Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Telekom Abuse Team - generic Trojaner/Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.03.2015, 21:21   #1
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Moin moin,

es geht um das oben genannte Thema (kommt ja anscheinend öfters vor). Meine Mutter hat in letzter Zeit zwei solcher E-Mails erhalten (wobei die E-Mail Adresse im Empfang gar nicht mit ihrer @t-online.de Adresse übereinstimmt). Außerdem steht in den Details u.a. auch die Absende-Adresse mailin56.aul.t-online.de. Sie nutzt Windows Mail. Deshalb zweifel ich an sich schon die Echtheit dieser E-Mails an. Ich habe AntiVir über ihren Laptop laufen lassen und Avast Mobile über ihr Smartphone. Beide konnten nichts finden. Wie kann ich nun herausfinden, ob meine Mutti einen generic Virus auf dem Laptop hat bzw. es sicher ausschließen?





Hier nochmal die E-Mail (Name in der Anschrift und Kundennummer waren auf jeden Fall richtig!):

Sehr geehrte Kundin,
sehr geehrter Kunde,

uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein
Rechner, der sich über Ihren Internetzugang mit dem Internet verbindet,
mit einem Virus/Trojaner infiziert ist.

Die folgende IP-Adresse war zu dem genannten Zeitpunkt Ihnen zugeordnet:

IP-Adresse: 79.227.13.189
Zeitangabe: 05.03.2015, 22:45:53 (MEZ)
Infektion: generic

Wir empfehlen Ihnen jetzt folgende Schritte:

1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und
Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer
Wahl.

2. Ändern Sie dann alle Passwörter:
- das 'Persönliche Kennwort' (für die Einwahl ins Internet)
- das 'Passwort' (für das E-Mail- und Kundencenter)
- das 'E-Mail-Passwort' (für E-Mail Programme, wie z.B. Microsoft
Outlook)
für die Dienste der Deutschen Telekom. Dies können Sie zentral im
Kundencenter unter
https://kundencenter.telekom.de/kundencenter/kundendaten/passwoerter
tätigen. Vergessen Sie nicht etwaige Passwörter für Onlinebanking,
eBay, Amazon, Paypal und so weiter, falls Sie solche Dienste nutzen.

3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das
Betriebssystem und die installierte Software aktuell sind.

Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt
wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene
Schadsoftware nicht zuvor entfernt wurde.

Wenn Sie hierbei Unterstützung benötigen, erreichen Sie uns von Montag
bis Freitag von 08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien
Rufnummer 0800 5544 300. Halten Sie hierzu Ihre Abuse-ID und
Zugangsnummer, welche Sie im Betreff finden, bereit.

Auf unserer Seite https://abusefaq.telekom.de haben wir Ihnen viele
hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt.

Wenn Sie Fragen zu unserer E-Mail haben, schreiben Sie uns an
abuse@telekom.de und geben Sie dabei Ihre im Betreff genannte
Zugangsnummer an.

Mit freundlichen Grüßen

Deutsche Telekom AG
SEC-CDM / Abuse-Team
T-Online-Allee 1
D-64295 Darmstadt
E-Mail: abuse@telekom.de

hxxp://www.t-online.de/abuse
hxxp://www.telekom.de

ERLEBEN, WAS VERBINDET.

Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben

Große Veränderungen fangen klein an - Ressourcen schonen und nicht jede
E-Mail drucken.

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail und der darin enthaltenen
Informationen sind nicht gestattet.





Vielleicht habt ihr ja eine schnelle, hilfreiche Idee. Das Problem ist, dass meine Mutti 0 Ahnung von PCs hat und ich ihr nur bis morgen Nachmittag helfen kann, da ich dann wieder abreisen muss ^^ So schlimm ist es nicht, da sie auch nichts am PC macht, außer Bilder zu speichern und mal ne Mail zu tippen.

Vielen Dank vorab,

Doeksn

Alt 09.03.2015, 22:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.03.2015, 23:00   #3
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



So Scan wurde durchgeführt, hier die Log-Dateien:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by Johanna (administrator) on JOHANNA-PC on 09-03-2015 22:54:00
Running from C:\Users\Johanna\Downloads
Loaded Profiles: Johanna (Available profiles: Johanna)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
() C:\Program Files\MP4 Player\Mp4Player.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1323008 2009-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\...\Run: [MP4 Player] => C:\Program Files\MP4 Player\mp4Player.exe [772096 2008-11-06] ()
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\...\MountPoints2: {e34ed5c5-13ec-11df-b537-0026222f6621} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?rls=ig
HKU\S-1-5-21-448599090-1542697344-2977108501-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
SearchScopes: HKLM -> DefaultScope {D6790075-F3F5-431A-885F-682CA0F86141} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM -> {D6790075-F3F5-431A-885F-682CA0F86141} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-448599090-1542697344-2977108501-1000 -> DefaultScope {D6790075-F3F5-431A-885F-682CA0F86141} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE345
SearchScopes: HKU\S-1-5-21-448599090-1542697344-2977108501-1000 -> {06442FAE-894B-4C90-BA8D-9DD5283265F1} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-448599090-1542697344-2977108501-1000 -> {726CFF9C-FE01-48F0-B0CB-2A125231E680} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-448599090-1542697344-2977108501-1000 -> {D6790075-F3F5-431A-885F-682CA0F86141} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE345
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120805182421.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-448599090-1542697344-2977108501-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\eqjf5o0j.default
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-05] (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\eqjf5o0j.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\eqjf5o0j.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-18]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-29] (Avira GmbH)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 22:54 - 2015-03-09 22:55 - 00021045 _____ () C:\Users\Johanna\Downloads\FRST.txt
2015-03-09 22:53 - 2015-03-09 22:54 - 00000000 ____D () C:\FRST
2015-03-09 22:25 - 2015-03-09 22:25 - 01134592 _____ (Farbar) C:\Users\Johanna\Downloads\FRST.exe
2015-03-06 16:54 - 2015-03-06 16:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-06 15:42 - 2009-10-27 17:19 - 00001661 _____ () C:\Users\Johanna\Desktop\Windows Update.lnk
2015-03-06 09:52 - 2015-03-06 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-18 23:20 - 2014-10-15 13:38 - 06821496 _____ (TomTom International B.V.) C:\Users\Johanna\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-02-17 20:27 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 20:27 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 23:31 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 23:18 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 23:18 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 23:15 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-13 23:15 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 23:13 - 2015-02-13 23:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-13 17:55 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-13 17:55 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-13 17:55 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-13 17:55 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-13 17:55 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-13 17:55 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-13 17:55 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-13 17:55 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-13 17:55 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-13 17:55 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-13 17:55 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-13 17:55 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-13 17:55 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-13 17:55 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-13 17:55 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 22:18 - 2014-03-03 21:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 22:08 - 2009-08-17 12:34 - 01102826 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 21:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 21:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 13:21 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-09 13:19 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 01:42 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-09 01:26 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 22:04 - 2012-04-29 10:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 09:52 - 2014-08-08 12:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 09:52 - 2013-09-29 16:54 - 00000000 ____D () C:\Program Files\Avira
2015-02-18 23:20 - 2014-03-03 20:12 - 00000000 ____D () C:\Program Files\MyDrive Connect
2015-02-18 21:07 - 2006-11-02 13:52 - 00110810 _____ () C:\Windows\setupact.log
2015-02-17 20:20 - 2009-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 09:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-14 09:08 - 2006-11-02 13:47 - 00305216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 23:37 - 2013-08-16 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 23:31 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-13 23:16 - 2014-03-03 20:21 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-13 23:14 - 2009-06-09 10:10 - 00000000 ____D () C:\Program Files\Java
2015-02-13 23:13 - 2014-12-20 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-13 23:12 - 2014-12-20 00:35 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-13 23:12 - 2014-12-20 00:35 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-13 23:12 - 2014-12-20 00:35 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-13 23:12 - 2014-12-20 00:35 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-09 17:18 - 2014-03-03 21:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:18 - 2014-03-03 21:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-08-24 21:45 - 2014-08-24 21:45 - 0000036 ____H () C:\Users\Johanna\AppData\Roaming\swk.ini
2010-01-26 20:38 - 2010-01-27 18:33 - 0024227 _____ () C:\Users\Johanna\AppData\Roaming\UserTile.png
2009-09-18 10:33 - 2014-01-06 17:38 - 0001374 _____ () C:\Users\Johanna\AppData\Roaming\wklnhst.dat
2010-11-13 17:05 - 2014-12-11 03:00 - 0000680 _____ () C:\Users\Johanna\AppData\Local\d3d9caps.dat
2009-09-18 12:39 - 2014-12-22 17:27 - 0059904 _____ () C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-29 16:38 - 2012-09-29 16:38 - 0017408 _____ () C:\Users\Johanna\AppData\Local\WebpageIcons.db

Some content of TEMP:
====================
C:\Users\Johanna\AppData\Local\Temp\7o-g3dze.dll
C:\Users\Johanna\AppData\Local\Temp\avgnt.exe
C:\Users\Johanna\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Johanna\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Johanna\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Johanna\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Johanna\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Johanna\AppData\Local\Temp\TEMPRO_2.3.1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 13:27

