Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: UPS Phishing Mail geöffnet uns auf Link geklickt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.03.2015, 20:14   #1
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Hallo zusammen,

ich habe heute eine Phishing Mail von UPS erhalten und ohne die Mail genauer anzuschauen auf den Link geklickt. Es wurde eine ZIP-Datei heruntergeladen. Ob sie automatisch installiert wurde kann ich nicht sagen. Normalerweise sehe ich mir die Mails immer genau an. Aber ich erwarte gerade ein Paket aus den USA und habe deswegen erst beim klicken an eine Phishing Mail gedacht. Da war es schon zuspät.

Ich habe FRST und Gamer drüber laufen lassen und die Logs gespeichert. Beim Gamer wurde etwas gefunden.
Könnt Ihr mir helfen was ich zu tun habe? Ich benutze den Rechner zum Arbeiten und bin somit momentan aufgeschmissen.

Danke!

Hier ist das Log vom FRST
----------------------------------------------------------------------------------
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 19-03-2015 20:15:25
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
() C:\Program Files\Common Files\AAV\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Users\Schüle\Documents\Downloads\Defogger (4).exe
(Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [ccApp] => c:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [osCheck] => c:\Program Files\Norton 360\osCheck.exe [988512 2008-02-25] (Symantec Corporation)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => c:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2009-03-31] (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll [2008-09-11] (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKLM - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08]
FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-21] (Symantec Corporation)
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
R2 LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-09-11] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-03-16] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys [272432 2009-03-18] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2009-03-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-01-31] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-01-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-01-31] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-04-16] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090612.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090612.003\NAVEX15.SYS [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 16:22 - 2015-03-19 20:15 - 00000000 ____D () C:\FRST
2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 14:23 - 2015-03-19 16:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 14:22 - 2015-03-19 14:22 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-19 14:22 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 14:22 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 14:22 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
2015-02-20 19:13 - 2015-02-20 23:43 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\BOM
2015-02-20 19:13 - 2015-02-20 19:14 - 00000000 ____D () C:\Program Files\Biet-O-Matic
2015-02-20 19:13 - 2015-02-20 19:13 - 00000836 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic
2015-02-20 19:13 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\system32\Inetde.dll
2015-02-20 19:13 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx
2015-02-20 19:13 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winskde.dll
2015-02-20 19:13 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\stdftde.dll
2015-02-20 19:13 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Mscmcde.dll
2015-02-20 19:13 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Tabctde.dll
2015-02-20 19:13 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\system32\Tabctl32.ocx
2015-02-19 17:10 - 2015-02-19 17:10 - 00000000 ____D () C:\Users\Schüle\Desktop\Neuer Ordner
2015-02-19 16:59 - 2015-02-19 16:59 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-19 16:59 - 2015-02-19 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-19 16:58 - 2015-02-19 16:58 - 00000000 ____D () C:\Program Files\iPod
2015-02-19 16:57 - 2015-02-19 16:59 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-19 16:57 - 2015-02-19 16:59 - 00000000 ____D () C:\Program Files\iTunes
2015-02-17 21:43 - 2015-02-17 21:43 - 00142656 _____ () C:\Windows\Minidump\Mini021715-02.dmp
2015-02-17 21:40 - 2015-02-17 21:40 - 00142656 _____ () C:\Windows\Minidump\Mini021715-01.dmp
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:14 - 2009-03-06 11:09 - 01612840 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 20:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 20:12 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 19:46 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 19:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle
2015-03-19 16:01 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-19 16:00 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 15:59 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-19 15:59 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-03-19 15:59 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-03-19 15:59 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-19 15:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 14:46 - 2008-01-21 03:47 - 00109740 _____ () C:\Windows\PFRO.log
2015-03-19 13:33 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 13:32 - 2010-12-17 14:30 - 140545670 _____ () C:\Windows\MEMORY.DMP
2015-03-19 00:36 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-18 15:10 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log
2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird
2015-02-19 16:58 - 2009-05-13 21:52 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2010-08-14 19:32 - 2015-03-19 15:59 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Schüle\AppData\Local\Temp\avguidx.dll
C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe
C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\symlcsv1.exe
C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Schüle\AppData\Local\Temp\ytb.exe
C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 16:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

----------------------------------------------------------------------------------


und das vom Gamer

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-19 20:50:06
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000069 Hitachi_ rev.FB4O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\SCHLE~1\AppData\Local\Temp\awdirkoc.sys


