 0x1184  MirayVirtualDisk - ok
18:55:51.0735 0x1184  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
18:55:51.0770 0x1184  MMCSS - ok
18:55:51.0820 0x1184  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
18:55:51.0855 0x1184  Modem - ok
18:55:51.0890 0x1184  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:55:51.0905 0x1184  monitor - ok
18:55:51.0945 0x1184  [ 111A023266532C621EE69AE96E47081E, D933340AF838D94F25C74F9D46A74DE3B45F29B896AFA49A03676BAB8CD400CF ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
18:55:51.0960 0x1184  MonitorFunction - ok
18:55:52.0010 0x1184  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:55:52.0025 0x1184  mouclass - ok
18:55:52.0070 0x1184  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:55:52.0090 0x1184  mouhid - ok
18:55:52.0125 0x1184  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:55:52.0140 0x1184  mountmgr - ok
18:55:52.0195 0x1184  [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:52.0215 0x1184  MozillaMaintenance - ok
18:55:52.0255 0x1184  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:55:52.0275 0x1184  mpio - ok
18:55:52.0305 0x1184  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:55:52.0335 0x1184  mpsdrv - ok
18:55:52.0385 0x1184  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:55:52.0435 0x1184  MpsSvc - ok
18:55:52.0685 0x1184  [ 6430A074F6E32176FBEF2DEB110AE952, 0161B3CBCF427F5F9C47EDBA7F6848D9D6EB58B7EF203881E0D288B5ABAEEB98 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:55:52.0720 0x1184  MRxDAV - ok
18:55:52.0775 0x1184  [ C04D36B97BCEE4A83EC34325A3424768, 904C8A4875E0016C3F3659B5E1A748EE284789BF7C380E4F83148C2B1FC09D3B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:52.0795 0x1184  mrxsmb - ok
18:55:52.0840 0x1184  [ 84D65385A4DF3577C9CA697B67DFCE26, 19838CC40945403988C4533A2CF09CA5305BEBD8170093C7567722CC3E918AA5 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:52.0860 0x1184  mrxsmb10 - ok
18:55:52.0925 0x1184  [ 8758312AE2602620E6C972F527EC64ED, 4DFFEAE6A34F5EDBD8D53FCEE63A3742BEAF93A01769AD3BCB8D5C25C51D0A45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:52.0945 0x1184  mrxsmb20 - ok
18:55:53.0020 0x1184  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:55:53.0035 0x1184  msahci - ok
18:55:53.0115 0x1184  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:55:53.0145 0x1184  msdsm - ok
18:55:53.0180 0x1184  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
18:55:53.0200 0x1184  MSDTC - ok
18:55:53.0250 0x1184  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:55:53.0280 0x1184  Msfs - ok
18:55:53.0295 0x1184  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:55:53.0333 0x1184  mshidkmdf - ok
18:55:53.0377 0x1184  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:55:53.0392 0x1184  msisadrv - ok
18:55:53.0457 0x1184  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:55:53.0487 0x1184  MSiSCSI - ok
18:55:53.0497 0x1184  msiserver - ok
18:55:53.0517 0x1184  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:55:53.0547 0x1184  MSKSSRV - ok
18:55:53.0557 0x1184  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:53.0592 0x1184  MSPCLOCK - ok
18:55:53.0612 0x1184  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:55:53.0647 0x1184  MSPQM - ok
18:55:53.0662 0x1184  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:55:53.0682 0x1184  MsRPC - ok
18:55:53.0717 0x1184  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:53.0732 0x1184  mssmbios - ok
18:55:53.0772 0x1184  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:55:53.0807 0x1184  MSTEE - ok
18:55:53.0857 0x1184  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:55:53.0872 0x1184  MTConfig - ok
18:55:53.0902 0x1184  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:55:53.0917 0x1184  Mup - ok
18:55:54.0017 0x1184  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
18:55:54.0057 0x1184  napagent - ok
18:55:54.0132 0x1184  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:55:54.0162 0x1184  NativeWifiP - ok
18:55:54.0252 0x1184  [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:55:54.0292 0x1184  NDIS - ok
18:55:54.0357 0x1184  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:54.0387 0x1184  NdisCap - ok
18:55:54.0412 0x1184  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:54.0447 0x1184  NdisTapi - ok
18:55:54.0552 0x1184  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:54.0597 0x1184  Ndisuio - ok
18:55:54.0617 0x1184  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:54.0647 0x1184  NdisWan - ok
18:55:54.0672 0x1184  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:55:54.0702 0x1184  NDProxy - ok
18:55:54.0772 0x1184  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:55:54.0807 0x1184  NetBIOS - ok
18:55:54.0822 0x1184  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:55:54.0857 0x1184  NetBT - ok
18:55:54.0877 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] Netlogon        C:\Windows\system32\lsass.exe
18:55:54.0892 0x1184  Netlogon - ok
18:55:54.0927 0x1184  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
18:55:54.0967 0x1184  Netman - ok
18:55:55.0037 0x1184  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:55.0057 0x1184  NetMsmqActivator - ok
18:55:55.0112 0x1184  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:55.0132 0x1184  NetPipeActivator - ok
18:55:55.0182 0x1184  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
18:55:55.0222 0x1184  netprofm - ok
18:55:55.0262 0x1184  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:55.0282 0x1184  NetTcpActivator - ok
18:55:55.0292 0x1184  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:55.0317 0x1184  NetTcpPortSharing - ok
18:55:55.0352 0x1184  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:55:55.0372 0x1184  nfrd960 - ok
18:55:55.0437 0x1184  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:55:55.0462 0x1184  NlaSvc - ok
18:55:55.0497 0x1184  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:55:55.0527 0x1184  Npfs - ok
18:55:55.0569 0x1184  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
18:55:55.0609 0x1184  nsi - ok
18:55:55.0629 0x1184  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:55:55.0664 0x1184  nsiproxy - ok
18:55:55.0754 0x1184  [ 978E7A2E4BF4E8E70D0776EF0D9E97FB, B6C82BB9B3025FD2D37B6AB6FA9C2944F8B3020CD4588BE464CE73A992B7FF00 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:55:55.0804 0x1184  Ntfs - ok
18:55:55.0864 0x1184  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
18:55:55.0899 0x1184  Null - ok
18:55:55.0954 0x1184  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:55:55.0974 0x1184  nvraid - ok
18:55:56.0034 0x1184  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:55:56.0059 0x1184  nvstor - ok
18:55:56.0084 0x1184  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:55:56.0099 0x1184  nv_agp - ok
18:55:56.0109 0x1184  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:55:56.0129 0x1184  ohci1394 - ok
18:55:56.0194 0x1184  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:56.0214 0x1184  ose - ok
18:55:56.0531 0x1184  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:56.0688 0x1184  osppsvc - ok
18:55:56.0788 0x1184  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:55:56.0808 0x1184  p2pimsvc - ok
18:55:56.0848 0x1184  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:55:56.0873 0x1184  p2psvc - ok
18:55:57.0043 0x1184  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
18:55:57.0063 0x1184  Parport - ok
18:55:57.0524 0x1184  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:55:57.0554 0x1184  partmgr - ok
18:55:57.0584 0x1184  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:55:57.0599 0x1184  Parvdm - ok
18:55:58.0509 0x1184  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:55:58.0549 0x1184  PcaSvc - ok
18:55:58.0649 0x1184  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
18:55:58.0689 0x1184  pci - ok
18:55:58.0839 0x1184  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:55:58.0869 0x1184  pciide - ok
18:55:58.0949 0x1184  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:55:58.0969 0x1184  pcmcia - ok
18:55:59.0014 0x1184  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:55:59.0049 0x1184  pcw - ok
18:55:59.0139 0x1184  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:55:59.0180 0x1184  PEAUTH - ok
18:55:59.0326 0x1184  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:55:59.0371 0x1184  PeerDistSvc - ok
18:55:59.0581 0x1184  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
18:55:59.0651 0x1184  pla - ok
18:55:59.0746 0x1184  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:55:59.0771 0x1184  PlugPlay - ok
18:56:00.0056 0x1184  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:56:00.0076 0x1184  PNRPAutoReg - ok
18:56:00.0111 0x1184  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:56:00.0136 0x1184  PNRPsvc - ok
18:56:00.0211 0x1184  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:56:00.0256 0x1184  PolicyAgent - ok
18:56:00.0316 0x1184  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
18:56:00.0356 0x1184  Power - ok
18:56:00.0411 0x1184  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:56:00.0446 0x1184  PptpMiniport - ok
18:56:00.0471 0x1184  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
18:56:00.0491 0x1184  Processor - ok
18:56:00.0776 0x1184  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:56:00.0806 0x1184  ProfSvc - ok
18:56:00.0826 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:56:00.0841 0x1184  ProtectedStorage - ok
18:56:00.0946 0x1184  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:56:00.0981 0x1184  Psched - ok