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2015 01
Ran by Johanna at 2015-03-09 22:55:50
Running from C:\Users\Johanna\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.302.105 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP4 Player  (HKLM\...\MP4 Player) (Version:  - )
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
TeamViewer 4 (HKLM\...\TeamViewer 4) (Version: 4.1.6911  - TeamViewer GmbH)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.0.5.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM\...\{0D8E81A5-B61C-4360-910C-A738FD1B220A}) (Version: 2.31 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.0.50.22C - TOSHIBA) Hidden
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-01-2015 11:50:47 Windows Update
16-01-2015 00:05:06 Geplanter Prüfpunkt
19-01-2015 18:19:35 Geplanter Prüfpunkt
13-02-2015 23:13:50 Windows Update
14-02-2015 09:13:51 Windows Update
17-02-2015 20:17:37 Windows Update
17-02-2015 20:27:44 Windows Update
18-02-2015 21:09:26 Windows Update
06-03-2015 15:43:06 Windows Update
09-03-2015 17:42:03 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15FE9FF6-B2AC-4C8A-ABD3-7296D83B427B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {618D1EB7-DC80-40D0-B519-3E33D46448C4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Johanna => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {6229B155-7319-491A-A250-F35EABB7DD62} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9BA1EF09-F21F-4895-9315-35716D54CCB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-08-17 12:39 - 2009-04-21 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-24 10:39 - 2009-04-24 10:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-01-30 21:11 - 2009-01-30 21:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-03-07 13:15 - 2009-03-07 13:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 10:37 - 2008-07-14 10:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-06-09 10:13 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2008-11-06 18:23 - 2008-11-06 18:23 - 00772096 _____ () C:\Program Files\MP4 Player\Mp4Player.exe
2009-08-17 12:40 - 2009-08-17 12:40 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 09:41 - 2009-01-30 09:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-17 12:40 - 2009-08-17 12:40 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Johanna\Documents\Anmeldung zu Fortbildungen.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-448599090-1542697344-2977108501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Johanna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Administrator (S-1-5-21-448599090-1542697344-2977108501-500 - Administrator - Disabled)
Gast (S-1-5-21-448599090-1542697344-2977108501-501 - Limited - Disabled)
Johanna (S-1-5-21-448599090-1542697344-2977108501-1000 - Administrator - Enabled) => C:\Users\Johanna

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 01:21:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2015 01:18:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 10:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 01:31:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2015 02:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3010851

Error: (03/07/2015 02:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3010851

Error: (03/07/2015 02:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2015 01:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 11.4.0.18, Zeitstempel 0x54045c47, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x3fec0e00,
Prozess-ID 0x11e4, Anwendungsstartzeit iTunes.exe0.

Error: (03/07/2015 00:55:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 148685

Error: (03/07/2015 00:55:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 148685


System errors:
=============
Error: (03/09/2015 01:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/09/2015 01:18:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/08/2015 10:07:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

Error: (03/08/2015 10:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/08/2015 10:04:38 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/08/2015 01:31:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Notebook Performance Tuning Service (TEMPRO)

Error: (03/08/2015 01:31:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/07/2015 00:06:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

Error: (03/07/2015 00:06:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Notebook Performance Tuning Service (TEMPRO)

Error: (03/07/2015 00:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (02/21/2010 08:53:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18326 seconds with 10860 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-09-29 17:34:59.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLKBDFLTX86\klkbdflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:58.990
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLKBDFLTX86\klkbdflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:58.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLKBDFLTX86\klkbdflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:58.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLKBDFLTX86\klkbdflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:57.781
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLMOUFLTX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:57.456
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLMOUFLTX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:57.113
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLMOUFLTX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:56.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLMOUFLTX86\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:55.929
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLTDIX86\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-29 17:34:55.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLTDIX86\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 3035.93 MB
Available physical RAM: 1266.01 MB
Total Pagefile: 6278.13 MB
Available Pagefile: 4309.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.14 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:57.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.84 GB) (Free:171 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 10.03.2015, 19:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2015, 20:51   #5
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Guten Abend,

vielen Dank für die weitere Antwort. Ich habe das erste Programm 1 Mal durchlaufen lassen (Ergebnis steht noch aus, da ich dann abreisen musste). Ich werde das Verfahren nächste Woche Freitag fortführen, da meine Mutter das alleine eher nicht hinbekommen wird. Mittlerweile hat sie von der Telekom auch eine postalische Nachricht bekommen, von daher scheint die Warnung wohl doch echt zu sein :-/


Alt 17.03.2015, 10:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



ok
__________________
--> Telekom Abuse Team - generic Trojaner/Virus

Alt 27.03.2015, 19:45   #7
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



so moin moin =) malware lief nun 2 mal durch, hat nichts gefunden. tds werde ich am sonntag mittag starten. hier noch die beiden logs:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.13.04
  rootkit: v2015.02.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Johanna :: JOHANNA-PC [administrator]

13.03.2015 11:06:42
mbar-log-2015-03-13 (11-06-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 327921
Time elapsed: 43 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.27.08
  rootkit: v2015.03.26.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Johanna :: JOHANNA-PC [administrator]

27.03.2015 18:51:11
mbar-log-2015-03-27 (18-51-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 331651
Time elapsed: 44 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 28.03.2015, 03:34   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



alles klar
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.03.2015, 14:53   #9
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



So der TDSSKiller hat auch nichts gefunden. Ist doch alles in Ordnung oder gibt es nochn Programm? =)