---- System - GMER 2.1 ----

SSDT            86C40D48                                                                                             ZwAlertResumeThread
SSDT            86C40E28                                                                                             ZwAlertThread
SSDT            86ACB358                                                                                             ZwAllocateVirtualMemory
SSDT            86AC5338                                                                                             ZwAlpcConnectPort
SSDT            865B2888                                                                                             ZwCreateMutant
SSDT            86960348                                                                                             ZwCreateThread
SSDT            86CC3710                                                                                             ZwDebugActiveProcess
SSDT            865B3648                                                                                             ZwFreeVirtualMemory
SSDT            86C3B7D8                                                                                             ZwImpersonateAnonymousToken
SSDT            86CC2A30                                                                                             ZwImpersonateThread
SSDT            865B3568                                                                                             ZwMapViewOfSection
SSDT            86C3DAB0                                                                                             ZwOpenEvent
SSDT            86ACB428                                                                                             ZwOpenProcessToken
SSDT            86C3AAF8                                                                                             ZwOpenThreadToken
SSDT            869B4B48                                                                                             ZwResumeThread
SSDT            86C3AA18                                                                                             ZwSetContextThread
SSDT            865B03E0                                                                                             ZwSetInformationProcess
SSDT            86C3C8F8                                                                                             ZwSetInformationThread
SSDT            865B32C8                                                                                             ZwSuspendProcess
SSDT            86C40F70                                                                                             ZwSuspendThread
SSDT            86C3D8A8                                                                                             ZwTerminateProcess
SSDT            86C3C818                                                                                             ZwTerminateThread
SSDT            865B04D0                                                                                             ZwUnmapViewOfSection
SSDT            86C3C0F0                                                                                             ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 350                                                                      820BD974 8 Bytes  [48, 0D, C4, 86, 28, 0E, C4, ...]
.text           ntkrnlpa.exe!KeSetTimerEx + 364                                                                      820BD988 4 Bytes  [58, B3, AC, 86]
.text           ntkrnlpa.exe!KeSetTimerEx + 370                                                                      820BD994 4 Bytes  [38, 53, AC, 86]
.text           ntkrnlpa.exe!KeSetTimerEx + 428                                                                      820BDA4C 4 Bytes  [88, 28, 5B, 86]
.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                      820BDA78 4 Bytes  [48, 03, 96, 86]
.text           ...                                                                                                  
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8DC04340, 0x3EDF57, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtCreateFile + 6                77A17C7E 4 Bytes  [28, 38, B0, 00] {SUB [EAX], BH; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtCreateFile + B                77A17C83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtMapViewOfSection + 6          77A183CE 4 Bytes  [28, 3B, B0, 00] {SUB [EBX], BH; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtMapViewOfSection + B          77A183D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenFile + 6                  77A1845E 4 Bytes  [68, 38, B0, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenFile + B                  77A18463 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcess + 6               77A184DE 4 Bytes  [A8, 39, B0, 00] {TEST AL, 0x39; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcess + B               77A184E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessToken + 6          77A184EE 4 Bytes  CALL 76A2352C C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessToken + B          77A184F3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessTokenEx + 6        77A184FE 4 Bytes  [A8, 3A, B0, 00] {TEST AL, 0x3a; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenProcessTokenEx + B        77A18503 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThread + 6                77A1854E 4 Bytes  [68, 39, B0, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThread + B                77A18553 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadToken + 6           77A1855E 4 Bytes  [68, 3A, B0, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadToken + B           77A18563 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadTokenEx + 6         77A1856E 4 Bytes  CALL 76A235AD C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtOpenThreadTokenEx + B         77A18573 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryAttributesFile + 6       77A185FE 4 Bytes  [A8, 38, B0, 00] {TEST AL, 0x38; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryAttributesFile + B       77A18603 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryFullAttributesFile + 6   77A186AE 4 Bytes  CALL 76A236EB C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtQueryFullAttributesFile + B   77A186B3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationFile + 6        77A18B8E 4 Bytes  [28, 39, B0, 00] {SUB [ECX], BH; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationFile + B        77A18B93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationThread + 6      77A18BDE 4 Bytes  [28, 3A, B0, 00] {SUB [EDX], BH; MOV AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtSetInformationThread + B      77A18BE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtUnmapViewOfSection + 6        77A18E7E 4 Bytes  [68, 3B, B0, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[904] ntdll.dll!NtUnmapViewOfSection + B        77A18E83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtCreateFile + 6               77A17C7E 4 Bytes  [28, D0, C4, 00] {SUB AL, DL; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtCreateFile + B               77A17C83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtMapViewOfSection + 6         77A183CE 4 Bytes  [28, D3, C4, 00] {SUB BL, DL; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtMapViewOfSection + B         77A183D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenFile + 6                 77A1845E 4 Bytes  [68, D0, C4, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenFile + B                 77A18463 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcess + 6              77A184DE 4 Bytes  [A8, D1, C4, 00] {TEST AL, 0xd1; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcess + B              77A184E3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessToken + 6         77A184EE 4 Bytes  CALL 76A249C4 C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessToken + B         77A184F3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessTokenEx + 6       77A184FE 4 Bytes  [A8, D2, C4, 00] {TEST AL, 0xd2; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenProcessTokenEx + B       77A18503 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThread + 6               77A1854E 4 Bytes  [68, D1, C4, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThread + B               77A18553 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadToken + 6          77A1855E 4 Bytes  [68, D2, C4, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadToken + B          77A18563 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadTokenEx + 6        77A1856E 4 Bytes  CALL 76A24A45 C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtOpenThreadTokenEx + B        77A18573 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryAttributesFile + 6      77A185FE 4 Bytes  [A8, D0, C4, 00] {TEST AL, 0xd0; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryAttributesFile + B      77A18603 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryFullAttributesFile + 6  77A186AE 4 Bytes  CALL 76A24B83 C:\Windows\system32\SHELL32.dll
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtQueryFullAttributesFile + B  77A186B3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationFile + 6       77A18B8E 4 Bytes  [28, D1, C4, 00] {SUB CL, DL; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationFile + B       77A18B93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationThread + 6     77A18BDE 4 Bytes  [28, D2, C4, 00] {SUB DL, DL; LES EAX, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtSetInformationThread + B     77A18BE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtUnmapViewOfSection + 6       77A18E7E 4 Bytes  [68, D3, C4, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[1704] ntdll.dll!NtUnmapViewOfSection + B       77A18E83 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + 6         77A183CE 4 Bytes  [18, 20, C9, 74]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4836] ntdll.dll!NtMapViewOfSection + B         77A183D3 1 Byte  [E2]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                              SYMTDI.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                              SYMTDI.SYS

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                                                   [4] 843A2A90                                                        

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

------------------------------------------------------------------------------------
         

Geändert von ga-bwler (19.03.2015 um 20:22 Uhr)

Alt 19.03.2015, 20:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Addition.txt fehlt noch.
__________________

__________________

Alt 19.03.2015, 20:41   #3
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Zitat:
Zitat von cosinus Beitrag anzeigen
Hi und

GMER "findet" in diesem Sinne immer etwas, es zeigt nie ein leeres Log.

Hast du die ZIP auf der Betrugs-E-Mail geöffnet? Auch die darin enthaltene (ausführbare) Datei gedoppelklickt? Wenn nicht sollte nix passiert sein!



Vista wird zwar noch supportet, aber ich kenn kaum jmd der das freiwillig nutzen will bzw Vista lieber als Windows 7 will...dann aber dieses OS ohne SP2 zu betreiben ist etwas fahrlässig. IE ist auch für dein Vista nicht aktuell...