18:56:01.0046 0x1184  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
18:56:01.0061 0x1184  PSI - ok
18:56:01.0153 0x1184  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:56:01.0208 0x1184  ql2300 - ok
18:56:01.0678 0x1184  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:56:01.0693 0x1184  ql40xx - ok
18:56:01.0748 0x1184  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
18:56:01.0778 0x1184  QWAVE - ok
18:56:01.0933 0x1184  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:56:01.0968 0x1184  QWAVEdrv - ok
18:56:01.0998 0x1184  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:56:02.0028 0x1184  RasAcd - ok
18:56:02.0078 0x1184  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:02.0108 0x1184  RasAgileVpn - ok
18:56:02.0143 0x1184  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
18:56:02.0183 0x1184  RasAuto - ok
18:56:02.0218 0x1184  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:02.0253 0x1184  Rasl2tp - ok
18:56:02.0288 0x1184  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
18:56:02.0333 0x1184  RasMan - ok
18:56:02.0373 0x1184  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:02.0408 0x1184  RasPppoe - ok
18:56:02.0453 0x1184  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:56:02.0488 0x1184  RasSstp - ok
18:56:02.0713 0x1184  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:56:02.0763 0x1184  rdbss - ok
18:56:02.0893 0x1184  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:02.0918 0x1184  rdpbus - ok
18:56:02.0938 0x1184  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:02.0968 0x1184  RDPCDD - ok
18:56:03.0018 0x1184  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:56:03.0038 0x1184  RDPDR - ok
18:56:03.0078 0x1184  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:56:03.0113 0x1184  RDPENCDD - ok
18:56:03.0128 0x1184  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:56:03.0158 0x1184  RDPREFMP - ok
18:56:03.0243 0x1184  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:56:03.0258 0x1184  RdpVideoMiniport - ok
18:56:03.0438 0x1184  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:56:03.0468 0x1184  RDPWD - ok
18:56:03.0523 0x1184  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:56:03.0543 0x1184  rdyboost - ok
18:56:03.0603 0x1184  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:56:03.0638 0x1184  RemoteAccess - ok
18:56:03.0808 0x1184  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:56:03.0848 0x1184  RemoteRegistry - ok
18:56:03.0873 0x1184  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:56:03.0908 0x1184  RpcEptMapper - ok
18:56:03.0983 0x1184  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
18:56:04.0003 0x1184  RpcLocator - ok
18:56:04.0173 0x1184  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] RpcSs           C:\Windows\system32\rpcss.dll
18:56:04.0198 0x1184  RpcSs - ok
18:56:04.0283 0x1184  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:56:04.0318 0x1184  rspndr - ok
18:56:04.0388 0x1184  [ B87F999E05DD9C0312C83A8752E8E66B, 88FCCFDC3C51396BC495CCB734B829D55D17B9C56FC21F5A57555A5A3236C9D7 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:56:04.0403 0x1184  RSUSBSTOR - ok
18:56:04.0473 0x1184  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
18:56:04.0493 0x1184  RTL8167 - ok
18:56:04.0528 0x1184  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:56:04.0543 0x1184  s3cap - ok
18:56:04.0703 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] SamSs           C:\Windows\system32\lsass.exe
18:56:04.0738 0x1184  SamSs - ok
18:56:04.0833 0x1184  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:56:04.0853 0x1184  sbp2port - ok
18:56:04.0983 0x1184  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:56:05.0018 0x1184  SCardSvr - ok
18:56:05.0078 0x1184  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:56:05.0113 0x1184  scfilter - ok
18:56:05.0424 0x1184  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
18:56:05.0459 0x1184  Schedule - ok
18:56:05.0514 0x1184  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:56:05.0549 0x1184  SCPolicySvc - ok
18:56:05.0569 0x1184  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:56:05.0594 0x1184  SDRSVC - ok
18:56:05.0784 0x1184  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:56:05.0814 0x1184  secdrv - ok
18:56:05.0929 0x1184  [ 38CBFFED5FC39CDFE6B4014401ED2629, 7BA730E2EDB8387190E45DA2F475BFE42AB3B12319DE088BD8E9F59227EDA4DD ] seclogon        C:\Windows\system32\seclogon.dll
18:56:05.0969 0x1184  seclogon - ok
18:56:06.0269 0x1184  [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
18:56:06.0319 0x1184  Secunia PSI Agent - ok
18:56:06.0429 0x1184  [ 508DD2E1D5F272B2D3196335DEA2BC26, 2BDC828DB9D9766445C345E82751FA7EF94A089EC84565675EDADE3EC7EB5748 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
18:56:06.0464 0x1184  Secunia Update Agent - ok
18:56:06.0961 0x1184  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
18:56:07.0006 0x1184  SENS - ok
18:56:07.0046 0x1184  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:56:07.0066 0x1184  SensrSvc - ok
18:56:07.0126 0x1184  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:56:07.0146 0x1184  Serenum - ok
18:56:07.0161 0x1184  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
18:56:07.0176 0x1184  Serial - ok
18:56:07.0196 0x1184  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:56:07.0221 0x1184  sermouse - ok
18:56:07.0271 0x1184  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:56:07.0311 0x1184  SessionEnv - ok
18:56:07.0346 0x1184  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:56:07.0366 0x1184  sffdisk - ok
18:56:07.0431 0x1184  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:56:07.0451 0x1184  sffp_mmc - ok
18:56:07.0456 0x1184  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:56:07.0481 0x1184  sffp_sd - ok
18:56:07.0581 0x1184  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:56:07.0601 0x1184  sfloppy - ok
18:56:07.0671 0x1184  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:56:07.0711 0x1184  SharedAccess - ok
18:56:07.0806 0x1184  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:56:07.0856 0x1184  ShellHWDetection - ok
18:56:07.0886 0x1184  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:56:07.0908 0x1184  sisagp - ok
18:56:07.0983 0x1184  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:56:07.0998 0x1184  SiSRaid2 - ok
18:56:08.0028 0x1184  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:56:08.0043 0x1184  SiSRaid4 - ok
18:56:08.0118 0x1184  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:56:08.0143 0x1184  SkypeUpdate - ok
18:56:08.0203 0x1184  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:56:08.0234 0x1184  Smb - ok
18:56:08.0299 0x1184  [ 19301C27F3425DC39F6C599F527E507D, 1BCE0369997D223931B692AC5933417A121AA19E8C07479B315B5CC392AC57F8 ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
18:56:08.0349 0x1184  smserial - ok
18:56:08.0654 0x1184  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:56:08.0684 0x1184  SNMPTRAP - ok
18:56:08.0709 0x1184  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:56:08.0724 0x1184  spldr - ok
18:56:09.0059 0x1184  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
18:56:09.0089 0x1184  Spooler - ok
18:56:09.0264 0x1184  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
18:56:09.0379 0x1184  sppsvc - ok
18:56:09.0414 0x1184  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:56:09.0449 0x1184  sppuinotify - ok
18:56:09.0579 0x1184  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:56:09.0609 0x1184  srv - ok
18:56:09.0694 0x1184  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:56:09.0719 0x1184  srv2 - ok
18:56:09.0794 0x1184  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:56:09.0814 0x1184  srvnet - ok
18:56:09.0869 0x1184  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:56:09.0909 0x1184  SSDPSRV - ok
18:56:09.0959 0x1184  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:56:09.0994 0x1184  SstpSvc - ok
18:56:10.0059 0x1184  [ ECAD7536931CDEC9988E64DDD9AC08DE, A0B582774123F09141A0C083CB15424B81A070737228DBF015FF59F99B44667B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:56:10.0079 0x1184  ssudmdm - ok
18:56:10.0189 0x1184  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe
18:56:10.0224 0x1184  ss_conn_service - ok
18:56:10.0336 0x1184  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:56:10.0361 0x1184  stexstor - ok
18:56:10.0451 0x1184  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:56:10.0481 0x1184  StillCam - ok
18:56:10.0536 0x1184  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:56:10.0571 0x1184  StiSvc - ok
18:56:10.0621 0x1184  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:56:10.0636 0x1184  storflt - ok
18:56:10.0666 0x1184  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
18:56:10.0686 0x1184  StorSvc - ok
18:56:10.0731 0x1184  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:56:10.0746 0x1184  storvsc - ok
18:56:10.0776 0x1184  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:56:10.0791 0x1184  swenum - ok
18:56:10.0856 0x1184  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
18:56:10.0906 0x1184  swprv - ok
18:56:11.0106 0x1184  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
18:56:11.0158 0x1184  SysMain - ok
18:56:11.0198 0x1184  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
18:56:11.0223 0x1184  TabletInputService - ok
18:56:11.0259 0x1184  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:56:11.0299 0x1184  TapiSrv - ok
18:56:11.0404 0x1184  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:56:11.0454 0x1184  Tcpip - ok
18:56:11.0574 0x1184  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:56:11.0619 0x1184  TCPIP6 - ok