Code:
ATTFilter
14:42:46.0132 0x16a8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:42:51.0175 0x16a8  ============================================================
14:42:51.0175 0x16a8  Current date / time: 2015/03/29 14:42:51.0175
14:42:51.0175 0x16a8  SystemInfo:
14:42:51.0175 0x16a8  
14:42:51.0175 0x16a8  OS Version: 6.0.6002 ServicePack: 2.0
14:42:51.0175 0x16a8  Product type: Workstation
14:42:51.0175 0x16a8  ComputerName: JOHANNA-PC
14:42:51.0176 0x16a8  UserName: Johanna
14:42:51.0176 0x16a8  Windows directory: C:\Windows
14:42:51.0176 0x16a8  System windows directory: C:\Windows
14:42:51.0176 0x16a8  Processor architecture: Intel x86
14:42:51.0176 0x16a8  Number of processors: 2
14:42:51.0176 0x16a8  Page size: 0x1000
14:42:51.0176 0x16a8  Boot type: Normal boot
14:42:51.0176 0x16a8  ============================================================
14:42:51.0993 0x16a8  KLMD registered as C:\Windows\system32\drivers\05707541.sys
14:42:52.0527 0x16a8  System UUID: {AEB1DA4D-7120-6BA0-C1C6-CC50F6A23A62}
14:42:53.0717 0x16a8  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:42:53.0719 0x16a8  ============================================================
14:42:53.0719 0x16a8  \Device\Harddisk0\DR0:
14:42:53.0719 0x16a8  MBR partitions:
14:42:53.0719 0x16a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1749C800
14:42:53.0719 0x16a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1778B000, BlocksNum 0x171AE000
14:42:53.0719 0x16a8  ============================================================
14:42:53.0835 0x16a8  C: <-> \Device\Harddisk0\DR0\Partition1
14:42:53.0895 0x16a8  E: <-> \Device\Harddisk0\DR0\Partition2
14:42:53.0895 0x16a8  ============================================================
14:42:53.0895 0x16a8  Initialize success
14:42:53.0895 0x16a8  ============================================================
14:44:10.0851 0x0a60  ============================================================
14:44:10.0851 0x0a60  Scan started
14:44:10.0851 0x0a60  Mode: Manual; SigCheck; TDLFS; 
14:44:10.0851 0x0a60  ============================================================
14:44:10.0851 0x0a60  KSN ping started
14:44:13.0727 0x0a60  KSN ping finished: true
14:44:57.0478 0x0a60  ================ Scan system memory ========================
14:44:57.0479 0x0a60  System memory - ok
14:44:57.0479 0x0a60  ================ Scan services =============================
14:44:58.0706 0x0a60  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:45:09.0716 0x0a60  ACPI - ok
14:45:10.0438 0x0a60  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:45:10.0463 0x0a60  AdobeARMservice - ok
14:45:11.0159 0x0a60  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:45:11.0180 0x0a60  AdobeFlashPlayerUpdateSvc - ok
14:45:12.0760 0x0a60  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:45:13.0420 0x0a60  adp94xx - ok
14:45:13.0683 0x0a60  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:45:14.0080 0x0a60  adpahci - ok
14:45:14.0160 0x0a60  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:45:14.0183 0x0a60  adpu160m - ok
14:45:14.0399 0x0a60  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:45:14.0417 0x0a60  adpu320 - ok
14:45:14.0548 0x0a60  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:45:15.0998 0x0a60  AeLookupSvc - ok
14:45:16.0378 0x0a60  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
14:45:17.0127 0x0a60  AFD - ok
14:45:17.0722 0x0a60  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:45:17.0751 0x0a60  agp440 - ok
14:45:17.0844 0x0a60  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:45:17.0961 0x0a60  aic78xx - ok
14:45:18.0015 0x0a60  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
14:45:20.0091 0x0a60  ALG - ok
14:45:20.0344 0x0a60  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
14:45:20.0426 0x0a60  aliide - ok
14:45:20.0618 0x0a60  [ 761F38EE3C1146A7434AD72763382544, B9ECCFB92AB1E569E36A7542A6D3D6805B3C4D105C22C84C3A1BC53662D86ED7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:45:20.0804 0x0a60  AMD External Events Utility - ok
14:45:21.0031 0x0a60  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:45:21.0059 0x0a60  amdagp - ok
14:45:21.0169 0x0a60  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
14:45:21.0189 0x0a60  amdide - ok
14:45:21.0578 0x0a60  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:45:22.0028 0x0a60  AmdK7 - ok
14:45:22.0136 0x0a60  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:45:22.0212 0x0a60  AmdK8 - ok
14:45:22.0810 0x0a60  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:45:22.0851 0x0a60  AntiVirSchedulerService - ok
14:45:22.0985 0x0a60  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:45:23.0046 0x0a60  AntiVirService - ok
14:45:23.0634 0x0a60  [ 7983B808D27CEFADD0BCBCAB30736B5B, 5E723476EF71F4C7AFC9E65113F6E78357DC908ED6E09F1142C4DB19B78DC5EF ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:45:23.0772 0x0a60  AntiVirWebService - ok
14:45:23.0840 0x0a60  [ 95116E2BCFAF5A36AF0369050E92B9A5, 34F7D6B2F37379698DAA80FEB98F0EA092968AEE7021E5917019E782CD260FFC ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
14:45:23.0887 0x0a60  ApfiltrService - ok
14:45:24.0033 0x0a60  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
14:45:24.0146 0x0a60  Appinfo - ok
14:45:24.0458 0x0a60  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:45:24.0482 0x0a60  Apple Mobile Device - ok
14:45:24.0553 0x0a60  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
14:45:24.0576 0x0a60  arc - ok
14:45:24.0658 0x0a60  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:45:24.0681 0x0a60  arcsas - ok
14:45:24.0999 0x0a60  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:45:25.0367 0x0a60  aspnet_state - ok
14:45:25.0468 0x0a60  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:25.0566 0x0a60  AsyncMac - ok
14:45:25.0648 0x0a60  [ 9C0E70031905ADBF94EDB9EA14AF943B, 88E4A250C22E919DECEDF1D59566265C473CDFAC97440F25A6D05E6200223194 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:45:25.0679 0x0a60  atapi - ok
14:45:26.0212 0x0a60  [ 53DF058C7115B3E6259954D2A2DBF8E9, 5B405E47124096BE4EC30B9EEDDF93D898D8E50996834FAB3497C1112FD25555 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:45:27.0038 0x0a60  atikmdag - ok
14:45:27.0246 0x0a60  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:27.0512 0x0a60  AudioEndpointBuilder - ok
14:45:27.0593 0x0a60  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:45:27.0639 0x0a60  Audiosrv - ok
14:45:27.0742 0x0a60  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:45:27.0771 0x0a60  avgntflt - ok
14:45:27.0991 0x0a60  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:45:28.0020 0x0a60  avipbb - ok
14:45:28.0191 0x0a60  [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
14:45:28.0215 0x0a60  Avira.OE.ServiceHost - ok
14:45:28.0380 0x0a60  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:45:28.0410 0x0a60  avkmgr - ok
14:45:28.0551 0x0a60  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:45:28.0660 0x0a60  Beep - ok
14:45:28.0785 0x0a60  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
14:45:28.0998 0x0a60  BFE - ok
14:45:29.0190 0x0a60  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
14:45:29.0445 0x0a60  BITS - ok
14:45:29.0496 0x0a60  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:45:29.0592 0x0a60  blbdrive - ok
14:45:29.0712 0x0a60  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:45:29.0767 0x0a60  Bonjour Service - ok
14:45:29.0863 0x0a60  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:45:30.0000 0x0a60  bowser - ok
14:45:30.0144 0x0a60  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:45:30.0223 0x0a60  BrFiltLo - ok
14:45:30.0433 0x0a60  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:45:30.0531 0x0a60  BrFiltUp - ok
14:45:30.0679 0x0a60  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
14:45:30.0763 0x0a60  Browser - ok
14:45:30.0928 0x0a60  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:45:31.0951 0x0a60  Brserid - ok
14:45:31.0978 0x0a60  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:45:32.0098 0x0a60  BrSerWdm - ok
14:45:32.0134 0x0a60  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:45:32.0244 0x0a60  BrUsbMdm - ok
14:45:32.0317 0x0a60  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:45:32.0505 0x0a60  BrUsbSer - ok
14:45:32.0863 0x0a60  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:45:33.0104 0x0a60  BTHMODEM - ok
14:45:33.0473 0x0a60  [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc          C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
14:45:33.0492 0x0a60  camsvc - ok
14:45:33.0586 0x0a60  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:45:33.0729 0x0a60  cdfs - ok
14:45:33.0940 0x0a60  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:45:34.0030 0x0a60  cdrom - ok
14:45:34.0075 0x0a60  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
14:45:34.0163 0x0a60  CertPropSvc - ok
14:45:34.0212 0x0a60  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:45:34.0280 0x0a60  circlass - ok
14:45:34.0370 0x0a60  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
14:45:34.0407 0x0a60  CLFS - ok
14:45:34.0506 0x0a60  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:34.0545 0x0a60  clr_optimization_v2.0.50727_32 - ok
14:45:34.0586 0x0a60  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:45:35.0129 0x0a60  clr_optimization_v4.0.30319_32 - ok
14:45:35.0299 0x0a60  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:45:35.0371 0x0a60  CmBatt - ok
14:45:35.0411 0x0a60  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:45:35.0442 0x0a60  cmdide - ok
14:45:35.0517 0x0a60  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:45:35.0570 0x0a60  Compbatt - ok
14:45:35.0583 0x0a60  COMSysApp - ok
14:45:35.0660 0x0a60  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:45:35.0681 0x0a60  ConfigFree Service - ok
14:45:36.0007 0x0a60  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:45:36.0027 0x0a60  crcdisk - ok
14:45:36.0125 0x0a60  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:45:36.0205 0x0a60  Crusoe - ok
14:45:36.0277 0x0a60  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:45:36.0504 0x0a60  CryptSvc - ok
14:45:36.0684 0x0a60  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:45:36.0846 0x0a60  DcomLaunch - ok
14:45:36.0932 0x0a60  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:45:37.0067 0x0a60  DfsC - ok
14:45:37.0606 0x0a60  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
14:45:38.0636 0x0a60  DFSR - ok
14:45:38.0727 0x0a60  [ 54D0B8343CE8C22412A5F29D32EFD211, D78BF09680FF19523C84E862593B45637D91A079C79CAB63A13726E7ACA8ABBF ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:45:38.0750 0x0a60  dg_ssudbus - ok
14:45:39.0074 0x0a60  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:45:39.0212 0x0a60  Dhcp - ok
14:45:39.0424 0x0a60  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
14:45:39.0545 0x0a60  disk - ok
14:45:39.0634 0x0a60  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:45:39.0748 0x0a60  Dnscache - ok
14:45:39.0789 0x0a60  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
14:45:39.0847 0x0a60  dot3svc - ok
14:45:39.0928 0x0a60  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
14:45:40.0019 0x0a60  DPS - ok
14:45:40.0099 0x0a60  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:45:40.0359 0x0a60  drmkaud - ok
14:45:40.0716 0x0a60  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:45:41.0033 0x0a60  DXGKrnl - ok
14:45:41.0129 0x0a60  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:45:41.0289 0x0a60  E1G60 - ok