Bitte auch die addition.txt von FRST nachreichen. Und alles in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Hallo,

ich habe die Email im Webmail angeklickt (also nicht komlett geöffnet) und im Vorschaufenster auf die Kontrollnummer 1x geklickt. Daraufhin wurde eine Zip-Datei heruntergeladen. Diese habe ich auch in den Downloads gefunden aber natürlich nicht mehr angeklickt.
Der Laptop ist bereits etwas älter, deshalb noch Vista. Der alte Rechner hat sich verabschiedet deshalb bin ich momentan auf den Laptop angewiesn. Der neue ist aber bereits bestellt und ich muss nur eine kurze Zeit überbrücken. Also nicht so schlimm.
Die addition.txt von FRST werde ich auch posten.




Zitat:
Zitat von cosinus Beitrag anzeigen
Hi und

GMER "findet" in diesem Sinne immer etwas, es zeigt nie ein leeres Log.

Hast du die ZIP auf der Betrugs-E-Mail geöffnet? Auch die darin enthaltene (ausführbare) Datei gedoppelklickt? Wenn nicht sollte nix passiert sein!



Vista wird zwar noch supportet, aber ich kenn kaum jmd der das freiwillig nutzen will bzw Vista lieber als Windows 7 will...dann aber dieses OS ohne SP2 zu betreiben ist etwas fahrlässig. IE ist auch für dein Vista nicht aktuell...

Bitte auch die addition.txt von FRST nachreichen. Und alles in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Sorry,

aber wo finde ich die addition.txt? In der Anleitung heisst es diese wird auf dem Desktop gespeichert. Da ist aber nichts.

Grüße
__________________

Alt 20.03.2015, 05:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Das steht in der Anleitung, korrekt. ABer da steht auch du sollst FRST auf dem Desktop speichern. Hast du nicht gemacht, deshalb schau mal im Download Ordner
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.03.2015, 19:53   #5
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Zitat:
Zitat von schrauber Beitrag anzeigen
Das steht in der Anleitung, korrekt. ABer da steht auch du sollst FRST auf dem Desktop speichern. Hast du nicht gemacht, deshalb schau mal im Download Ordner
Ok danke.

ich hoffe das ist die Datei

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 20-03-2015 20:49:35
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08]
FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
         


Alt 21.03.2015, 10:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Nee. Dann anders:

FRST öffnen, Haken setzen bei Addition und scannen, es öffnen sich automatisch 2 Logs. Beide hier in Codetags in den Thread posten.
__________________
--> UPS Phishing Mail geöffnet uns auf Link geklickt

Alt 22.03.2015, 09:10   #7
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Zitat:
Zitat von schrauber Beitrag anzeigen
Nee. Dann anders:

FRST öffnen, Haken setzen bei Addition und scannen, es öffnen sich automatisch 2 Logs. Beide hier in Codetags in den Thread posten.
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Schüle at 2015-03-22 10:05:28
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Amicron-Faktura 11.0 © Amicron Software (HKLM\...\Amicron-Faktura 11.0) (Version:  - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.4.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Comodo BackUp (HKLM\...\Comodo BackUp) (Version: 1.0.4.337 - COMODO)
DELISprint (HKLM\...\{9480CCD5-BB18-4DF3-AB18-04198B30DD62}) (Version: 5.6.7.0 - DPD)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version:  - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
EOS USB WIA Driver (HKLM\...\EOS USB WIA Driver) (Version: 6.0.1.5 - Canon Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Firebird 2.5.2.26540 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hardcopy (C:\Program Files\Hardcopy) (HKLM\...\Hardcopy(C__Program Files_Hardcopy)) (Version: 17.0.15 - )
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
InfoBibliothek (HKLM\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version:  - Akademische Arbeitsgemeinschaft)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MPM (HKLM\...\{7ABD82AD-E13E-4673-A450-0890D43C8F9D}) (Version: 1.00.0000 - Hewlett-Packard)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Nuance PDF Converter 7 (HKLM\...\{667014DE-A731-4487-9650-BD864C536F4F}) (Version: 7.00.2000 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version:  - hxxp://www.PDFExcelConverter.com)
Profi cash (HKLM\...\Profi cash) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5680 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Converter (Version:  - ) Hidden
Schnapper 1.6.150 (HKLM\...\Schnapper) (Version: 1.6.150 - Robert Beer)
Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Steuersparer 2010 (HKLM\...\{9B954367-8314-4E94-9FFC-D6EFF7C6B674}) (Version: 17.00.6531 - Buhl Data Service GmbH)
Steuersparer 2011 (HKLM\...\{538E852C-1064-46EF-9B24-6EC9B1494792}) (Version: 18.00.6933 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.01.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.11.0000 - Akademische Arbeitsgemeinschaft Verlag)
SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 -> No File Path