18:56:11.0664 0x1184  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:56:11.0684 0x1184  tcpipreg - ok
18:56:11.0754 0x1184  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:56:11.0779 0x1184  TDPIPE - ok
18:56:11.0874 0x1184  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:56:11.0889 0x1184  TDTCP - ok
18:56:11.0954 0x1184  [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:56:11.0969 0x1184  tdx - ok
18:56:12.0344 0x1184  [ D6DDCFFF145CB7D334EECC2F9A8E304F, DC2E19A799F336DF299460C8DB4EE0B2597ADC6C4728F2BB3BBCFA1192BE809C ] TeamViewer      C:\Program Files\TeamViewer\TeamViewer_Service.exe
18:56:12.0544 0x1184  TeamViewer - ok
18:56:12.0629 0x1184  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:56:12.0644 0x1184  TermDD - ok
18:56:13.0759 0x1184  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
18:56:13.0804 0x1184  TermService - ok
18:56:13.0844 0x1184  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
18:56:13.0864 0x1184  Themes - ok
18:56:14.0154 0x1184  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:56:14.0199 0x1184  THREADORDER - ok
18:56:14.0294 0x1184  [ CF3AE1FE5D5D55747F1338DE5C07852A, 97269446847B8F2A9D621FBF7845360DF8D595787102291C6F03AB9A84D67A7F ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:56:14.0304 0x1184  TOSHIBA Bluetooth Service - ok
18:56:14.0319 0x1184  Tosrfcom - ok
18:56:14.0369 0x1184  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
18:56:14.0414 0x1184  TrkWks - ok
18:56:14.0524 0x1184  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:56:14.0559 0x1184  TrustedInstaller - ok
18:56:14.0759 0x1184  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:14.0794 0x1184  tssecsrv - ok
18:56:15.0049 0x1184  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:56:15.0079 0x1184  TsUsbFlt - ok
18:56:15.0439 0x1184  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:56:15.0454 0x1184  TsUsbGD - ok
18:56:15.0534 0x1184  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:56:15.0574 0x1184  tunnel - ok
18:56:15.0589 0x1184  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:56:15.0604 0x1184  uagp35 - ok
18:56:15.0659 0x1184  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:56:15.0699 0x1184  udfs - ok
18:56:15.0764 0x1184  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:56:15.0794 0x1184  UI0Detect - ok
18:56:15.0839 0x1184  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:56:15.0854 0x1184  uliagpkx - ok
18:56:15.0884 0x1184  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:56:15.0909 0x1184  umbus - ok
18:56:15.0924 0x1184  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:56:15.0944 0x1184  UmPass - ok
18:56:15.0984 0x1184  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:56:16.0004 0x1184  UmRdpService - ok
18:56:16.0059 0x1184  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
18:56:16.0104 0x1184  upnphost - ok
18:56:16.0164 0x1184  [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:56:16.0189 0x1184  USBAAPL - ok
18:56:16.0364 0x1184  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:16.0394 0x1184  usbccgp - ok
18:56:16.0459 0x1184  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:56:16.0479 0x1184  usbcir - ok
18:56:16.0509 0x1184  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:56:16.0529 0x1184  usbehci - ok
18:56:16.0574 0x1184  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:56:16.0599 0x1184  usbhub - ok
18:56:16.0629 0x1184  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:56:16.0649 0x1184  usbohci - ok
18:56:16.0699 0x1184  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:56:16.0719 0x1184  usbprint - ok
18:56:16.0759 0x1184  [ 144DA53294922A84FFAA3D90B1453745, A8DC6B534E4526E2226CF6C9D53A4B6B251D2F23728E41737063D24024C5266F ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:16.0779 0x1184  USBSTOR - ok
18:56:16.0839 0x1184  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:16.0859 0x1184  usbuhci - ok
18:56:16.0904 0x1184  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:56:16.0924 0x1184  usbvideo - ok
18:56:16.0954 0x1184  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
18:56:16.0989 0x1184  UxSms - ok
18:56:17.0014 0x1184  [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] VaultSvc        C:\Windows\system32\lsass.exe
18:56:17.0029 0x1184  VaultSvc - ok
18:56:17.0069 0x1184  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:56:17.0084 0x1184  vdrvroot - ok
18:56:17.0149 0x1184  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
18:56:17.0189 0x1184  vds - ok
18:56:17.0289 0x1184  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:17.0309 0x1184  vga - ok
18:56:17.0414 0x1184  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:56:17.0454 0x1184  VgaSave - ok
18:56:17.0509 0x1184  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:56:17.0539 0x1184  vhdmp - ok
18:56:17.0569 0x1184  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:56:17.0589 0x1184  viaagp - ok
18:56:17.0624 0x1184  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:56:17.0644 0x1184  ViaC7 - ok
18:56:17.0724 0x1184  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:56:17.0739 0x1184  viaide - ok
18:56:17.0819 0x1184  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:56:17.0839 0x1184  vmbus - ok
18:56:17.0854 0x1184  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:56:17.0874 0x1184  VMBusHID - ok
18:56:17.0994 0x1184  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:56:18.0009 0x1184  volmgr - ok
18:56:18.0109 0x1184  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:56:18.0144 0x1184  volmgrx - ok
18:56:18.0154 0x1184  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:56:18.0179 0x1184  volsnap - ok
18:56:18.0234 0x1184  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:56:18.0254 0x1184  vsmraid - ok
18:56:18.0429 0x1184  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
18:56:18.0489 0x1184  VSS - ok
18:56:18.0549 0x1184  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:18.0569 0x1184  vwifibus - ok
18:56:18.0609 0x1184  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:18.0629 0x1184  vwififlt - ok
18:56:18.0664 0x1184  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
18:56:18.0709 0x1184  W32Time - ok
18:56:18.0804 0x1184  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:56:18.0829 0x1184  WacomPen - ok
18:56:18.0874 0x1184  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:56:18.0904 0x1184  WANARP - ok
18:56:18.0914 0x1184  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:56:18.0944 0x1184  Wanarpv6 - ok
18:56:19.0185 0x1184  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
18:56:19.0236 0x1184  wbengine - ok
18:56:19.0266 0x1184  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:56:19.0296 0x1184  WbioSrvc - ok
18:56:19.0331 0x1184  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:56:19.0366 0x1184  wcncsvc - ok
18:56:19.0401 0x1184  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:56:19.0421 0x1184  WcsPlugInService - ok
18:56:19.0466 0x1184  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
18:56:19.0481 0x1184  Wd - ok
18:56:19.0771 0x1184  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:56:19.0806 0x1184  Wdf01000 - ok
18:56:20.0081 0x1184  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:56:20.0116 0x1184  WdiServiceHost - ok
18:56:20.0121 0x1184  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:56:20.0146 0x1184  WdiSystemHost - ok
18:56:20.0386 0x1184  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
18:56:20.0433 0x1184  WebClient - ok
18:56:20.0653 0x1184  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:56:20.0708 0x1184  Wecsvc - ok
18:56:20.0828 0x1184  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:56:20.0863 0x1184  wercplsupport - ok
18:56:20.0913 0x1184  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
18:56:20.0953 0x1184  WerSvc - ok
18:56:20.0973 0x1184  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:21.0008 0x1184  WfpLwf - ok
18:56:21.0033 0x1184  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:56:21.0048 0x1184  WIMMount - ok
18:56:21.0193 0x1184  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:56:21.0228 0x1184  WinDefend - ok
18:56:21.0243 0x1184  WinHttpAutoProxySvc - ok
18:56:21.0443 0x1184  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:56:21.0478 0x1184  Winmgmt - ok
18:56:21.0858 0x1184  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:56:21.0908 0x1184  WinRM - ok
18:56:21.0988 0x1184  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:22.0008 0x1184  WinUsb - ok
18:56:22.0093 0x1184  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:56:22.0143 0x1184  Wlansvc - ok
18:56:22.0183 0x1184  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:56:22.0198 0x1184  WmiAcpi - ok
18:56:22.0263 0x1184  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:56:22.0283 0x1184  wmiApSrv - ok
18:56:22.0413 0x1184  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:56:22.0458 0x1184  WMPNetworkSvc - ok
18:56:22.0518 0x1184  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:56:22.0548 0x1184  WPCSvc - ok
18:56:22.0572 0x1184  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:56:22.0590 0x1184  WPDBusEnum - ok
18:56:22.0625 0x1184  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:56:22.0655 0x1184  ws2ifsl - ok
18:56:22.0675 0x1184  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:56:22.0700 0x1184  wscsvc - ok
18:56:22.0710 0x1184  WSearch - ok
18:56:22.0936 0x1184  [ E51B294DC4A0A944DDE468356CFBB4AC, 0C1B8768C0F8CD7A76E926A068AA994D9FC546A4FBFC8935C93F683A9A052762 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:56:23.0007 0x1184  wuauserv - ok