14:45:41.0426 0x0a60  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
14:45:41.0468 0x0a60  EapHost - ok
14:45:41.0708 0x0a60  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:45:41.0760 0x0a60  Ecache - ok
14:45:41.0943 0x0a60  [ 3A511ED3C9A9DA2CD5A50FF46178063A, FA8732D1B078E01EC2337BE1997B58B37BC3C39747D932F8CAB1B98C6BC754F5 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:45:42.0135 0x0a60  ehRecvr - ok
14:45:42.0167 0x0a60  [ A3D94C93333619458AF4BDE7531234C5, E01860EDC1AA3D9B58F9EC5BE20838A7C7B0A1F68B0264281AEDD6F5B69AA1BD ] ehSched         C:\Windows\ehome\ehsched.exe
14:45:42.0211 0x0a60  ehSched - ok
14:45:42.0228 0x0a60  [ 487BA5C5BB442BD172F120DC197811C2, C43068044443FFB2368BAD0008DADF5D4218D0DCD9AB9F1D492540DE9CDC7EB9 ] ehstart         C:\Windows\ehome\ehstart.dll
14:45:42.0261 0x0a60  ehstart - ok
14:45:42.0367 0x0a60  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:45:42.0445 0x0a60  elxstor - ok
14:45:42.0626 0x0a60  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:45:43.0052 0x0a60  EMDMgmt - ok
14:45:43.0719 0x0a60  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:45:43.0857 0x0a60  ErrDev - ok
14:45:44.0009 0x0a60  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
14:45:44.0063 0x0a60  EventSystem - ok
14:45:44.0224 0x0a60  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:45:44.0591 0x0a60  exfat - ok
14:45:44.0723 0x0a60  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:45:45.0056 0x0a60  fastfat - ok
14:45:45.0176 0x0a60  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:45:45.0299 0x0a60  fdc - ok
14:45:45.0376 0x0a60  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
14:45:45.0509 0x0a60  fdPHost - ok
14:45:45.0593 0x0a60  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:45:45.0662 0x0a60  FDResPub - ok
14:45:45.0778 0x0a60  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:45:46.0149 0x0a60  FileInfo - ok
14:45:46.0460 0x0a60  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:45:46.0559 0x0a60  Filetrace - ok
14:45:46.0576 0x0a60  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:45:46.0647 0x0a60  flpydisk - ok
14:45:46.0788 0x0a60  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:45:46.0821 0x0a60  FltMgr - ok
14:45:47.0024 0x0a60  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
14:45:47.0627 0x0a60  FontCache - ok
14:45:47.0926 0x0a60  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:45:47.0948 0x0a60  FontCache3.0.0.0 - ok
14:45:48.0182 0x0a60  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:45:48.0383 0x0a60  Fs_Rec - ok
14:45:48.0519 0x0a60  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:45:48.0542 0x0a60  gagp30kx - ok
14:45:48.0639 0x0a60  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:45:48.0656 0x0a60  GEARAspiWDM - ok
14:45:48.0760 0x0a60  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
14:45:49.0210 0x0a60  gpsvc - ok
14:45:49.0584 0x0a60  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:45:49.0628 0x0a60  gusvc - ok
14:45:50.0453 0x0a60  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:45:50.0547 0x0a60  HdAudAddService - ok
14:45:50.0697 0x0a60  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:45:50.0765 0x0a60  HDAudBus - ok
14:45:51.0355 0x0a60  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:45:51.0411 0x0a60  HidBth - ok
14:45:51.0451 0x0a60  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:45:51.0505 0x0a60  HidIr - ok
14:45:51.0550 0x0a60  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
14:45:51.0635 0x0a60  hidserv - ok
14:45:51.0726 0x0a60  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:45:51.0807 0x0a60  HidUsb - ok
14:45:51.0849 0x0a60  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:45:51.0915 0x0a60  hkmsvc - ok
14:45:51.0972 0x0a60  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:45:51.0995 0x0a60  HpCISSs - ok
14:45:52.0099 0x0a60  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:45:52.0319 0x0a60  HTTP - ok
14:45:52.0433 0x0a60  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:45:52.0458 0x0a60  i2omp - ok
14:45:52.0601 0x0a60  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:45:52.0718 0x0a60  i8042prt - ok
14:45:52.0828 0x0a60  [ 71ECC07BC7C5E24C3DD01D8A29A24054, 03BB7E80212B038E26B439F41D757152B00CBC5E20ADE54B0FC903B199B73E88 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:45:52.0854 0x0a60  iaStor - ok
14:45:52.0933 0x0a60  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:45:52.0969 0x0a60  iaStorV - ok
14:45:53.0159 0x0a60  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:45:53.0692 0x0a60  idsvc - ok
14:45:53.0858 0x0a60  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:45:53.0936 0x0a60  iirsp - ok
14:45:54.0245 0x0a60  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:45:54.0783 0x0a60  IKEEXT - ok
14:45:55.0683 0x0a60  [ 2E4F8AD76CB1203D68DB6E8F02E4AF74, 88224DFD93408E8345644D8C65429C300229EE5D457F45F27DEFF4E4E0F871EF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:45:57.0447 0x0a60  IntcAzAudAddService - ok
14:45:58.0164 0x0a60  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
14:45:58.0190 0x0a60  intelide - ok
14:45:58.0319 0x0a60  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:45:58.0390 0x0a60  intelppm - ok
14:45:58.0491 0x0a60  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:45:58.0591 0x0a60  IPBusEnum - ok
14:45:59.0181 0x0a60  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:45:59.0318 0x0a60  IpFilterDriver - ok
14:45:59.0385 0x0a60  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:45:59.0462 0x0a60  iphlpsvc - ok
14:45:59.0470 0x0a60  IpInIp - ok
14:45:59.0553 0x0a60  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:45:59.0616 0x0a60  IPMIDRV - ok
14:45:59.0669 0x0a60  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:45:59.0726 0x0a60  IPNAT - ok
14:46:00.0979 0x0a60  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:46:01.0081 0x0a60  iPod Service - ok
14:46:01.0146 0x0a60  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:46:01.0297 0x0a60  IRENUM - ok
14:46:01.0367 0x0a60  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:46:01.0405 0x0a60  isapnp - ok
14:46:01.0455 0x0a60  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:46:01.0494 0x0a60  iScsiPrt - ok
14:46:01.0550 0x0a60  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:46:01.0581 0x0a60  iteatapi - ok
14:46:01.0653 0x0a60  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:46:01.0678 0x0a60  iteraid - ok
14:46:01.0746 0x0a60  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:46:01.0775 0x0a60  kbdclass - ok
14:46:01.0966 0x0a60  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:46:02.0029 0x0a60  kbdhid - ok
14:46:02.0098 0x0a60  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
14:46:02.0345 0x0a60  KeyIso - ok
14:46:02.0489 0x0a60  [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:46:02.0555 0x0a60  KSecDD - ok
14:46:02.0648 0x0a60  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:46:02.0847 0x0a60  KtmRm - ok
14:46:02.0982 0x0a60  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:46:03.0181 0x0a60  LanmanServer - ok
14:46:03.0427 0x0a60  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:46:03.0578 0x0a60  LanmanWorkstation - ok
14:46:03.0677 0x0a60  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:46:03.0863 0x0a60  lltdio - ok
14:46:04.0019 0x0a60  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:46:04.0168 0x0a60  lltdsvc - ok
14:46:04.0198 0x0a60  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:46:04.0256 0x0a60  lmhosts - ok
14:46:04.0334 0x0a60  [ 31F74D5D47EEA83E5E89447586917774, 5B8C99FDC77E8782A4362907424432A36AAA487756CA3E6CCC7E0F9759662145 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
14:46:04.0442 0x0a60  LPCFilter - ok
14:46:04.0497 0x0a60  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:46:04.0523 0x0a60  LSI_FC - ok
14:46:04.0573 0x0a60  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:46:04.0598 0x0a60  LSI_SAS - ok
14:46:04.0648 0x0a60  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:46:04.0675 0x0a60  LSI_SCSI - ok
14:46:04.0708 0x0a60  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:46:04.0779 0x0a60  luafv - ok
14:46:04.0838 0x0a60  [ 3BD2AD18179DEAD6652E87157FB98E4A, 66416F10BF5E29CA8E47D8DB8A906164669C722EDF985598A605C096A92A87AF ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:46:04.0884 0x0a60  Mcx2Svc - ok
14:46:04.0949 0x0a60  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
14:46:04.0998 0x0a60  megasas - ok
14:46:05.0250 0x0a60  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:46:05.0302 0x0a60  MegaSR - ok
14:46:05.0387 0x0a60  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
14:46:05.0442 0x0a60  MMCSS - ok
14:46:05.0478 0x0a60  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
14:46:05.0593 0x0a60  Modem - ok
14:46:05.0679 0x0a60  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:46:05.0759 0x0a60  monitor - ok
14:46:05.0784 0x0a60  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:46:05.0814 0x0a60  mouclass - ok
14:46:05.0859 0x0a60  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:46:05.0936 0x0a60  mouhid - ok
14:46:05.0969 0x0a60  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:46:05.0993 0x0a60  MountMgr - ok
14:46:06.0125 0x0a60  [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:46:06.0164 0x0a60  MozillaMaintenance - ok
14:46:06.0195 0x0a60  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:46:06.0221 0x0a60  mpio - ok
14:46:06.0240 0x0a60  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:46:06.0564 0x0a60  mpsdrv - ok
14:46:06.0672 0x0a60  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:46:06.0763 0x0a60  MpsSvc - ok
14:46:06.0886 0x0a60  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:46:06.0909 0x0a60  Mraid35x - ok
14:46:06.0962 0x0a60  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:46:07.0163 0x0a60  MRxDAV - ok
14:46:07.0242 0x0a60  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:46:07.0424 0x0a60  mrxsmb - ok
14:46:07.0707 0x0a60  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:46:07.0773 0x0a60  mrxsmb10 - ok
14:46:07.0895 0x0a60  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:46:08.0069 0x0a60  mrxsmb20 - ok
14:46:08.0158 0x0a60  [ AA305CFF241DA187BD5077DE4A2A043D, 1D0FAE34A617E350DA6B0A2380AD4522EFF78F1CC02BE1199023F5CCD465411D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:46:08.0188 0x0a60  msahci - ok
14:46:08.0295 0x0a60  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:46:08.0480 0x0a60  msdsm - ok
14:46:08.0957 0x0a60  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
14:46:09.0038 0x0a60  MSDTC - ok
14:46:09.0100 0x0a60  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:46:09.0186 0x0a60  Msfs - ok
14:46:09.0331 0x0a60  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:46:09.0354 0x0a60  msisadrv - ok
14:46:09.0409 0x0a60  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:46:09.0508 0x0a60  MSiSCSI - ok
14:46:09.0514 0x0a60  msiserver - ok
14:46:09.0595 0x0a60  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:46:09.0648 0x0a60  MSKSSRV - ok
14:46:09.0739 0x0a60  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:46:09.0794 0x0a60  MSPCLOCK - ok
14:46:09.0851 0x0a60  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:46:09.0922 0x0a60  MSPQM - ok
14:46:10.0021 0x0a60  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:46:10.0049 0x0a60  MsRPC - ok
14:46:10.0163 0x0a60  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:46:10.0178 0x0a60  mssmbios - ok