==================== Restore Points  =========================

20-02-2015 19:02:29 Geplanter Prüfpunkt
22-02-2015 12:37:10 Geplanter Prüfpunkt
13-03-2015 06:21:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {171DF220-EF09-449C-8AA2-BB5DF0D5E2F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {22B8F97D-5736-4520-9C6B-67C75987854C} - System32\Tasks\{743FC91F-421D-4A8B-BACA-40B6CBC289E5} => pcalua.exe -a c:\Users\Schüle\Documents\Downloads\amicron-faktura11(2).exe
Task: {369C4F35-53F5-45DB-81B4-7131B1554ACC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schüle => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {4C7044E2-6D55-4F72-8668-4F71B6BFA3BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {534DF986-986C-4568-85A6-245C4D6E03C8} - System32\Tasks\{A1B029EC-5A50-478D-A54D-9810DC94C25D} => pcalua.exe -a C:\PROGRA~1\AMICRO~1.0\UNWISE.EXE -c C:\PROGRA~1\AMICRO~1.0\Install.log
Task: {66197C39-E854-490C-B9B5-3E82B27101FB} - System32\Tasks\{88C66690-BBA1-4297-A840-26D69C048E4A} => pcalua.exe -a C:\Users\Schüle\Downloads\setup_kadmos_irfanview_de.exe -d C:\Users\Schüle\Downloads
Task: {91062CE2-CC24-442B-827A-EE9B2F8EB474} - System32\Tasks\{4CE875CE-371C-4A2B-A945-F691B3351578} => pcalua.exe -a "C:\Users\Schüle\Eigene Dateien\Downloads\AF11-Setup.exe" -d "C:\Users\Schüle\Eigene Dateien\Downloads"
Task: {D01C3D6B-91E9-444C-BE2C-7D3E7E848B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {E24C6F7B-BFD0-4BA5-BE79-EB1B319BE31E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 20:05 - 2014-09-10 16:24 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2009-04-25 21:25 - 2009-01-16 02:44 - 00057344 _____ () C:\Program Files\Hardcopy\HcDLL2_28_Win32.dll
2011-08-28 22:19 - 2011-08-28 22:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-25 21:25 - 2009-03-20 07:54 - 00443904 _____ () C:\Program Files\Hardcopy\HcDllS.dll
2009-04-25 21:25 - 2003-11-20 12:18 - 00045056 _____ () C:\Program Files\Hardcopy\hardcopy.dll
2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files\Common Files\AAV\aavus.exe
2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-03-06 11:15 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-03-06 11:15 - 2009-03-06 11:15 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-07-29 12:55 - 2008-07-29 12:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2015-03-13 11:51 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-13 11:51 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img33.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-768814543-1293272205-1146082735-500 - Administrator - Disabled)
Gast (S-1-5-21-768814543-1293272205-1146082735-501 - Limited - Disabled)
Schüle (S-1-5-21-768814543-1293272205-1146082735-1000 - Administrator - Enabled) => C:\Users\Schüle

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 09:58:58 AM) (Source: FirebirdGuardianDefaultInstance) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the Firebird Configuration Utilite to launch the server thread. errno : 1053

Error: (03/22/2015 09:58:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 11:28:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SCHÜLE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\RVV54KH8\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9532

Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9532

Error: (03/20/2015 10:30:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2015 09:02:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 11.3.2015.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 2fc
Anfangszeit: 01d06346fb1a0f7b
Zeitpunkt der Beendigung: 16

Error: (03/20/2015 08:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2015 10:36:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (03/19/2015 08:34:27 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (03/22/2015 10:00:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (03/22/2015 10:00:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (03/22/2015 09:59:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain

Error: (03/22/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Firebird Server - DefaultInstance%%1053

Error: (03/22/2015 09:58:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Firebird Server - DefaultInstance

Error: (03/22/2015 09:58:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Service Host

Error: (03/22/2015 09:58:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/22/2015 09:56:23 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (03/20/2015 10:32:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (03/20/2015 09:34:58 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber USB hat eine ungültige ID für das untergeordnete Gerät (E69739L1N283935) zurückgegeben.


Microsoft Office Sessions:
=========================
Error: (07/21/2013 03:24:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-22 10:05:15.621
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:05:15.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:05:15.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:05:14.748
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:46.241
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:45.944
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:45.632
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:45.351
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:44.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-22 10:04:44.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 53%
Total physical RAM: 2813.5 MB
Available physical RAM: 1313.77 MB
Total Pagefile: 5869.49 MB
Available Pagefile: 3941.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.39 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:14.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.94 GB) NTFS
Drive e: (UNTITLED_DISC) (CDROM) (Total:1.42 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 22-03-2015 10:03:29
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js [2012-12-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-03-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com [2012-09-28]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08]
FF Extension: Yahoo! Toolbar - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-11]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-12-02]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google Search) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 22:37 - 2015-03-19 22:37 - 00001004 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-19 22:36 - 2015-03-19 22:36 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Avira
2015-03-19 22:36 - 2015-03-19 22:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-19 22:35 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-19 22:35 - 2015-03-19 22:35 - 00001849 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-19 22:33 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\Avira
2015-03-19 22:33 - 2015-03-19 22:37 - 00000000 ____D () C:\Program Files\Avira
2015-03-19 22:33 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-03-19 22:33 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-19 22:33 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-19 22:33 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-19 22:17 - 2015-03-19 22:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini
2015-03-19 20:50 - 2015-03-19 20:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt
2015-03-19 20:50 - 2015-03-19 20:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt#
2015-03-19 20:16 - 2015-03-19 20:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt
2015-03-19 16:22 - 2015-03-22 10:03 - 00000000 ____D () C:\FRST
2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 14:23 - 2015-03-22 10:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 14:22 - 2015-03-19 14:22 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-19 14:22 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 14:22 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 14:22 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
2015-02-20 19:13 - 2015-02-20 23:43 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\BOM
2015-02-20 19:13 - 2015-02-20 19:14 - 00000000 ____D () C:\Program Files\Biet-O-Matic
2015-02-20 19:13 - 2015-02-20 19:13 - 00000836 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic
2015-02-20 19:13 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\system32\Inetde.dll
2015-02-20 19:13 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx
2015-02-20 19:13 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winskde.dll
2015-02-20 19:13 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\stdftde.dll
2015-02-20 19:13 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Mscmcde.dll
2015-02-20 19:13 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Tabctde.dll
2015-02-20 19:13 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\system32\Tabctl32.ocx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 10:04 - 2009-03-06 11:09 - 01648317 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 10:00 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-22 09:56 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-22 09:56 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 09:56 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-03-22 09:56 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-03-22 09:56 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-22 09:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 09:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 09:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 23:30 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 22:46 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 22:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-20 20:42 - 2008-01-21 03:47 - 00325414 _____ () C:\Windows\PFRO.log
2015-03-19 20:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle
2015-03-19 13:33 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 13:32 - 2010-12-17 14:30 - 140545670 _____ () C:\Windows\MEMORY.DMP
2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log
2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird

==================== Files in the root of some directories =======

2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2015-03-19 22:17 - 2015-03-19 22:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
2010-08-14 19:32 - 2015-03-22 09:56 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Schüle\AppData\Local\Temp\avgnt.exe
C:\Users\Schüle\AppData\Local\Temp\avguidx.dll
C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe
C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Schüle\AppData\Local\Temp\ytb.exe
C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-22 10:06