18:56:23.0097 0x1184  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:56:23.0117 0x1184  WudfPf - ok
18:56:23.0167 0x1184  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:23.0187 0x1184  WUDFRd - ok
18:56:23.0219 0x1184  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:56:23.0239 0x1184  wudfsvc - ok
18:56:23.0324 0x1184  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:56:23.0344 0x1184  WwanSvc - ok
18:56:23.0389 0x1184  ================ Scan global ===============================
18:56:23.0434 0x1184  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
18:56:23.0479 0x1184  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
18:56:23.0504 0x1184  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
18:56:23.0664 0x1184  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
18:56:23.0854 0x1184  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
18:56:23.0874 0x1184  [ Global ] - ok
18:56:23.0874 0x1184  ================ Scan MBR ==================================
18:56:24.0079 0x1184  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:56:25.0104 0x1184  \Device\Harddisk0\DR0 - ok
18:56:25.0759 0x1184  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:56:25.0879 0x1184  \Device\Harddisk1\DR1 - ok
18:56:26.0174 0x1184  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:56:26.0304 0x1184  \Device\Harddisk2\DR2 - ok
18:56:26.0304 0x1184  ================ Scan VBR ==================================
18:56:26.0329 0x1184  [ AC53FEDA759680143AB3DD78D1DB5586 ] \Device\Harddisk0\DR0\Partition1
18:56:26.0334 0x1184  \Device\Harddisk0\DR0\Partition1 - ok
18:56:26.0374 0x1184  [ C00BC20C8830B4EB97E300D739F46B54 ] \Device\Harddisk0\DR0\Partition2
18:56:26.0379 0x1184  \Device\Harddisk0\DR0\Partition2 - ok
18:56:26.0409 0x1184  [ 87416DF15CE692F7010F8B910B1CF2C8 ] \Device\Harddisk0\DR0\Partition3
18:56:26.0409 0x1184  \Device\Harddisk0\DR0\Partition3 - ok
18:56:26.0414 0x1184  [ 11FA00257320542645E6A792D2F4B284 ] \Device\Harddisk1\DR1\Partition1
18:56:26.0419 0x1184  \Device\Harddisk1\DR1\Partition1 - ok
18:56:26.0424 0x1184  [ 215C1667E254373A6C00FA6F432777C9 ] \Device\Harddisk2\DR2\Partition1
18:56:26.0424 0x1184  \Device\Harddisk2\DR2\Partition1 - ok
18:56:26.0429 0x1184  ================ Scan generic autorun ======================
18:56:26.0851 0x1184  [ 967DCD9F36AAEA34FE859C9B82E6A4B9, C3D5CA9E972912C014421DDC8E2D8DD9240983F0BDAF47A52FE39F28AA9553AD ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
18:56:27.0056 0x1184  RtHDVCpl - ok
18:56:27.0216 0x1184  [ B259A1B11711AA566745BC7B238EF8EF, 9826F9DA9D9F122B5DEE88BA91CCC3B7F271ABE78949D50DE1D1145866CE07B1 ] C:\Program Files\System Control Manager\MGSysCtrl.exe
18:56:27.0286 0x1184  MGSysCtrl - detected UnsignedFile.Multi.Generic ( 1 )
18:56:27.0286 0x1184  MGSysCtrl ( UnsignedFile.Multi.Generic ) - warning
18:56:27.0461 0x1184  [ 56B5D6BC06CDB731ABED4711CA0A66D9, C626626554CAB357086DEFACAB2F15497CEE3ADC715518469EC38ECADF81FF14 ] C:\Windows\System32\runas.exe
18:56:27.0491 0x1184  Everything - ok
18:56:27.0841 0x1184  [ B6990DF4D73FCB28525FA9E674453739, 042C48C1C854340A34A175E1510C2A826157AA3A603A78AAB66369CE86F3FCFC ] C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe
18:56:27.0916 0x1184  Acrobat Assistant 8.0 - ok
18:56:27.0923 0x1184  {21EFC80C-98BE-4325-9D1B-8F83B1F31112} - ok
18:56:28.0119 0x1184  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:56:28.0176 0x1184  Sidebar - ok
18:56:28.0220 0x1184  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
18:56:28.0246 0x1184  mctadmin - ok
18:56:28.0331 0x1184  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
18:56:28.0376 0x1184  Sidebar - ok
18:56:28.0386 0x1184  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
18:56:28.0406 0x1184  mctadmin - ok
18:56:28.0481 0x1184  [ 3AAA9DF77D5F41555B0587B0E1332EA5, D138F54F61BF7A6C734F1D97BA0D5F81B2C677B9006E51BBAD7952889FC36FFA ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
18:56:28.0531 0x1184  WinPatrol - ok
18:56:28.0941 0x1184  [ 3AAA9DF77D5F41555B0587B0E1332EA5, D138F54F61BF7A6C734F1D97BA0D5F81B2C677B9006E51BBAD7952889FC36FFA ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
18:56:28.0981 0x1184  WinPatrol - ok
18:56:29.0076 0x1184  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
18:56:29.0121 0x1184  Sidebar - ok
18:56:29.0418 0x1184  [ A4B616276AB31908EC0BD8963A26E433, B6D63E023529764F51D5F5004B2D5F3A11F8A74F7C2D517DCE71FF883C9F2A0B ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
18:56:29.0463 0x1184  GarminExpressTrayApp - ok
18:56:29.0988 0x1184  [ 3E96ACD6A8169DBFA6B3F82C2E6A97C9, 120B07B0CC30829166110F509365E0A7DE58A9DF4C633102BA39924763360C04 ] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
18:56:30.0238 0x1184  AnyDVD - ok
18:56:30.0863 0x1184  [ 97242CF00947D7642F69C2988C9EB26C, 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8 ] C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:56:30.0863 0x1184  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe. md5: 97242CF00947D7642F69C2988C9EB26C, sha256: 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8
18:56:30.0883 0x1184  massachusettsburn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:56:30.0883 0x1184  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:56:30.0883 0x1184  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:56:30.0883 0x1184  Object send P2P result: false
18:56:30.0923 0x1184  [ 917E80DDF53BBD0A1E8128B6B8FE1E70, 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF ] C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:56:30.0923 0x1184  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe. md5: 917E80DDF53BBD0A1E8128B6B8FE1E70, sha256: 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF
18:56:30.0928 0x1184  majorityform - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:56:30.0933 0x1184  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:56:30.0933 0x1184  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:56:30.0933 0x1184  Object send P2P result: false
18:56:31.0128 0x1184  [ D978362CA4DBDF1C6FDE2CA6691EB50A, 49CB9B1AB6D726081F68CE0E6BA20CEF352D205A17EEBAD9EF6497C88E0595A5 ] C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe
18:56:31.0153 0x1184  edge-introduce - detected UnsignedFile.Multi.Generic ( 1 )
18:56:31.0153 0x1184  edge-introduce ( UnsignedFile.Multi.Generic ) - warning
18:56:31.0158 0x1184  massachusettsfield - ok
18:56:31.0213 0x1184  [ 97242CF00947D7642F69C2988C9EB26C, 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8 ] C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:56:31.0213 0x1184  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe. md5: 97242CF00947D7642F69C2988C9EB26C, sha256: 59F3297976BF9D24A8AB1231C20636B6EB121017B2AFB855649C8402BFE71DE8
18:56:31.0228 0x1184  massachusettsburn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:56:31.0228 0x1184  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:56:31.0228 0x1184  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Massachusettsbaby\massachusetts-broken.exe
18:56:31.0228 0x1184  Object send P2P result: false
18:56:31.0328 0x1184  [ 917E80DDF53BBD0A1E8128B6B8FE1E70, 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF ] C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:56:31.0328 0x1184  Suspicious file ( NoAccess ): C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe. md5: 917E80DDF53BBD0A1E8128B6B8FE1E70, sha256: 8B4D9AB40163CA5C393384DFFF0A8F2E764B296D629B7DC01BA5B00C5900A1BF
18:56:31.0333 0x1184  majorityform - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
18:56:31.0333 0x1184  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - infected
18:56:31.0333 0x1184  Force sending object to P2P due to detect: C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe
18:56:31.0338 0x1184  Object send P2P result: false
18:56:31.0363 0x1184  Win FW state via NFP2: enabled ( trusted )
18:56:31.0363 0x1184  ============================================================
18:56:31.0363 0x1184  Scan finished
18:56:31.0363 0x1184  ============================================================
18:56:31.0378 0x0ec0  Detected object count: 9
18:56:31.0378 0x0ec0  Actual detected object count: 9
18:57:07.0374 0x0ec0  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:07.0374 0x0ec0  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:57:07.0374 0x0ec0  Everything ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:07.0374 0x0ec0  Everything ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:57:07.0379 0x0ec0  Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:07.0379 0x0ec0  Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:57:07.0384 0x0ec0  MGSysCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:07.0384 0x0ec0  MGSysCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:57:07.0384 0x0ec0  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
18:57:07.0384 0x0ec0  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
18:57:07.0389 0x0ec0  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
18:57:07.0389 0x0ec0  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
18:57:07.0394 0x0ec0  edge-introduce ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:07.0394 0x0ec0  edge-introduce ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:57:07.0394 0x0ec0  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
18:57:07.0394 0x0ec0  massachusettsburn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
18:57:07.0399 0x0ec0  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
18:57:07.0399 0x0ec0  majorityform ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
18:57:15.0145 0x11cc  Deinitialize success
         