14:46:10.0358 0x0a60  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:46:10.0405 0x0a60  MSTEE - ok
14:46:10.0489 0x0a60  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:46:10.0514 0x0a60  Mup - ok
14:46:10.0661 0x0a60  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
14:46:10.0709 0x0a60  napagent - ok
14:46:10.0804 0x0a60  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:46:10.0833 0x0a60  NativeWifiP - ok
14:46:11.0059 0x0a60  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:46:11.0099 0x0a60  NDIS - ok
14:46:11.0282 0x0a60  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:46:11.0485 0x0a60  NdisTapi - ok
14:46:11.0514 0x0a60  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:46:11.0545 0x0a60  Ndisuio - ok
14:46:11.0633 0x0a60  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:46:11.0718 0x0a60  NdisWan - ok
14:46:12.0101 0x0a60  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:46:12.0129 0x0a60  NDProxy - ok
14:46:12.0285 0x0a60  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:46:12.0324 0x0a60  NetBIOS - ok
14:46:12.0458 0x0a60  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:46:12.0591 0x0a60  netbt - ok
14:46:12.0647 0x0a60  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
14:46:12.0697 0x0a60  Netlogon - ok
14:46:12.0786 0x0a60  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
14:46:12.0876 0x0a60  Netman - ok
14:46:12.0981 0x0a60  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:13.0177 0x0a60  NetMsmqActivator - ok
14:46:13.0281 0x0a60  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:13.0303 0x0a60  NetPipeActivator - ok
14:46:13.0380 0x0a60  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
14:46:13.0560 0x0a60  netprofm - ok
14:46:13.0626 0x0a60  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:13.0645 0x0a60  NetTcpActivator - ok
14:46:13.0653 0x0a60  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:46:13.0675 0x0a60  NetTcpPortSharing - ok
14:46:14.0339 0x0a60  [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:46:17.0089 0x0a60  NETw5v32 - ok
14:46:17.0188 0x0a60  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:46:17.0227 0x0a60  nfrd960 - ok
14:46:17.0381 0x0a60  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:46:17.0482 0x0a60  NlaSvc - ok
14:46:17.0545 0x0a60  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:46:17.0578 0x0a60  Npfs - ok
14:46:17.0655 0x0a60  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
14:46:17.0783 0x0a60  nsi - ok
14:46:17.0851 0x0a60  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:46:17.0926 0x0a60  nsiproxy - ok
14:46:18.0266 0x0a60  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:46:19.0305 0x0a60  Ntfs - ok
14:46:19.0382 0x0a60  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:46:19.0504 0x0a60  ntrigdigi - ok
14:46:19.0552 0x0a60  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
14:46:19.0688 0x0a60  Null - ok
14:46:19.0718 0x0a60  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:46:19.0767 0x0a60  nvraid - ok
14:46:19.0806 0x0a60  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:46:19.0855 0x0a60  nvstor - ok
14:46:19.0900 0x0a60  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:46:19.0921 0x0a60  nv_agp - ok
14:46:19.0927 0x0a60  NwlnkFlt - ok
14:46:19.0936 0x0a60  NwlnkFwd - ok
14:46:20.0162 0x0a60  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:20.0207 0x0a60  odserv - ok
14:46:20.0285 0x0a60  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:46:20.0521 0x0a60  ohci1394 - ok
14:46:20.0869 0x0a60  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:20.0898 0x0a60  ose - ok
14:46:21.0308 0x0a60  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:46:21.0535 0x0a60  p2pimsvc - ok
14:46:21.0574 0x0a60  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:46:21.0612 0x0a60  p2psvc - ok
14:46:21.0671 0x0a60  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
14:46:21.0733 0x0a60  Parport - ok
14:46:21.0867 0x0a60  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:46:21.0891 0x0a60  partmgr - ok
14:46:21.0978 0x0a60  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:46:22.0054 0x0a60  Parvdm - ok
14:46:22.0171 0x0a60  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:46:22.0394 0x0a60  PcaSvc - ok
14:46:22.0470 0x0a60  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
14:46:22.0496 0x0a60  pci - ok
14:46:22.0567 0x0a60  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
14:46:22.0592 0x0a60  pciide - ok
14:46:22.0668 0x0a60  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:46:22.0723 0x0a60  pcmcia - ok
14:46:23.0253 0x0a60  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:46:23.0632 0x0a60  PEAUTH - ok
14:46:23.0674 0x0a60  [ 28F7FFFF50C474CF8BE16A2CACC7CE42, E17F79BD51BED437A02F2E48A73E1DB668D8173996C2193DE15643FE2251E8E7 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
14:46:23.0732 0x0a60  PGEffect - ok
14:46:24.0009 0x0a60  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
14:46:24.0480 0x0a60  pla - ok
14:46:24.0644 0x0a60  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:46:24.0747 0x0a60  PlugPlay - ok
14:46:24.0930 0x0a60  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:46:25.0034 0x0a60  PNRPAutoReg - ok
14:46:25.0082 0x0a60  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:46:25.0458 0x0a60  PNRPsvc - ok
14:46:25.0539 0x0a60  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:46:25.0586 0x0a60  PolicyAgent - ok
14:46:25.0626 0x0a60  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:46:25.0677 0x0a60  PptpMiniport - ok
14:46:25.0753 0x0a60  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
14:46:25.0865 0x0a60  Processor - ok
14:46:25.0913 0x0a60  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:46:25.0974 0x0a60  ProfSvc - ok
14:46:25.0987 0x0a60  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
14:46:26.0003 0x0a60  ProtectedStorage - ok
14:46:26.0038 0x0a60  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:46:26.0082 0x0a60  PSched - ok
14:46:26.0105 0x0a60  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:46:26.0128 0x0a60  PxHelp20 - ok
14:46:26.0398 0x0a60  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:46:26.0660 0x0a60  ql2300 - ok
14:46:26.0794 0x0a60  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:46:26.0820 0x0a60  ql40xx - ok
14:46:26.0889 0x0a60  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
14:46:26.0942 0x0a60  QWAVE - ok
14:46:26.0980 0x0a60  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:46:27.0000 0x0a60  QWAVEdrv - ok
14:46:27.0013 0x0a60  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:46:27.0064 0x0a60  RasAcd - ok
14:46:27.0109 0x0a60  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
14:46:27.0163 0x0a60  RasAuto - ok
14:46:27.0275 0x0a60  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:46:27.0330 0x0a60  Rasl2tp - ok
14:46:27.0438 0x0a60  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
14:46:27.0501 0x0a60  RasMan - ok
14:46:27.0539 0x0a60  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:46:27.0577 0x0a60  RasPppoe - ok
14:46:27.0602 0x0a60  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:46:27.0625 0x0a60  RasSstp - ok
14:46:27.0701 0x0a60  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:46:27.0843 0x0a60  rdbss - ok
14:46:28.0223 0x0a60  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:46:28.0279 0x0a60  RDPCDD - ok
14:46:28.0425 0x0a60  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:46:28.0475 0x0a60  rdpdr - ok
14:46:28.0490 0x0a60  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:46:28.0548 0x0a60  RDPENCDD - ok
14:46:28.0629 0x0a60  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:46:28.0712 0x0a60  RDPWD - ok
14:46:28.0848 0x0a60  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:46:28.0892 0x0a60  RemoteAccess - ok
14:46:28.0939 0x0a60  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:46:28.0993 0x0a60  RemoteRegistry - ok
14:46:29.0031 0x0a60  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
14:46:29.0202 0x0a60  RpcLocator - ok
14:46:29.0245 0x0a60  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
14:46:29.0345 0x0a60  RpcSs - ok
14:46:29.0400 0x0a60  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:46:29.0441 0x0a60  rspndr - ok
14:46:29.0482 0x0a60  [ D85DA4371AF61359EDFCA4EA06619DD4, 8A0EFCEF8909B9DC17046C299B3E3597F60D1C7052F6A3D5B98B8B8091D04E15 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
14:46:29.0543 0x0a60  RTHDMIAzAudService - ok
14:46:29.0646 0x0a60  [ 470253597930E765DD08B30E723C1FA2, A39E48ED2130D3DB00010F3B8A2F688AA928A1E02064171FFD64F7F0BF402C59 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
14:46:29.0746 0x0a60  RTL8169 - ok
14:46:29.0875 0x0a60  [ 52532A4CA8B251775DECC87C4813ABFB, D10633C8BFF66A1CF855E86157B93E48AC4E5BF380CDA8C3C1061CA6A8DA0030 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
14:46:29.0974 0x0a60  RTSTOR - ok
14:46:29.0999 0x0a60  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
14:46:30.0020 0x0a60  SamSs - ok
14:46:30.0100 0x0a60  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:46:30.0121 0x0a60  sbp2port - ok
14:46:30.0154 0x0a60  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:46:30.0180 0x0a60  SCardSvr - ok
14:46:30.0333 0x0a60  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
14:46:30.0451 0x0a60  Schedule - ok
14:46:30.0501 0x0a60  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:46:30.0522 0x0a60  SCPolicySvc - ok
14:46:30.0571 0x0a60  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:46:30.0660 0x0a60  SDRSVC - ok
14:46:30.0707 0x0a60  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:46:30.0815 0x0a60  secdrv - ok
14:46:30.0863 0x0a60  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
14:46:30.0938 0x0a60  seclogon - ok
14:46:31.0005 0x0a60  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
14:46:31.0037 0x0a60  SENS - ok
14:46:31.0107 0x0a60  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:46:31.0157 0x0a60  Serenum - ok
14:46:31.0204 0x0a60  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
14:46:31.0258 0x0a60  Serial - ok
14:46:31.0277 0x0a60  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:46:31.0311 0x0a60  sermouse - ok
14:46:31.0361 0x0a60  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:46:31.0395 0x0a60  SessionEnv - ok
14:46:31.0424 0x0a60  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:46:31.0449 0x0a60  sffdisk - ok
14:46:31.0494 0x0a60  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:46:31.0542 0x0a60  sffp_mmc - ok
14:46:31.0579 0x0a60  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:46:31.0674 0x0a60  sffp_sd - ok
14:46:31.0700 0x0a60  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:46:31.0761 0x0a60  sfloppy - ok
14:46:31.0826 0x0a60  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:46:31.0896 0x0a60  SharedAccess - ok
14:46:31.0977 0x0a60  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:46:32.0063 0x0a60  ShellHWDetection - ok
14:46:32.0115 0x0a60  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:46:32.0137 0x0a60  sisagp - ok
14:46:32.0164 0x0a60  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:46:32.0188 0x0a60  SiSRaid2 - ok
14:46:32.0216 0x0a60  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:46:32.0282 0x0a60  SiSRaid4 - ok
14:46:32.0709 0x0a60  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:46:32.0734 0x0a60  SkypeUpdate - ok
14:46:33.0977 0x0a60  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
14:46:35.0690 0x0a60  slsvc - ok
14:46:35.0740 0x0a60  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:46:35.0767 0x0a60  SLUINotify - ok