==================== End Of Log ============================
         
--- --- ---

Alt 22.03.2015, 16:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION

    SweetPacks bundle uninstaller

    Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION

    Yontoo 1.10.03


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.03.2015, 21:33   #9
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Hallo,

ich habe die Dateien mit Revo Uninstaller gelöscht.
Beim Versuch Malewarebytes laufen zu lassen bekommen ich immer die folgende Fehlermeldung " Error. This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue"

Alt 23.03.2015, 14:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Du hast MBAM schon installiert, das starten und einen Rootkitscan machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.03.2015, 22:10   #11
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Hier der Report von TDSSKiller (Teil1)

Code:
ATTFilter
23:02:46.0584 0x02f4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:02:51.0561 0x02f4  ============================================================
23:02:51.0561 0x02f4  Current date / time: 2015/03/23 23:02:51.0561
23:02:51.0561 0x02f4  SystemInfo:
23:02:51.0561 0x02f4  
23:02:51.0561 0x02f4  OS Version: 6.0.6001 ServicePack: 1.0
23:02:51.0561 0x02f4  Product type: Workstation
23:02:51.0561 0x02f4  ComputerName: SCHÜLE-LAPTOP
23:02:51.0561 0x02f4  UserName: Schüle
23:02:51.0561 0x02f4  Windows directory: C:\Windows
23:02:51.0561 0x02f4  System windows directory: C:\Windows
23:02:51.0561 0x02f4  Processor architecture: Intel x86
23:02:51.0561 0x02f4  Number of processors: 2
23:02:51.0561 0x02f4  Page size: 0x1000
23:02:51.0561 0x02f4  Boot type: Normal boot
23:02:51.0561 0x02f4  ============================================================
23:02:51.0842 0x02f4  KLMD registered as C:\Windows\system32\drivers\80761252.sys
23:02:52.0216 0x02f4  System UUID: {A274B5F9-6E83-03DD-5EFB-2837A373F852}
23:02:53.0262 0x02f4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:02:53.0262 0x02f4  ============================================================
23:02:53.0262 0x02f4  \Device\Harddisk0\DR0:
23:02:53.0262 0x02f4  MBR partitions:
23:02:53.0262 0x02f4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
23:02:53.0262 0x02f4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x12017000
23:02:53.0262 0x02f4  ============================================================
23:02:53.0293 0x02f4  C: <-> \Device\Harddisk0\DR0\Partition1
23:02:53.0340 0x02f4  D: <-> \Device\Harddisk0\DR0\Partition2
23:02:53.0340 0x02f4  ============================================================
23:02:53.0340 0x02f4  Initialize success
23:02:53.0340 0x02f4  ============================================================
23:03:08.0541 0x0768  ============================================================
23:03:08.0541 0x0768  Scan started
23:03:08.0541 0x0768  Mode: Manual; 
23:03:08.0541 0x0768  ============================================================
23:03:08.0541 0x0768  KSN ping started
23:03:09.0119 0x0768  KSN ping finished: true
23:03:09.0743 0x0768  ================ Scan system memory ========================
23:03:09.0743 0x0768  System memory - ok
23:03:09.0743 0x0768  ================ Scan services =============================
23:03:09.0930 0x0768  [ F73DB97453B47B805B73A98023961505, 483F82A46AD73B3736F63CC5B473E0D47D04F1B4A3B40A49024165ACC2CC98FD ] AAV UpdateService C:\Program Files\Common Files\AAV\aavus.exe
23:03:09.0945 0x0768  AAV UpdateService - ok
23:03:10.0179 0x0768  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:03:10.0195 0x0768  ACPI - ok
23:03:10.0304 0x0768  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:10.0351 0x0768  AdobeFlashPlayerUpdateSvc - ok
23:03:10.0413 0x0768  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:03:10.0429 0x0768  adp94xx - ok
23:03:10.0476 0x0768  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:03:10.0476 0x0768  adpahci - ok
23:03:10.0507 0x0768  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:03:10.0507 0x0768  adpu160m - ok
23:03:10.0523 0x0768  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:03:10.0523 0x0768  adpu320 - ok
23:03:10.0569 0x0768  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:03:10.0569 0x0768  AeLookupSvc - ok
23:03:10.0647 0x0768  [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
23:03:10.0663 0x0768  AFD - ok
23:03:10.0710 0x0768  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:03:10.0725 0x0768  agp440 - ok
23:03:10.0757 0x0768  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:03:10.0757 0x0768  aic78xx - ok
23:03:10.0788 0x0768  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
23:03:10.0788 0x0768  ALG - ok
23:03:10.0819 0x0768  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
23:03:10.0819 0x0768  aliide - ok
23:03:10.0850 0x0768  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:03:10.0866 0x0768  amdagp - ok
23:03:10.0881 0x0768  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
23:03:10.0897 0x0768  amdide - ok
23:03:10.0913 0x0768  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:03:10.0928 0x0768  AmdK7 - ok
23:03:10.0959 0x0768  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:03:10.0959 0x0768  AmdK8 - ok
23:03:11.0178 0x0768  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:03:11.0225 0x0768  AntiVirSchedulerService - ok
23:03:11.0287 0x0768  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:03:11.0318 0x0768  AntiVirService - ok
23:03:11.0349 0x0768  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
23:03:11.0365 0x0768  Appinfo - ok
23:03:11.0474 0x0768  [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:11.0490 0x0768  Apple Mobile Device - ok
23:03:11.0505 0x0768  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
23:03:11.0505 0x0768  arc - ok
23:03:11.0552 0x0768  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:03:11.0552 0x0768  arcsas - ok
23:03:11.0583 0x0768  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:11.0583 0x0768  AsyncMac - ok
23:03:11.0615 0x0768  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:03:11.0615 0x0768  atapi - ok
23:03:11.0661 0x0768  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:11.0677 0x0768  AudioEndpointBuilder - ok
23:03:11.0693 0x0768  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:03:11.0708 0x0768  Audiosrv - ok
23:03:11.0739 0x0768  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:03:11.0771 0x0768  avgntflt - ok
23:03:11.0833 0x0768  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:03:11.0864 0x0768  avipbb - ok
23:03:12.0051 0x0768  [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
23:03:12.0067 0x0768  Avira.OE.ServiceHost - ok