Alt 01.06.2016, 18:08   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Bitte Anweisungen genau befolgen! Sonst macht das hier keinen Sinn...

Mach bitte so weiter:

Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 01.06.2016, 19:29   #8
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Code:
ATTFilter
ComboFix 16-06-01.01 - Waltraud 01.06.2016  20:15:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3037.2146 [GMT 2:00]
ausgeführt von:: d:\dokumente\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-05-01 bis 2016-06-01  ))))))))))))))))))))))))))))))
.
.
2016-06-01 18:22 . 2016-06-01 18:22	--------	d-----w-	c:\users\Sysadmin\AppData\Local\temp
2016-06-01 18:22 . 2016-06-01 18:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-06-01 16:53 . 2016-06-01 16:53	220768	----a-w-	c:\windows\system32\drivers\78941426.sys
2016-06-01 16:53 . 2016-06-01 16:53	--------	d-----w-	C:\TDSSKiller_Quarantine
2016-05-31 21:13 . 2016-05-31 21:16	--------	d-----w-	C:\FRST
2016-05-31 11:10 . 2016-05-31 11:10	--------	d-----w-	c:\windows\rescache
2016-05-31 10:04 . 2016-05-26 20:30	9464104	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D68C9A67-1FAE-4981-AE74-6D3387B657D5}\mpengine.dll
2016-05-30 18:27 . 2016-05-30 18:27	--------	d-----w-	c:\program files\Recuva
2016-05-20 14:29 . 2016-05-20 14:29	--------	d--h--w-	c:\users\Waltraud\AppData\Roaming\Edgestaff
2016-05-18 15:19 . 2016-05-31 11:33	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 15:19 . 2016-05-18 15:19	--------	d-----w-	c:\programdata\Malwarebytes
2016-05-18 15:19 . 2016-03-10 12:09	53120	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-05-18 15:19 . 2016-03-10 12:08	126336	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 15:19 . 2016-03-10 12:08	24448	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-05-16 07:58 . 2016-05-19 10:26	--------	d--h--w-	c:\users\Waltraud\AppData\Roaming\Edge-plant
2016-05-11 10:35 . 2016-04-09 06:59	730344	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2016-05-11 10:35 . 2016-04-09 06:59	218856	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2016-05-11 10:35 . 2016-04-09 06:54	107520	----a-w-	c:\windows\system32\cdd.dll
2016-05-10 20:50 . 2016-05-10 20:50	--------	d-----w-	c:\users\Waltraud\AppData\Local\VirtualStore
2016-05-10 15:01 . 2016-01-21 00:51	57280	----a-w-	c:\windows\system32\drivers\disk.sys
2016-05-10 15:01 . 2016-03-15 23:53	566272	----a-w-	c:\windows\system32\samsrv.dll
2016-05-10 15:01 . 2016-03-15 23:53	60416	----a-w-	c:\windows\system32\samlib.dll
2016-05-10 15:01 . 2016-04-04 17:54	34024	----a-w-	c:\windows\system32\CompatTelRunner.exe
2016-05-10 15:01 . 2016-03-17 18:04	65536	----a-w-	c:\windows\system32\acmigration.dll
2016-05-10 15:01 . 2016-03-17 18:04	560640	----a-w-	c:\windows\system32\generaltel.dll
2016-05-10 15:01 . 2016-03-17 18:04	424960	----a-w-	c:\windows\system32\devinv.dll
2016-05-10 15:01 . 2016-04-04 17:42	957952	----a-w-	c:\windows\system32\aeinv.dll
2016-05-10 15:01 . 2016-04-02 13:07	1218048	----a-w-	c:\windows\system32\appraiser.dll
2016-05-10 15:01 . 2016-03-23 14:02	177664	----a-w-	c:\windows\system32\aepic.dll
2016-05-10 15:01 . 2016-03-17 18:04	232960	----a-w-	c:\windows\system32\invagent.dll
2016-05-10 15:01 . 2016-03-06 18:38	1240576	----a-w-	c:\windows\system32\msxml3.dll
2016-05-10 15:01 . 2016-03-06 18:38	2048	----a-w-	c:\windows\system32\msxml3r.dll
2016-05-10 14:57 . 2016-02-05 18:44	97792	----a-w-	c:\windows\system32\fveapibase.dll
2016-05-10 14:57 . 2016-02-05 17:33	15360	----a-w-	c:\windows\system32\tbs.dll
2016-05-10 14:57 . 2015-06-03 20:22	355456	----a-w-	c:\windows\system32\fveapi.dll
2016-05-10 14:57 . 2015-06-03 20:22	257864	----a-w-	c:\windows\system32\wbem\Win32_Tpm.dll
2016-05-10 14:56 . 2016-02-05 18:44	26112	----a-w-	c:\windows\system32\lpk.dll
2016-05-10 14:56 . 2016-02-05 18:44	70656	----a-w-	c:\windows\system32\fontsub.dll
2016-05-10 14:56 . 2016-02-05 18:42	10240	----a-w-	c:\windows\system32\dciman32.dll
2016-05-10 14:56 . 2016-02-05 17:43	299520	----a-w-	c:\windows\system32\atmfd.dll
2016-05-10 14:56 . 2016-02-05 17:43	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 13:05 . 2015-04-10 12:23	374944	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2015-03-30 1163264]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-04-08 1399208]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2015-07-20 9268136]
"edge-introduce"="c:\users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe" [2016-05-20 209168]
"majorityform"="c:\users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe" [2016-05-14 247808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-11-06 2244608]
"Everything"="c:\windows\System32\runas.exe" [2009-07-14 17408]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2016-05-16 1867448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-15 157456]
"KiesTrayAgent"="d:\programme\Kies\KiesTrayAgent.exe" [2016-01-08 318248]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-01-07 508128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{21EFC80C-98BE-4325-9D1B-8F83B1F31112}"="start" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-04-08 1399208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\SECUNIA\PSI\psi_tray.exe [2014-11-28 591576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files\Garmin\Device Interaction Service\GarminService.exe [2016-04-08 792592]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-01-08 99296]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-04-23 102912]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2014-11-28 16024]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-01-08 191200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Everything;Everything;c:\program files\Everything\Everything.exe [2014-08-06 1048576]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2014-11-28 1363160]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2014-11-28 765144]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;d:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-01-08 754784]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-06-05 266240]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvdo.sys [2014-10-06 191952]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2015-03-30 13304]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 51867421
*Deregistered* - 51867421
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc	REG_MULTI_SZ   	DiagTrack
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: Interfaces\{D016697E-9AED-4911-837D-EF7A82D70341}: NameServer = 8.8.8.8,192.168.2.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-21028735.sys
AddRemove-FLAC To MP3_is1 - c:\flac to mp3\unins000.exe
AddRemove-25_escape - d:\programme\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - d:\programme\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-06-01  20:24:03
ComboFix-quarantined-files.txt  2016-06-01 18:24
.
Vor Suchlauf: 13 Verzeichnis(se), 16.558.579.712 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 17.334.099.968 Bytes frei
.
- - End Of File - - 7FB7B05052D6B4D3218E2612CA85CA98
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 02.06.2016, 11:00   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Jetzt bitte ein frisches FRST-Log weil es aussagekräftiger ist...