14:46:35.0796 0x0a60  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:46:35.0900 0x0a60  Smb - ok
14:46:35.0960 0x0a60  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:46:35.0997 0x0a60  SNMPTRAP - ok
14:46:36.0196 0x0a60  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:46:36.0231 0x0a60  spldr - ok
14:46:36.0280 0x0a60  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
14:46:36.0355 0x0a60  Spooler - ok
14:46:36.0452 0x0a60  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:46:36.0708 0x0a60  srv - ok
14:46:36.0992 0x0a60  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:46:37.0151 0x0a60  srv2 - ok
14:46:37.0249 0x0a60  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:46:37.0293 0x0a60  srvnet - ok
14:46:37.0423 0x0a60  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:46:37.0468 0x0a60  SSDPSRV - ok
14:46:37.0650 0x0a60  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:46:37.0666 0x0a60  ssmdrv - ok
14:46:37.0726 0x0a60  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:46:37.0761 0x0a60  SstpSvc - ok
14:46:37.0946 0x0a60  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
14:46:38.0078 0x0a60  stisvc - ok
14:46:38.0112 0x0a60  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:46:38.0131 0x0a60  swenum - ok
14:46:38.0257 0x0a60  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
14:46:38.0313 0x0a60  swprv - ok
14:46:38.0341 0x0a60  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:46:38.0381 0x0a60  Symc8xx - ok
14:46:38.0445 0x0a60  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:46:38.0464 0x0a60  Sym_hi - ok
14:46:38.0476 0x0a60  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:46:38.0536 0x0a60  Sym_u3 - ok
14:46:38.0656 0x0a60  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
14:46:38.0722 0x0a60  SysMain - ok
14:46:38.0784 0x0a60  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:46:42.0295 0x0a60  TabletInputService - ok
14:46:42.0400 0x0a60  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:46:42.0597 0x0a60  TapiSrv - ok
14:46:43.0163 0x0a60  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
14:46:43.0242 0x0a60  TBS - ok
14:46:43.0448 0x0a60  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:46:43.0654 0x0a60  Tcpip - ok
14:46:43.0690 0x0a60  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:46:43.0851 0x0a60  Tcpip6 - ok
14:46:43.0871 0x0a60  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:46:44.0194 0x0a60  tcpipreg - ok
14:46:44.0240 0x0a60  [ 6FDFBA25002CE4BAC463AC866AE71405, E2952EA6E10543910931612D8AC18D340589C2AC88CF059F65866189CA03602A ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:46:44.0267 0x0a60  tdcmdpst - ok
14:46:44.0317 0x0a60  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:46:44.0347 0x0a60  TDPIPE - ok
14:46:44.0382 0x0a60  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:46:44.0418 0x0a60  TDTCP - ok
14:46:44.0538 0x0a60  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:46:44.0694 0x0a60  tdx - ok
14:46:44.0887 0x0a60  [ 392E619012F752D071910917E9307CC9, 8E65033667EAB5D8989808A6E217697BB20BADD3649B0CD2FB62720E9D26C4A6 ] TeamViewer4     C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
14:46:44.0913 0x0a60  TeamViewer4 - ok
14:46:45.0090 0x0a60  [ 24EA631FEC13E87AFE07A2B28732EF38, 7BF70BBAA340DC50B49FC8BBFD73D920B108FAE5D8389114D76136D31C13E618 ] TemproMonitoringService C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
14:46:45.0109 0x0a60  TemproMonitoringService - ok
14:46:45.0237 0x0a60  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:46:45.0305 0x0a60  TermDD - ok
14:46:45.0531 0x0a60  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
14:46:45.0648 0x0a60  TermService - ok
14:46:45.0741 0x0a60  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
14:46:45.0778 0x0a60  Themes - ok
14:46:45.0802 0x0a60  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
14:46:45.0849 0x0a60  THREADORDER - ok
14:46:45.0960 0x0a60  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:46:45.0980 0x0a60  TMachInfo - ok
14:46:46.0083 0x0a60  [ 22BC804EFE155F54252F389B0781D7F2, 10E88C4E4CF3170DDD9D778FFBB4FC04C4D0FBC8E7781D4CD79B600564E4022C ] TNaviSrv        C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:46:46.0105 0x0a60  TNaviSrv - ok
14:46:46.0157 0x0a60  [ C5AC715B65B01788ABC22D10749DDDD8, 3237B8CBEA645F550CE588511BC7085358B3D1358D46AF5EED65F3BAC5174195 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
14:46:46.0183 0x0a60  TODDSrv - ok
14:46:46.0325 0x0a60  [ 5557E7F940CBCF09BE43379F551F6689, F20501196075FF9FF0992DB29F0D79391554F729B90BF3312A320E8CF67665A8 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:46:46.0366 0x0a60  TosCoSrv - ok
14:46:46.0519 0x0a60  [ 9D1C30CE9F1A8488D5D9102C0820743D, 6AFC48B1E4A2B298223A11DE874DEBB81F14500D02404FBDE3FE919ADBE5D824 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:46:46.0540 0x0a60  TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic ( 1 )
14:46:49.0266 0x0a60  Detect skipped due to KSN trusted
14:46:49.0266 0x0a60  TOSHIBA eco Utility Service - ok
14:46:49.0678 0x0a60  [ B792D35B8BDC5FC4106808FF5C7770AB, BCC0999360B9CB431DCFD6A6ED3E9BD83EFDEF0E18055C61A2EB170C15389DB0 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:46:49.0717 0x0a60  TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic ( 1 )
14:46:52.0438 0x0a60  Detect skipped due to KSN trusted
14:46:52.0438 0x0a60  TOSHIBA HDD SSD Alert Service - ok
14:46:52.0727 0x0a60  [ 4399A9BF7D8F49991A07FD86590A1619, D591D12EC3792B0B649944722BBBEBBB8B0D3346FCC8FC4B4B34799266AD2910 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
14:46:52.0754 0x0a60  tos_sps32 - ok
14:46:52.0820 0x0a60  [ 1A6FA701F66B58192B814570322521B2, 9F75C4CA828F4E68611410A097410E8D86601351B9C2A8A23986DAA7AA1DBE30 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:46:52.0852 0x0a60  TPCHSrv - ok
14:46:52.0907 0x0a60  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
14:46:52.0973 0x0a60  TrkWks - ok
14:46:53.0054 0x0a60  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:46:53.0111 0x0a60  TrustedInstaller - ok
14:46:53.0276 0x0a60  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:46:53.0557 0x0a60  tssecsrv - ok
14:46:53.0591 0x0a60  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:46:53.0666 0x0a60  tunmp - ok
14:46:53.0809 0x0a60  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:46:53.0857 0x0a60  tunnel - ok
14:46:53.0898 0x0a60  [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:46:53.0917 0x0a60  TVALZ - ok
14:46:54.0017 0x0a60  [ 009AECD4C19209B09669A6615EA1E889, 58AEB6CEA36EB5B5A1F22392382773E812D22967C9A107FE03A43C899DBF6DD6 ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
14:46:54.0036 0x0a60  TVALZFL - ok
14:46:54.0194 0x0a60  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:46:54.0240 0x0a60  uagp35 - ok
14:46:54.0304 0x0a60  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:46:54.0344 0x0a60  udfs - ok
14:46:54.0528 0x0a60  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:46:54.0622 0x0a60  UI0Detect - ok
14:46:54.0663 0x0a60  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:46:54.0684 0x0a60  uliagpkx - ok
14:46:54.0719 0x0a60  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:46:54.0748 0x0a60  uliahci - ok
14:46:54.0810 0x0a60  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:46:54.0832 0x0a60  UlSata - ok
14:46:54.0864 0x0a60  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:46:54.0889 0x0a60  ulsata2 - ok
14:46:54.0966 0x0a60  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:46:55.0030 0x0a60  umbus - ok
14:46:55.0105 0x0a60  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
14:46:55.0171 0x0a60  upnphost - ok
14:46:55.0276 0x0a60  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:46:55.0398 0x0a60  USBAAPL - ok
14:46:55.0492 0x0a60  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:46:55.0624 0x0a60  usbccgp - ok
14:46:55.0673 0x0a60  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:46:55.0755 0x0a60  usbcir - ok
14:46:55.0803 0x0a60  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:46:55.0824 0x0a60  usbehci - ok
14:46:55.0885 0x0a60  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:46:56.0021 0x0a60  usbhub - ok
14:46:56.0061 0x0a60  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:46:56.0117 0x0a60  usbohci - ok
14:46:56.0309 0x0a60  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:46:56.0377 0x0a60  usbprint - ok
14:46:56.0508 0x0a60  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:46:56.0646 0x0a60  usbscan - ok
14:46:56.0715 0x0a60  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:46:56.0784 0x0a60  USBSTOR - ok
14:46:56.0814 0x0a60  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:46:56.0886 0x0a60  usbuhci - ok
14:46:57.0015 0x0a60  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:46:57.0195 0x0a60  usbvideo - ok
14:46:57.0453 0x0a60  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
14:46:57.0656 0x0a60  usb_rndisx - ok
14:46:57.0729 0x0a60  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
14:46:57.0783 0x0a60  UxSms - ok
14:46:57.0883 0x0a60  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
14:46:57.0983 0x0a60  vds - ok
14:46:58.0050 0x0a60  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:46:58.0109 0x0a60  vga - ok
14:46:58.0192 0x0a60  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:46:58.0255 0x0a60  VgaSave - ok
14:46:58.0313 0x0a60  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:46:58.0336 0x0a60  viaagp - ok
14:46:58.0408 0x0a60  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:46:58.0444 0x0a60  ViaC7 - ok
14:46:58.0488 0x0a60  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
14:46:58.0502 0x0a60  viaide - ok
14:46:58.0584 0x0a60  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:46:58.0607 0x0a60  volmgr - ok
14:46:58.0714 0x0a60  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:46:58.0741 0x0a60  volmgrx - ok
14:46:58.0826 0x0a60  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:46:58.0859 0x0a60  volsnap - ok
14:46:58.0957 0x0a60  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:46:58.0981 0x0a60  vsmraid - ok
14:46:59.0090 0x0a60  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
14:46:59.0180 0x0a60  VSS - ok
14:46:59.0271 0x0a60  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
14:46:59.0312 0x0a60  W32Time - ok
14:46:59.0403 0x0a60  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:46:59.0571 0x0a60  WacomPen - ok
14:46:59.0612 0x0a60  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:46:59.0668 0x0a60  Wanarp - ok
14:46:59.0673 0x0a60  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:46:59.0695 0x0a60  Wanarpv6 - ok
14:46:59.0764 0x0a60  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:46:59.0799 0x0a60  wcncsvc - ok
14:46:59.0838 0x0a60  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:46:59.0883 0x0a60  WcsPlugInService - ok
14:46:59.0950 0x0a60  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
14:46:59.0969 0x0a60  Wd - ok
14:47:00.0030 0x0a60  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:47:00.0088 0x0a60  Wdf01000 - ok
14:47:00.0134 0x0a60  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:47:00.0188 0x0a60  WdiServiceHost - ok
14:47:00.0193 0x0a60  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:47:00.0224 0x0a60  WdiSystemHost - ok
14:47:00.0258 0x0a60  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
14:47:00.0284 0x0a60  WebClient - ok
14:47:00.0330 0x0a60  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:47:00.0407 0x0a60  Wecsvc - ok