23:03:12.0114 0x0768  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:03:12.0129 0x0768  avkmgr - ok
23:03:12.0176 0x0768  [ 6FB43F0DADB3FDC287D080C19666AF8D, D2AA2172CEAF5954E4F04728D1BC9EA7C47A20E8918E876287FC766895FB617A ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:03:12.0192 0x0768  b57nd60x - ok
23:03:12.0270 0x0768  [ C38077D14ADF896EE1E1DBBCBCF77E14, 93CAEB3C124277D4C9D4E4622AB2213ECC60AAFFA754197297583431EDAE0472 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
23:03:12.0301 0x0768  BCM43XX - ok
23:03:12.0332 0x0768  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:03:12.0332 0x0768  Beep - ok
23:03:12.0379 0x0768  [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE             C:\Windows\System32\bfe.dll
23:03:12.0395 0x0768  BFE - ok
23:03:12.0441 0x0768  [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\System32\qmgr.dll
23:03:12.0473 0x0768  BITS - ok
23:03:12.0504 0x0768  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:03:12.0504 0x0768  blbdrive - ok
23:03:12.0597 0x0768  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:12.0644 0x0768  Bonjour Service - ok
23:03:12.0753 0x0768  [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:03:12.0753 0x0768  bowser - ok
23:03:12.0816 0x0768  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:03:12.0831 0x0768  BrFiltLo - ok
23:03:12.0863 0x0768  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:03:12.0863 0x0768  BrFiltUp - ok
23:03:12.0894 0x0768  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
23:03:12.0925 0x0768  Browser - ok
23:03:12.0987 0x0768  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:03:13.0003 0x0768  Brserid - ok
23:03:13.0034 0x0768  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:03:13.0034 0x0768  BrSerWdm - ok
23:03:13.0081 0x0768  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:03:13.0097 0x0768  BrUsbMdm - ok
23:03:13.0128 0x0768  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:03:13.0128 0x0768  BrUsbSer - ok
23:03:13.0159 0x0768  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:03:13.0175 0x0768  BTHMODEM - ok
23:03:13.0237 0x0768  [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
23:03:13.0253 0x0768  BUNAgentSvc - ok
23:03:13.0315 0x0768  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:03:13.0315 0x0768  cdfs - ok
23:03:13.0362 0x0768  [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:03:13.0362 0x0768  cdrom - ok
23:03:13.0409 0x0768  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:03:13.0409 0x0768  CertPropSvc - ok
23:03:13.0424 0x0768  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:03:13.0440 0x0768  circlass - ok
23:03:13.0518 0x0768  [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
23:03:13.0565 0x0768  CLFS - ok
23:03:13.0674 0x0768  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:13.0705 0x0768  clr_optimization_v2.0.50727_32 - ok
23:03:13.0783 0x0768  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:13.0783 0x0768  clr_optimization_v4.0.30319_32 - ok
23:03:13.0845 0x0768  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:03:13.0845 0x0768  CmBatt - ok
23:03:13.0877 0x0768  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:03:13.0877 0x0768  cmdide - ok
23:03:14.0033 0x0768  [ B80751FE12E2FEF90AA0960AE7358E89, 906D83FB63BD1814731E92257B8FD5381225EA4CFA76D91045F2C00278F5A58E ] ComodoBackupService C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
23:03:14.0173 0x0768  ComodoBackupService - ok
23:03:14.0204 0x0768  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:03:14.0220 0x0768  Compbatt - ok
23:03:14.0220 0x0768  COMSysApp - ok
23:03:14.0235 0x0768  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:03:14.0251 0x0768  crcdisk - ok
23:03:14.0267 0x0768  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:03:14.0282 0x0768  Crusoe - ok
23:03:14.0345 0x0768  [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:03:14.0345 0x0768  CryptSvc - ok
23:03:14.0485 0x0768  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:03:14.0516 0x0768  DcomLaunch - ok
23:03:14.0594 0x0768  [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:03:14.0610 0x0768  DfsC - ok
23:03:14.0813 0x0768  [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
23:03:14.0922 0x0768  DFSR - ok
23:03:15.0031 0x0768  [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:03:15.0047 0x0768  Dhcp - ok
23:03:15.0109 0x0768  [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
23:03:15.0109 0x0768  disk - ok
23:03:15.0156 0x0768  DKbFltr - ok
23:03:15.0249 0x0768  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:03:15.0249 0x0768  Dnscache - ok
23:03:15.0312 0x0768  [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
23:03:15.0343 0x0768  dot3svc - ok
23:03:15.0421 0x0768  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:03:15.0437 0x0768  Dot4 - ok
23:03:15.0468 0x0768  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:03:15.0468 0x0768  Dot4Print - ok
23:03:15.0499 0x0768  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:03:15.0499 0x0768  dot4usb - ok
23:03:15.0546 0x0768  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
23:03:15.0561 0x0768  DPS - ok
23:03:15.0608 0x0768  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:03:15.0608 0x0768  drmkaud - ok
23:03:15.0749 0x0768  [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:03:15.0780 0x0768  DXGKrnl - ok
23:03:15.0842 0x0768  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:03:15.0858 0x0768  E1G60 - ok
23:03:15.0889 0x0768  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
23:03:15.0920 0x0768  EapHost - ok
23:03:15.0983 0x0768  [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:03:15.0983 0x0768  Ecache - ok
23:03:16.0061 0x0768  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:03:16.0107 0x0768  ehRecvr - ok
23:03:16.0139 0x0768  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
23:03:16.0170 0x0768  ehSched - ok
23:03:16.0201 0x0768  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
23:03:16.0201 0x0768  ehstart - ok
23:03:16.0263 0x0768  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:03:16.0263 0x0768  elxstor - ok
23:03:16.0326 0x0768  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:03:16.0357 0x0768  EMDMgmt - ok
23:03:16.0388 0x0768  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:03:16.0388 0x0768  ErrDev - ok
23:03:16.0466 0x0768  [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService       C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
23:03:16.0466 0x0768  ETService - ok
23:03:16.0513 0x0768  [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
23:03:16.0529 0x0768  EventSystem - ok