Schritt 1



Bitte starte FRST erneut, und drücke auf Untersuchen.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.06.2016, 14:38   #10
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
durchgeführt von Waltraud (Administrator) auf WALTRAUD-PC (02-06-2016 15:34:38)
Gestartet von D:\Dokumente\Desktop
Geladene Profile: Waltraud (Verfügbare Profile: Sysadmin & Waltraud)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(DEVGURU Co., LTD.) D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung Electronics Co., Ltd.) D:\programme\kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\shutdown.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2244608 2009-11-06] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-16] (Adobe Systems Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-15] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => D:\programme\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [9268136 2015-07-20] (SlySoft, Inc.)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [edge-introduce] => C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe [209168 2016-05-20] ()
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [majorityform] => C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe <===== ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-01]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\PROGRAM FILES\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{D016697E-9AED-4911-837D-EF7A82D70341}: [NameServer] 8.8.8.8,192.168.2.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-16] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF user.js: detected! => C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\user.js [2016-06-01]
FF SearchPlugin: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\searchplugins\forestle-de.xml [2010-01-14]
FF Extension: Garmin Communicator - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-27]
FF Extension: Avira Browser Safety - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\abs@avira.com [2016-05-14]
FF Extension: Xmarks - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\foxmarks@kei.com [2016-05-30]
FF Extension: Flagfox - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-05-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-04-13] [ist nicht signiert]
FF Extension: WOT - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: Video DownloadHelper - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Add Bookmark Here - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{F33233B3-EDB1-41f4-8482-917AB190E647} [2015-04-13] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-24]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 Everything; C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] () [Datei ist nicht signiert] <==== ACHTUNG
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 ss_conn_service; D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-04-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [191952 2014-10-06] (Miray)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2015-03-30] (TeamViewer GmbH)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 catchme; \??\C:\Users\Waltraud\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Tosrfcom; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-01 20:24 - 2016-06-01 20:24 - 00011316 _____ C:\ComboFix.txt
2016-06-01 20:12 - 2016-06-01 20:24 - 00000000 ____D C:\Qoobox
2016-06-01 20:12 - 2016-06-01 20:22 - 00000000 ____D C:\Windows\erdnt
2016-06-01 20:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-01 20:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-01 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-01 18:54 - 2016-06-01 18:57 - 00213696 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.54.50_log.txt
2016-06-01 18:53 - 2016-06-01 18:53 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-01 18:51 - 2016-06-01 18:54 - 00216444 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.51.19_log.txt
2016-05-31 23:13 - 2016-06-02 15:34 - 00000000 ____D C:\FRST
2016-05-31 13:10 - 2016-05-31 13:10 - 00000000 ____D C:\Windows\rescache
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\Program Files\Recuva
2016-05-20 16:29 - 2016-05-20 16:29 - 00000000 ___HD C:\Users\Waltraud\AppData\Roaming\Edgestaff
2016-05-20 09:34 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-20 09:34 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-20 09:34 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-20 09:34 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-20 09:34 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-20 09:34 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-20 09:34 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-20 09:34 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-20 09:34 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-20 09:34 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-20 09:34 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-20 09:34 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-20 09:34 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-20 09:34 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 09:34 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-20 09:34 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-20 09:34 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-20 09:34 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-20 09:34 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-20 09:34 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-20 09:34 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-20 09:34 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-20 09:34 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-20 09:34 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-20 09:34 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-20 09:34 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-20 09:34 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-18 17:19 - 2016-05-31 13:33 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 17:19 - 2016-05-18 17:19 - 00000736 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-18 17:19 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-16 09:58 - 2016-05-19 12:26 - 00000000 ___HD C:\Users\Waltraud\AppData\Roaming\Edge-plant
2016-05-11 12:39 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:39 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:39 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:39 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:39 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:39 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:39 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:39 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:39 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:39 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 12:39 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:39 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:39 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:35 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:35 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:35 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-10 22:50 - 2016-05-10 22:50 - 00000000 ____D C:\Users\Waltraud\AppData\Local\VirtualStore
2016-05-10 17:02 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 17:02 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 17:02 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-10 17:02 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-10 17:01 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-10 17:01 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-10 17:01 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-10 17:01 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-10 17:01 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-10 16:57 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-10 16:57 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-10 16:57 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-10 16:56 - 2016-02-05 20:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-09 07:09 - 2016-05-09 07:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 15:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-01 23:40 - 2015-04-10 14:58 - 00000000 ____D C:\Program Files\TeamViewer
2016-06-01 21:05 - 2015-04-19 18:58 - 00000000 ____D C:\Users\Waltraud\AppData\Roaming\vlc
2016-06-01 20:25 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-01 20:25 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-01 20:22 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2016-05-31 11:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system
2016-05-30 22:16 - 2011-04-12 03:30 - 00699222 _____ C:\Windows\system32\perfh007.dat
2016-05-30 22:16 - 2011-04-12 03:30 - 00149330 _____ C:\Windows\system32\perfc007.dat
2016-05-30 22:16 - 2010-11-20 23:01 - 01618792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 22:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-25 21:52 - 2015-04-10 20:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-21 12:22 - 2016-01-15 12:59 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-21 12:22 - 2015-07-23 22:14 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-20 20:14 - 2016-02-12 19:38 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-20 18:05 - 2015-04-24 14:40 - 00000000 ____D C:\Users\Waltraud\AppData\Local\calibre-cache
2016-05-20 10:15 - 2015-04-11 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 12:40 - 2015-04-15 21:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 12:40 - 2015-04-10 20:45 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 12:32 - 2015-04-10 20:45 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 10:09 - 2009-07-14 06:33 - 00311616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 10:06 - 2011-04-12 03:39 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 15:40 - 2015-09-17 15:29 - 00000040 ___SH C:\ProgramData\.zreglib
2016-05-09 22:00 - 2015-04-10 02:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-17 15:29 - 2016-05-10 15:40 - 0000040 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-15 10:54