14:47:00.0458 0x0a60  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:47:00.0495 0x0a60  wercplsupport - ok
14:47:00.0538 0x0a60  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:47:00.0564 0x0a60  WerSvc - ok
14:47:00.0896 0x0a60  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:47:00.0926 0x0a60  WinDefend - ok
14:47:00.0935 0x0a60  WinHttpAutoProxySvc - ok
14:47:01.0036 0x0a60  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:47:01.0065 0x0a60  Winmgmt - ok
14:47:01.0397 0x0a60  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:47:01.0530 0x0a60  WinRM - ok
14:47:01.0673 0x0a60  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:47:01.0747 0x0a60  Wlansvc - ok
14:47:02.0002 0x0a60  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:47:02.0108 0x0a60  wlidsvc - ok
14:47:02.0179 0x0a60  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:47:02.0232 0x0a60  WmiAcpi - ok
14:47:02.0309 0x0a60  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:47:02.0391 0x0a60  wmiApSrv - ok
14:47:02.0636 0x0a60  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:47:02.0751 0x0a60  WMPNetworkSvc - ok
14:47:02.0832 0x0a60  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:47:02.0921 0x0a60  WPCSvc - ok
14:47:02.0970 0x0a60  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:47:03.0028 0x0a60  WPDBusEnum - ok
14:47:03.0056 0x0a60  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:47:03.0072 0x0a60  WpdUsb - ok
14:47:03.0185 0x0a60  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:47:03.0228 0x0a60  WPFFontCache_v0400 - ok
14:47:03.0265 0x0a60  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:47:03.0328 0x0a60  ws2ifsl - ok
14:47:03.0391 0x0a60  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:47:03.0436 0x0a60  wscsvc - ok
14:47:03.0440 0x0a60  WSearch - ok
14:47:03.0846 0x0a60  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:47:03.0956 0x0a60  wuauserv - ok
14:47:04.0180 0x0a60  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:47:04.0239 0x0a60  WudfPf - ok
14:47:04.0267 0x0a60  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:47:04.0342 0x0a60  WUDFRd - ok
14:47:04.0373 0x0a60  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:47:04.0425 0x0a60  wudfsvc - ok
14:47:04.0453 0x0a60  ================ Scan global ===============================
14:47:04.0483 0x0a60  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
14:47:04.0546 0x0a60  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
14:47:04.0571 0x0a60  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
14:47:04.0647 0x0a60  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
14:47:04.0658 0x0a60  [ Global ] - ok
14:47:04.0661 0x0a60  ================ Scan MBR ==================================
14:47:04.0680 0x0a60  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:47:06.0724 0x0a60  \Device\Harddisk0\DR0 - ok
14:47:06.0725 0x0a60  ================ Scan VBR ==================================
14:47:06.0765 0x0a60  [ C78B7C73AE1341DDE26AFE6294033CAD ] \Device\Harddisk0\DR0\Partition1
14:47:06.0874 0x0a60  \Device\Harddisk0\DR0\Partition1 - ok
14:47:06.0909 0x0a60  [ 6B6324ECC14244BDA7C9ED852AFBD197 ] \Device\Harddisk0\DR0\Partition2
14:47:08.0509 0x0a60  \Device\Harddisk0\DR0\Partition2 - ok
14:47:08.0510 0x0a60  ================ Scan generic autorun ======================
14:47:08.0622 0x0a60  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
14:47:08.0701 0x0a60  Windows Defender - ok
14:47:08.0833 0x0a60  [ 82E781852BDE2A7180FA0BF5A1D653B9, 1CF54EA7E0AF554C9A8644AF904397BCB34F10DD99F71F198728C23B134E70EF ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
14:47:08.0907 0x0a60  HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
14:47:11.0746 0x0a60  Detect skipped due to KSN trusted
14:47:11.0746 0x0a60  HWSetup - ok
14:47:11.0786 0x0a60  [ 81CC023D8EE53F137AEB735717CEA919, 7E2FC912BDEC160B37B459346A778CF62D03A4910D807C9810FDC7FBB9AA1CB2 ] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
14:47:11.0851 0x0a60  SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
14:47:14.0708 0x0a60  Detect skipped due to KSN trusted
14:47:14.0708 0x0a60  SVPWUTIL - ok
14:47:14.0744 0x0a60  [ C5B2679B0AE204FDD0415199B7AFEF20, A488839697F72F5E914DC87077F196F355E4AA85A5AC9C555D67BB47CC198750 ] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
14:47:14.0754 0x0a60  KeNotify - ok
14:47:14.0954 0x0a60  [ 5C639276655D8AE95C9F1C6C98CA9116, BA62781527B7EEBD3FE00C037DF144C575F867E45C29099E40F03B3C495C95EF ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
14:47:15.0186 0x0a60  TosSENotify - detected UnsignedFile.Multi.Generic ( 1 )
14:47:18.0044 0x0a60  Detect skipped due to KSN trusted
14:47:18.0044 0x0a60  TosSENotify - ok
14:47:19.0077 0x0a60  [ C8BB9FD980C413AFCAD221940D6B0A95, 98C3CBC8DABD9AC6AA3E9BC179D076268B183E51D4C447E8644B7D0B91211D10 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
14:47:19.0393 0x0a60  RtHDVCpl - ok
14:47:19.0701 0x0a60  [ 9C00C20E9763CB54BFBBD82B7058E5E4, 00CCB43ECC50F4FCBB8B7A4DF86CB4EBC25FFDC9032475AB0A28B9962CB37CF0 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:47:19.0709 0x0a60  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
14:47:23.0220 0x0a60  Detect skipped due to KSN trusted
14:47:23.0220 0x0a60  StartCCC - ok
14:47:23.0266 0x0a60  [ 91F4CDB6AE8F978EFCE5DDE4264BEB79, 095F036939BBD77FA51CF165868FCA263A4CA4966CB73153BCEC371C5EA4DE18 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
14:47:23.0289 0x0a60  TPwrMain - ok
14:47:23.0351 0x0a60  [ 1694B28EBF704C0C0DA037EA65CD051F, E3E1E58409B2B738FE7ED972F725C02606B18F4EDC848DCB91EF472FB39EDD31 ] C:\Program Files\TOSHIBA\TBS\HSON.exe
14:47:23.0361 0x0a60  HSON - ok
14:47:23.0404 0x0a60  [ C1344BCC06A3161C9D86F05612F720C4, F63261FA914D90AAF509D57577D9B6530FC9F9FEDA2CDBC82FDEF64ABF59F679 ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
14:47:23.0446 0x0a60  SmoothView - detected UnsignedFile.Multi.Generic ( 1 )
14:47:26.0544 0x0a60  Detect skipped due to KSN trusted
14:47:26.0544 0x0a60  SmoothView - ok
14:47:26.0658 0x0a60  [ 543E009B1465864D9AE7C6F25DCFA83A, 37548EDC7FED7B0AF181FA7D4ABD6219205F1FECF437C787570EFF89D249B8C8 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
14:47:26.0920 0x0a60  00TCrdMain - detected UnsignedFile.Multi.Generic ( 1 )
14:47:29.0777 0x0a60  Detect skipped due to KSN trusted
14:47:29.0777 0x0a60  00TCrdMain - ok
14:47:29.0847 0x0a60  [ 7229B9EED3F44B0F9E8AA74D8CA2212F, BA30B8F829DF2EA7D0E033D87596B2065D82DC5495400B4B880C9B95636A21E6 ] C:\Program Files\Apoint2K\Apoint.exe
14:47:29.0906 0x0a60  Apoint - ok
14:47:29.0938 0x0a60  [ 532CBBE5848770281CF40909DD06C752, 69265112B6C4CF01A5671BBA25FAC76E08A72F25E46BF90CB1CFA245D35144D3 ] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
14:47:29.0977 0x0a60  SmartFaceVWatcher - detected UnsignedFile.Multi.Generic ( 1 )
14:47:32.0832 0x0a60  Detect skipped due to KSN trusted
14:47:32.0832 0x0a60  SmartFaceVWatcher - ok
14:47:32.0970 0x0a60  [ C6F29FC4363AED8566DB6F9B52AAB5FB, AFBB3F4F4AA57B5D89E8F186642D287228A86F1D9C33B707412D0E1DBE153A7C ] C:\Program Files\TOSHIBA\TECO\Teco.exe
14:47:33.0130 0x0a60  Teco - detected UnsignedFile.Multi.Generic ( 1 )
14:47:36.0051 0x0a60  Detect skipped due to KSN trusted
14:47:36.0051 0x0a60  Teco - ok
14:47:36.0225 0x0a60  [ 6E0A862D5471648ABA19AD2B5CEA80BD, 4B3FEB6E52D6FD9000D00BAD343F9B1F1B3C538131C5BC41C799203FC042C1FE ] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
14:47:36.0250 0x0a60  TPCHWMsg - ok
14:47:36.0309 0x0a60  [ E09B922FB422AEFD1493E0657669BD8B, F0692307530C3F20E95D762A674366E6B7BB702EB445666995630EE7D1B18BEB ] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
14:47:36.0341 0x0a60  NDSTray.exe - detected UnsignedFile.Multi.Generic ( 1 )
14:47:39.0054 0x0a60  Detect skipped due to KSN trusted
14:47:39.0054 0x0a60  NDSTray.exe - ok
14:47:39.0083 0x0a60  [ 68120B7C3FF8A3664341D0536C0C3198, F7118E542A3ECAE6B29ADFBA88F2ADE4BCD3270D61993EDF6C340676B66003FD ] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
14:47:39.0089 0x0a60  cfFncEnabler.exe - detected UnsignedFile.Multi.Generic ( 1 )
14:47:41.0816 0x0a60  Detect skipped due to KSN trusted
14:47:41.0816 0x0a60  cfFncEnabler.exe - ok
14:47:41.0965 0x0a60  [ C08EEB50B0CA00F7D272AE94B1531F7D, 0DCCB39A25C77A2C77FC6D928922DD9C581FA4DEF41897A3708FF5BC811AE938 ] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
14:47:42.0119 0x0a60  TWebCamera - ok
14:47:42.0220 0x0a60  [ C238DBC0EDFA7E045E4A7C66567D10D4, 8319B9EC7E6D4A81A0DED9CFF3651E1CB7371CC9D68635CEE4FA2C552EA71899 ] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
14:47:42.0287 0x0a60  Toshiba TEMPRO - ok
14:47:42.0499 0x0a60  [ DFB75217B883F58344DA719C9C7D32F4, 9D7F7FD5187F29A1B48D22EF3EA9E5642B86A33400A0D320754694869D4847EB ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
14:47:42.0510 0x0a60  Toshiba Registration - ok
14:47:42.0635 0x0a60  [ C4479E62594E5F3D41DE9C509D2487A2, 16F0386F182D02B89F8F6679973EAF292B639C4B864FC6AAD75D3205D3CF8F4D ] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
14:47:42.0710 0x0a60  Skytel - ok
14:47:43.0663 0x0a60  [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
14:47:43.0694 0x0a60  avgnt - ok
14:47:43.0768 0x0a60  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:47:43.0780 0x0a60  APSDaemon - ok
14:47:43.0846 0x0a60  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
14:47:43.0889 0x0a60  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
14:47:46.0644 0x0a60  Detect skipped due to KSN trusted
14:47:46.0644 0x0a60  QuickTime Task - ok
14:47:46.0724 0x0a60  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files\iTunes\iTunesHelper.exe
14:47:46.0738 0x0a60  iTunesHelper - ok
14:47:46.0866 0x0a60  [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
14:47:46.0878 0x0a60  Avira Systray - ok
14:47:47.0198 0x0a60  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:47:47.0495 0x0a60  Sidebar - ok
14:47:47.0503 0x0a60  WindowsWelcomeCenter - ok
14:47:47.0626 0x0a60  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:47:48.0332 0x0a60  Sidebar - ok
14:47:48.0339 0x0a60  WindowsWelcomeCenter - ok
14:47:48.0415 0x0a60  [ F2C201341735E6674F7AD892CEA3799B, BF1039D011834B4DDFD0ACDC4BE2F278D6DBB18CC5B40C2540E941FEDBDCB665 ] C:\Windows\ehome\ehTray.exe
14:47:48.0500 0x0a60  ehTray.exe - ok
14:47:48.0834 0x0a60  [ BE0186C2984A1A04E84FF94EE07ACA0C, FDDDAE41ED5A7CAA4F2FEDCF1288F24FA91E1D229D363A4DE28B50DF66EBE7D9 ] C:\Program Files\MyDrive Connect\MyDriveConnect.exe
14:47:50.0253 0x0a60  MyDriveConnect.exe - ok
14:47:50.0417 0x0a60  [ 4CD8FAEAE28BC807955245F3950AB299, 3B372FEF66170D4C8ADE9A759E4ED3FBA60F932B06CF3DCAB61499C9198B0414 ] C:\Program Files\MP4 Player\mp4Player.exe
14:47:50.0513 0x0a60  MP4 Player - detected UnsignedFile.Multi.Generic ( 1 )
14:47:53.0386 0x0a60  Detect skipped due to KSN trusted
14:47:53.0386 0x0a60  MP4 Player - ok
14:47:53.0441 0x0a60  Skype - ok
14:47:53.0512 0x0a60  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
14:47:53.0536 0x0a60  WMPNSCFG - ok
14:47:53.0537 0x0a60  Waiting for KSN requests completion. In queue: 7
14:47:54.0537 0x0a60  Waiting for KSN requests completion. In queue: 7
14:47:55.0596 0x0a60  Waiting for KSN requests completion. In queue: 7
14:47:56.0714 0x0a60  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
14:47:56.0755 0x0a60  Win FW state via NFP2: enabled
14:47:59.0488 0x0a60  ============================================================
14:47:59.0488 0x0a60  Scan finished
14:47:59.0488 0x0a60  ============================================================
14:47:59.0500 0x0cd4  Detected object count: 0
14:47:59.0500 0x0cd4  Actual detected object count: 0
         