23:03:16.0575 0x0768  [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:03:16.0591 0x0768  exfat - ok
23:03:16.0607 0x0768  [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:03:16.0622 0x0768  fastfat - ok
23:03:16.0638 0x0768  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:03:16.0638 0x0768  fdc - ok
23:03:16.0669 0x0768  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
23:03:16.0669 0x0768  fdPHost - ok
23:03:16.0700 0x0768  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:03:16.0700 0x0768  FDResPub - ok
23:03:16.0731 0x0768  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:03:16.0731 0x0768  FileInfo - ok
23:03:16.0778 0x0768  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:03:16.0778 0x0768  Filetrace - ok
23:03:16.0887 0x0768  [ 6B82884EED135613E3E560204DB4242D, A56FF600CBFC02B0E5E7C0180F3221E3BEF3102DC6877074FBFA90502F886478 ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
23:03:16.0903 0x0768  FirebirdGuardianDefaultInstance - ok
23:03:17.0215 0x0768  [ ECD2FFCFE1C21C00E0DE0B0866EDDF38, 1DA942358F97518E68057093C86157A441140517F1B04AB75E20C44F2CED7563 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
23:03:17.0340 0x0768  FirebirdServerDefaultInstance - ok
23:03:17.0371 0x0768  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:17.0371 0x0768  flpydisk - ok
23:03:17.0433 0x0768  [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:03:17.0433 0x0768  FltMgr - ok
23:03:17.0527 0x0768  [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:17.0543 0x0768  FontCache3.0.0.0 - ok
23:03:17.0574 0x0768  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:03:17.0574 0x0768  Fs_Rec - ok
23:03:17.0605 0x0768  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:03:17.0605 0x0768  gagp30kx - ok
23:03:17.0652 0x0768  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:03:17.0652 0x0768  GEARAspiWDM - ok
23:03:17.0777 0x0768  [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:03:17.0808 0x0768  gpsvc - ok
23:03:17.0901 0x0768  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:17.0901 0x0768  gupdate - ok
23:03:17.0933 0x0768  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:17.0948 0x0768  gupdatem - ok
23:03:18.0011 0x0768  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:18.0011 0x0768  HdAudAddService - ok
23:03:18.0042 0x0768  [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:18.0042 0x0768  HDAudBus - ok
23:03:18.0073 0x0768  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:03:18.0073 0x0768  HidBth - ok
23:03:18.0104 0x0768  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:03:18.0104 0x0768  HidIr - ok
23:03:18.0135 0x0768  [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\system32\hidserv.dll
23:03:18.0135 0x0768  hidserv - ok
23:03:18.0182 0x0768  [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:03:18.0182 0x0768  HidUsb - ok
23:03:18.0229 0x0768  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:03:18.0229 0x0768  hkmsvc - ok
23:03:18.0291 0x0768  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:03:18.0307 0x0768  HpCISSs - ok
23:03:18.0369 0x0768  [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:03:18.0385 0x0768  HTTP - ok
23:03:18.0432 0x0768  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:03:18.0447 0x0768  i2omp - ok
23:03:18.0479 0x0768  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:18.0479 0x0768  i8042prt - ok
23:03:18.0525 0x0768  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:03:18.0525 0x0768  iaStorV - ok
23:03:18.0635 0x0768  [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:03:18.0791 0x0768  idsvc - ok
23:03:18.0822 0x0768  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:03:18.0822 0x0768  iirsp - ok
23:03:18.0869 0x0768  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:03:18.0884 0x0768  IKEEXT - ok
23:03:18.0947 0x0768  [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15           C:\Windows\system32\drivers\int15.sys
23:03:18.0962 0x0768  int15 - ok
23:03:19.0118 0x0768  [ FE912E4A9719A9792669DEBB403CB9B1, C3C7F4B98B6EC5266AF29B9AC8373424D8A5035CDFF60DB85DB336819BFE8F39 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:03:19.0290 0x0768  IntcAzAudAddService - ok
23:03:19.0337 0x0768  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
23:03:19.0337 0x0768  intelide - ok
23:03:19.0383 0x0768  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:03:19.0383 0x0768  intelppm - ok
23:03:19.0415 0x0768  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:03:19.0446 0x0768  IPBusEnum - ok
23:03:19.0477 0x0768  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:19.0477 0x0768  IpFilterDriver - ok
23:03:19.0524 0x0768  [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:03:19.0539 0x0768  iphlpsvc - ok
23:03:19.0555 0x0768  IpInIp - ok
23:03:19.0586 0x0768  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:03:19.0586 0x0768  IPMIDRV - ok
23:03:19.0617 0x0768  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:03:19.0617 0x0768  IPNAT - ok
23:03:19.0680 0x0768  [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:03:19.0711 0x0768  iPod Service - ok
23:03:19.0742 0x0768  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:03:19.0742 0x0768  IRENUM - ok
23:03:19.0805 0x0768  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:03:19.0805 0x0768  isapnp - ok
23:03:19.0851 0x0768  [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:03:19.0867 0x0768  iScsiPrt - ok
23:03:19.0914 0x0768  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:03:19.0914 0x0768  iteatapi - ok
23:03:19.0929 0x0768  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:03:19.0929 0x0768  iteraid - ok
23:03:19.0976 0x0768  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:03:20.0007 0x0768  IviRegMgr - ok
23:03:20.0039 0x0768  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:20.0054 0x0768  kbdclass - ok
23:03:20.0070 0x0768  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:20.0070 0x0768  kbdhid - ok
23:03:20.0085 0x0768  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
23:03:20.0085 0x0768  KeyIso - ok
23:03:20.0117 0x0768  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:03:20.0132 0x0768  KSecDD - ok
23:03:20.0179 0x0768  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:03:20.0195 0x0768  KtmRm - ok
23:03:20.0241 0x0768  [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:03:20.0241 0x0768  LanmanServer - ok
23:03:20.0289 0x0768  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:20.0289 0x0768  LanmanWorkstation - ok
23:03:20.0367 0x0768  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:03:20.0367 0x0768  LightScribeService - ok
23:03:20.0398 0x0768  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:03:20.0414 0x0768  lltdio - ok