==================== Ende vom FRST.txt ============================
         

Alt 02.06.2016, 17:40   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
Folder: C:\Users\Waltraud\AppData\Roaming\Edgestaff
C:\Users\Waltraud\AppData\Roaming\Edgestaff\
C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [edge-introduce] => C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe [209168 2016-05-20] ()
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [majorityform] => C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
FF user.js: detected! => C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\user.js [2016-06-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-14]
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Entfernen-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2



Bitte starte FRST erneut, und drücke auf Untersuchen.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.06.2016, 19:31   #12
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Fixlog:
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
durchgeführt von Waltraud (2016-06-02 20:23:31) Run:1
Gestartet von D:\Dokumente\Desktop
Geladene Profile: Waltraud (Verfügbare Profile: Sysadmin & Waltraud)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
CloseProcesses:
Folder: C:\Users\Waltraud\AppData\Roaming\Edgestaff
C:\Users\Waltraud\AppData\Roaming\Edgestaff\
C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [edge-introduce] => C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe [209168 2016-05-20] ()
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [majorityform] => C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs\majority_father.exe 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
FF user.js: detected! => C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\user.js [2016-06-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-14]

*****************

Prozess erfolgreich geschlossen.

========================= Folder: C:\Users\Waltraud\AppData\Roaming\Edgestaff ========================

2016-05-20 16:29 - 2016-05-20 16:29 - 0209168 ____H () C:\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe

====== Ende von Folder: ======

C:\Users\Waltraud\AppData\Roaming\Edgestaff => erfolgreich verschoben
C:\Users\Waltraud\AppData\Local\Temp\Majority_belongs => erfolgreich verschoben
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\Run\\edge-introduce => Wert erfolgreich entfernt
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Software\Microsoft\Windows\CurrentVersion\Run\\majorityform => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-496538639-4282283023-1573704931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\user.js => erfolgreich verschoben
C:\Program Files\mozilla firefox\defaults\pref\itms.js => erfolgreich verschoben


Das System musste neu gestartet werden.

==== Ende vom Fixlog 20:23:32 ====
         
Untersuchung:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
durchgeführt von Waltraud (Administrator) auf WALTRAUD-PC (02-06-2016 20:30:19)
Gestartet von D:\Dokumente\Desktop
Geladene Profile: Waltraud (Verfügbare Profile: Sysadmin & Waltraud)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Everything\Everything.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) D:\programme\kies\KiesTrayAgent.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(DEVGURU Co., LTD.) D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2244608 2009-11-06] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-16] (Adobe Systems Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-15] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => D:\programme\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [9268136 2015-07-20] (SlySoft, Inc.)
HKU\S-1-5-21-496538639-4282283023-1573704931-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-01]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\PROGRAM FILES\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{D016697E-9AED-4911-837D-EF7A82D70341}: [NameServer] 8.8.8.8,192.168.2.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-16] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF SearchPlugin: C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\searchplugins\forestle-de.xml [2010-01-14]
FF Extension: Garmin Communicator - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-27]
FF Extension: Avira Browser Safety - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\abs@avira.com [2016-05-14]
FF Extension: Xmarks - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\foxmarks@kei.com [2016-05-30]
FF Extension: Flagfox - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-05-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-04-13] [ist nicht signiert]
FF Extension: WOT - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: Video DownloadHelper - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Add Bookmark Here - C:\Users\Waltraud\AppData\Roaming\Mozilla\Firefox\Profiles\ncg3uedu.default\Extensions\{F33233B3-EDB1-41f4-8482-917AB190E647} [2015-04-13] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-24]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 Everything; C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] () [Datei ist nicht signiert] <==== ACHTUNG
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 ss_conn_service; D:\programme\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-04-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [191952 2014-10-06] (Miray)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2015-03-30] (TeamViewer GmbH)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 catchme; \??\C:\Users\Waltraud\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Tosrfcom; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-01 20:24 - 2016-06-01 20:24 - 00011316 _____ C:\ComboFix.txt
2016-06-01 20:12 - 2016-06-01 20:24 - 00000000 ____D C:\Qoobox
2016-06-01 20:12 - 2016-06-01 20:22 - 00000000 ____D C:\Windows\erdnt
2016-06-01 20:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-01 20:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-01 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-01 20:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-01 18:54 - 2016-06-01 18:57 - 00213696 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.54.50_log.txt
2016-06-01 18:53 - 2016-06-01 18:53 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-06-01 18:51 - 2016-06-01 18:54 - 00216444 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.51.19_log.txt
2016-05-31 23:13 - 2016-06-02 20:30 - 00000000 ____D C:\FRST
2016-05-31 13:10 - 2016-05-31 13:10 - 00000000 ____D C:\Windows\rescache
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-05-30 20:27 - 2016-05-30 20:27 - 00000000 ____D C:\Program Files\Recuva
2016-05-20 09:34 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-20 09:34 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-20 09:34 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-20 09:34 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-20 09:34 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-20 09:34 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-20 09:34 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-20 09:34 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-20 09:34 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-20 09:34 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-20 09:34 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-20 09:34 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-20 09:34 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-20 09:34 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-20 09:34 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-20 09:34 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 09:34 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-20 09:34 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-20 09:34 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-20 09:34 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-20 09:34 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-20 09:34 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-20 09:34 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-20 09:34 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-20 09:34 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-20 09:34 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-20 09:34 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-20 09:34 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-20 09:34 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-20 09:34 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-18 17:19 - 2016-05-31 13:33 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 17:19 - 2016-05-18 17:19 - 00000736 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-18 17:19 - 2016-05-18 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-18 17:19 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-18 17:19 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-16 09:58 - 2016-05-19 12:26 - 00000000 ___HD C:\Users\Waltraud\AppData\Roaming\Edge-plant
2016-05-11 12:39 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:39 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:39 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:39 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:39 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:39 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:39 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:39 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:39 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:39 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:39 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:39 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:39 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:39 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:39 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:39 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 12:39 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:39 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:39 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:35 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:35 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:35 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-05-11 12:33 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-05-10 22:50 - 2016-05-10 22:50 - 00000000 ____D C:\Users\Waltraud\AppData\Local\VirtualStore
2016-05-10 17:02 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 17:02 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 17:02 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 17:02 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 17:02 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 17:02 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-05-10 17:02 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-10 17:02 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-10 17:01 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-10 17:01 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-10 17:01 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-10 17:01 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-10 17:01 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-10 17:01 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-10 17:01 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-05-10 17:01 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-10 16:57 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-10 16:57 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-10 16:57 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-10 16:56 - 2016-02-05 20:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-05-10 16:56 - 2016-02-05 20:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-10 16:56 - 2016-02-05 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-09 07:09 - 2016-05-09 07:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 20:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-02 20:26 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-02 20:26 - 2009-07-14 06:34 - 00036720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-02 20:21 - 2015-04-10 14:58 - 00000000 ____D C:\Program Files\TeamViewer
2016-06-01 21:05 - 2015-04-19 18:58 - 00000000 ____D C:\Users\Waltraud\AppData\Roaming\vlc
2016-06-01 20:22 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2016-05-31 11:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system
2016-05-30 22:16 - 2011-04-12 03:30 - 00699222 _____ C:\Windows\system32\perfh007.dat
2016-05-30 22:16 - 2011-04-12 03:30 - 00149330 _____ C:\Windows\system32\perfc007.dat
2016-05-30 22:16 - 2010-11-20 23:01 - 01618792 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 22:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-25 21:52 - 2015-04-10 20:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-21 12:22 - 2016-01-15 12:59 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-05-21 12:22 - 2015-07-23 22:14 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-05-20 20:14 - 2016-02-12 19:38 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-20 18:05 - 2015-04-24 14:40 - 00000000 ____D C:\Users\Waltraud\AppData\Local\calibre-cache
2016-05-20 10:15 - 2015-04-11 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 12:40 - 2015-04-15 21:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 12:40 - 2015-04-10 20:45 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 12:32 - 2015-04-10 20:45 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 10:09 - 2009-07-14 06:33 - 00311616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 10:06 - 2011-04-12 03:39 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 15:40 - 2015-09-17 15:29 - 00000040 ___SH C:\ProgramData\.zreglib
2016-05-09 22:00 - 2015-04-10 02:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-17 15:29 - 2016-05-10 15:40 - 0000040 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-15 10:54