Alt 29.03.2015, 17:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Nee das waren jetz nur spezielle Tools. Wieviele Rechner gibt es in diesem Netzwerk?



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.03.2015, 18:59   #11
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Ah okay, schade ;-)
Bin jetzt leider schon wieder abgereist...vielleicht versuche ich es mal per Telefon. Oder gibt es einfache Möglichkeiten, einen Laptop fernzusteuern? Dann könnte ich halt von meinem PC aus auf ihren Laptop zugreifen und die Programme durchlaufen lassen.

Im WLAN befindet sich an der besagte Laptop, ihr Android Sony Smartphone und falls ich zu Besuch bin mein Android Smartphone. Dazu gibt es noch einen normalen PC, der war aber seit diese Meldungen auftreten nicht angeschaltet und kann deshalb nicht der Auslöser sein.

Vielleicht könnte ich in der Zwischenzeit noch mein Smartphone scannen? Oder ist das mit Android nicht so einfach möglich?

Alt 31.03.2015, 06:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Smartphone scannen geht nicht. Teamviewer ist gut zum Fernsteuern, bringt aber nix da es von unsren Tools abgeschossen wird
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.03.2015, 15:46   #13
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Gut, vielleicht bekommen wir das die Tage per Telefon hin. Ich werde dann die Log-Datei posten. Bei Handys bleibt dann also nur ein kompletter Reset?

Alt 01.04.2015, 06:18   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Ja, da kann man nix scannen, ausser mit nem AV extra fürs Handy, aber ob das genügend kann steht auf einem andern Blatt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.04.2015, 18:28   #15
Doeksn
 
Telekom Abuse Team - generic Trojaner/Virus - Standard

Telekom Abuse Team - generic Trojaner/Virus



Soooo ein zwei Stunden Gespräch wäre dann beendet... xD

Hier die log-Datei von grade eben:

Code:
ATTFilter
ComboFix 15-04-16.01 - Johanna 17.04.2015  18:02:07.1.2 - x86
ausgeführt von:: c:\users\Johanna\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johanna\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-17 bis 2015-04-17  ))))))))))))))))))))))))))))))
.
.
2015-04-17 16:09 . 2015-04-17 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-17 15:36 . 2015-04-17 15:36 -------- d-----w- c:\program files\iPod
2015-04-17 15:36 . 2015-04-17 15:37 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-17 15:36 . 2015-04-17 15:37 -------- d-----w- c:\program files\iTunes
2015-03-29 13:15 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-29 13:14 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-29 13:14 . 2015-02-26 00:18 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-03-29 13:08 . 2015-02-20 02:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-29 13:08 . 2015-02-20 00:28 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-03-29 13:07 . 2015-01-09 02:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-29 13:07 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-03-29 13:07 . 2015-02-26 02:01 3604408 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-29 13:07 . 2015-02-26 02:01 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-29 13:07 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-03-29 13:06 . 2015-03-06 04:01 279040 ----a-w- c:\windows\system32\schannel.dll
2015-03-29 13:05 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-17 15:18 . 2014-03-03 20:16 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-17 15:18 . 2014-03-03 20:16 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-27 17:50 . 2015-03-13 10:05 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-27 17:48 . 2015-03-13 10:04 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-10 11:26 . 2013-09-29 15:54 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-10 11:26 . 2013-09-29 15:54 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-17 14:04 . 2015-02-17 14:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 22:12 . 2014-12-19 23:35 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2011-04-14 12:01 . 2015-03-27 18:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-10-03 1792376]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-03-25 31682144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1011712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-06 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-03-31 503808]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-24 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-24 1323008]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-15 570736]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-16 2513472]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-03-04 96144]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-04-08 726320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Johanna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-06 22:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-448599090-1542697344-2977108501-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-03 15:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/webhp?rls=ig
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\eqjf5o0j.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-18 13:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-04-17 18:16
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\TeamViewer\Version4\TeamViewer_Service.exe
c:\program files\Toshiba TEMPRO\TemproSvc.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\TECO\TecoService.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\TOSHIBA\TPHM\TPCHSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\HidFind.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\ehome\ehRec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-17  18:21:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-17 16:21
.
Vor Suchlauf: 7 Verzeichnis(se), 66.268.442.624 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 69.478.326.272 Bytes frei
.
- - End Of File - - F189334F5C7947655FF591F99D418CBF
5C616939100B85E558DA92B899A0FC36
         
Wie gehts weiter?

Antwort

Themen zu Telekom Abuse Team - generic Trojaner/Virus
antivir, avast, center, computer, ebanking, einstellungen, folge, frage, generic, infiziert, kopieren, laptop, links, löschen, neue, passwort, problem, programme, prüfen, seite, telekom, tipps, trojaner/virus, viren, virus, wichtig, windows



Ähnliche Themen: Telekom Abuse Team - generic Trojaner/Virus


  1. Email vom Telekom-Abuse Team mit Hinweis auf Trojaner gozi2
    Log-Analyse und Auswertung - 20.10.2015 (11)
  2. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Zeus Trojaner eingefangen lt. email vom Abuse-Team der Telekom!
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (10)
  5. Deutsche Telekom Abuse-Team - Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (19)
  6. Abuse@Telekom.de - Sicherheitswarnung zum Internetzugang 1 PC mit Trojaner generic infiziert
    Log-Analyse und Auswertung - 20.04.2015 (27)
  7. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  9. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  10. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  11. Telekom Abuse Team: "Virus/Trojaner infiziert"
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (16)
  12. Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung
    Log-Analyse und Auswertung - 16.01.2015 (27)
  13. Mail von der Telekom/Abuse Team erhalten, dass mein PC mit einem Virus/Trojaner infiziert ist
    Log-Analyse und Auswertung - 14.01.2015 (24)
  14. Trojaner "generic" auf Android -- Infobrief der Telekom und deren Abuse-Team
    Smartphone, Tablet & Handy Security - 15.12.2014 (5)
  15. Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom
    Log-Analyse und Auswertung - 17.11.2012 (41)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)

Zum Thema Telekom Abuse Team - generic Trojaner/Virus - Moin moin, es geht um das oben genannte Thema (kommt ja anscheinend öfters vor). Meine Mutter hat in letzter Zeit zwei solcher E-Mails erhalten (wobei die E-Mail Adresse im Empfang - Telekom Abuse Team - generic Trojaner/Virus...
Archiv
Du betrachtest: Telekom Abuse Team - generic Trojaner/Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.