==================== Ende vom FRST.txt ============================
         

Alt 02.06.2016, 19:33   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Jetzt bitte Suchscan durchführen:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.06.2016, 10:36   #14
xairam
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ea942e36b064c046aaa8226d7bb7b262
# end=init
# utc_time=2016-06-03 08:18:36
# local_time=2016-06-03 10:18:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29679
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ea942e36b064c046aaa8226d7bb7b262
# end=updated
# utc_time=2016-06-03 08:20:40
# local_time=2016-06-03 10:20:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ea942e36b064c046aaa8226d7bb7b262
# engine=29679
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-03 09:23:56
# local_time=2016-06-03 11:23:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 218695 216577027 0 0
# scanned=132879
# found=7
# cleaned=0
# scan_time=3795
sh=49E066FD122423F0B72DC16D1445986FBF920522 ft=1 fh=43e11a37bf7d1577 vn="Variante von Win32/Kryptik.EYQL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Waltraud\AppData\Roaming\Edgestaff\edge-learn.exe"
sh=05DEAC80D160314F4CC59631E273D2A947F37ED5 ft=1 fh=78a55e23bba91359 vn="Win32/HackTool.Crack.DM Trojaner" ac=I fn="C:\Program Files\SlySoft\AnyDVD\ElbyCDIO.dll"
sh=B2267F38C416568F4C21E9497CF1F8ADEAC8622E ft=1 fh=09597da3197f423a vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\01.06.2016_18.51.23\zbot0000\file0000\tsk0000.dta"
sh=3F33383159C597EDC6846DB0D55B1C6B98BCA77D ft=1 fh=ac334f91a866aff5 vn="Variante von Win32/Kryptik.EXLE Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\01.06.2016_18.51.23\zbot0001\file0000\tsk0000.dta"
sh=B2267F38C416568F4C21E9497CF1F8ADEAC8622E ft=1 fh=09597da3197f423a vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\01.06.2016_18.51.23\zbot0002\file0000\tsk0000.dta"
sh=3F33383159C597EDC6846DB0D55B1C6B98BCA77D ft=1 fh=ac334f91a866aff5 vn="Variante von Win32/Kryptik.EXLE Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\01.06.2016_18.51.23\zbot0003\file0000\tsk0000.dta"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.DM Trojaner" ac=I fn="${Memory}"
         

Alt 03.06.2016, 20:39   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner laut Telekom Madznu, versendet Mails - Standard

Trojaner laut Telekom Madznu, versendet Mails



Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Trojaner laut Telekom Madznu, versendet Mails
aufzusetzen, briefe, dateien, eintrag, entferne, entfernen, gefunde, geschickt, laufen, mail, mails, malewarebytes, malwarebytes, netstat, neu, pcs, screenshots, telekom, temp, troja, trojaner, verbindungen, verdächtige, versendet, wirklich



Ähnliche Themen: Trojaner laut Telekom Madznu, versendet Mails


  1. Telekom Emailadresse verschickt Spam Mails - hab ich einen Trojaner o.ä.?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2016 (9)
  2. Brief von der Telekom bekommen, Internet Anschluss versendet Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 28.01.2015 (9)
  3. WIN7: Telekom-Rechnung (Trojaner) - Pc versendet Rechnungs-eMails und Grußkarten
    Log-Analyse und Auswertung - 07.12.2014 (9)
  4. yahoo account meines Vaters versendet laut den Bekannten öfter Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (5)
  5. Verdacht auf Hacking laut Brief von der Telekom
    Log-Analyse und Auswertung - 06.09.2013 (11)
  6. TR/Mediyes.adr und laut Telekom Zeus/ZBot
    Log-Analyse und Auswertung - 03.09.2013 (51)
  7. ZeuS/ZBot Trojaner laut Telekom
    Log-Analyse und Auswertung - 28.08.2013 (10)
  8. Routerüberlastung laut Telekom durch Schadsoftware
    Log-Analyse und Auswertung - 06.08.2013 (6)
  9. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  10. Trojaner? Yahoo-Mail versendet automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  11. GMX-Account versendet Mails; Trojaner Fake-Alert
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  12. Trojaner? Mails werden automatisch von Outlook versendet
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  13. web.de versendet selbständig Mails; evt. Trojaner eingefangen?
    Log-Analyse und Auswertung - 07.09.2011 (10)
  14. Trojaner? Yahoo versendet Spam-Mails
    Log-Analyse und Auswertung - 06.04.2011 (11)
  15. Trojaner der Mails versendet auf Workstation oder Server! HILFE!
    Plagegeister aller Art und deren Bekämpfung - 09.08.2009 (2)
  16. trojaner-backdoor versendet mails über svchost / winlogon
    Plagegeister aller Art und deren Bekämpfung - 02.06.2008 (5)

Zum Thema Trojaner laut Telekom Madznu, versendet Mails - Hallo, uns wurden jetzt 2 Briefe von der Telekom geschickt wegen Mail spams. Habe alle PCs mit netstat überprüft und Malewarebytes drüber laufen lassen. Bei meiner Oma habe ich dann - Trojaner laut Telekom Madznu, versendet Mails...
Archiv
Du betrachtest: Trojaner laut Telekom Madznu, versendet Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.