23:03:20.0445 0x0768  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:03:20.0476 0x0768  lltdsvc - ok
23:03:20.0492 0x0768  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:03:20.0508 0x0768  lmhosts - ok
23:03:20.0539 0x0768  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:03:20.0539 0x0768  LSI_FC - ok
23:03:20.0554 0x0768  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:03:20.0570 0x0768  LSI_SAS - ok
23:03:20.0601 0x0768  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:03:20.0601 0x0768  LSI_SCSI - ok
23:03:20.0632 0x0768  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:03:20.0632 0x0768  luafv - ok
23:03:20.0710 0x0768  [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
23:03:20.0710 0x0768  mbamchameleon - ok
23:03:20.0773 0x0768  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:03:20.0773 0x0768  MBAMSwissArmy - ok
23:03:20.0835 0x0768  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:03:20.0851 0x0768  Mcx2Svc - ok
23:03:20.0898 0x0768  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
23:03:20.0898 0x0768  megasas - ok
23:03:20.0960 0x0768  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:03:20.0976 0x0768  MegaSR - ok
23:03:21.0007 0x0768  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
23:03:21.0007 0x0768  MMCSS - ok
23:03:21.0038 0x0768  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
23:03:21.0038 0x0768  Modem - ok
23:03:21.0069 0x0768  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:03:21.0069 0x0768  monitor - ok
23:03:21.0116 0x0768  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:03:21.0116 0x0768  mouclass - ok
23:03:21.0132 0x0768  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:03:21.0132 0x0768  mouhid - ok
23:03:21.0163 0x0768  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:03:21.0163 0x0768  MountMgr - ok
23:03:21.0241 0x0768  [ 8446B9C86C11F94502BC55321637FDE9, D04BAF2FB69526BB6B4182FB7284F61E311CEB313142C3A46BD2741D515457CF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:03:21.0256 0x0768  MozillaMaintenance - ok
23:03:21.0289 0x0768  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:03:21.0320 0x0768  mpio - ok
23:03:21.0351 0x0768  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:03:21.0351 0x0768  mpsdrv - ok
23:03:21.0413 0x0768  [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:03:21.0429 0x0768  MpsSvc - ok
23:03:21.0491 0x0768  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:03:21.0491 0x0768  Mraid35x - ok
23:03:21.0523 0x0768  [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:03:21.0523 0x0768  MRxDAV - ok
23:03:21.0585 0x0768  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:21.0585 0x0768  mrxsmb - ok
23:03:21.0632 0x0768  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:21.0632 0x0768  mrxsmb10 - ok
23:03:21.0663 0x0768  [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:21.0679 0x0768  mrxsmb20 - ok
23:03:21.0694 0x0768  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:03:21.0694 0x0768  msahci - ok
23:03:21.0725 0x0768  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:03:21.0741 0x0768  msdsm - ok
23:03:21.0772 0x0768  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
23:03:21.0788 0x0768  MSDTC - ok
23:03:21.0835 0x0768  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:03:21.0835 0x0768  Msfs - ok
23:03:21.0866 0x0768  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:03:21.0866 0x0768  msisadrv - ok
23:03:21.0897 0x0768  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:03:21.0928 0x0768  MSiSCSI - ok
23:03:21.0928 0x0768  msiserver - ok
23:03:21.0975 0x0768  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:03:21.0975 0x0768  MSKSSRV - ok
23:03:22.0006 0x0768  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:22.0006 0x0768  MSPCLOCK - ok
23:03:22.0037 0x0768  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:03:22.0037 0x0768  MSPQM - ok
23:03:22.0084 0x0768  [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:03:22.0100 0x0768  MsRPC - ok
23:03:22.0131 0x0768  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:22.0147 0x0768  mssmbios - ok
23:03:22.0162 0x0768  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:03:22.0162 0x0768  MSTEE - ok
23:03:22.0193 0x0768  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:03:22.0209 0x0768  Mup - ok
23:03:22.0256 0x0768  [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
23:03:22.0271 0x0768  napagent - ok
23:03:22.0319 0x0768  [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:03:22.0335 0x0768  NativeWifiP - ok
23:03:22.0397 0x0768  [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:03:22.0413 0x0768  NDIS - ok
23:03:22.0428 0x0768  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:22.0428 0x0768  NdisTapi - ok
23:03:22.0460 0x0768  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:22.0460 0x0768  Ndisuio - ok
23:03:22.0475 0x0768  [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:22.0491 0x0768  NdisWan - ok
23:03:22.0522 0x0768  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:03:22.0522 0x0768  NDProxy - ok
23:03:22.0569 0x0768  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:03:22.0584 0x0768  Net Driver HPZ12 - ok
23:03:22.0600 0x0768  Netaapl - ok
23:03:22.0631 0x0768  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:03:22.0631 0x0768  NetBIOS - ok
23:03:22.0662 0x0768  [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:03:22.0694 0x0768  netbt - ok
23:03:22.0709 0x0768  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
23:03:22.0709 0x0768  Netlogon - ok
23:03:22.0740 0x0768  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
23:03:22.0756 0x0768  Netman - ok
23:03:22.0787 0x0768  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
23:03:22.0787 0x0768  netprofm - ok
23:03:22.0850 0x0768  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:03:22.0881 0x0768  NetTcpPortSharing - ok
23:03:22.0912 0x0768  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:03:22.0912 0x0768  nfrd960 - ok
23:03:22.0943 0x0768  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:03:22.0959 0x0768  NlaSvc - ok
23:03:22.0974 0x0768  [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:03:22.0990 0x0768  Npfs - ok
23:03:23.0021 0x0768  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
23:03:23.0021 0x0768  nsi - ok
23:03:23.0052 0x0768  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:03:23.0068 0x0768  nsiproxy - ok
23:03:23.0130 0x0768  [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:03:23.0240 0x0768  Ntfs - ok
23:03:23.0271 0x0768  [ CB76F68BA0D57C5D25B538981B1C611C, D078ADEFCF1559EA86AFBD3F6766065EE12B85CF44736A87D4140FB0C480215E ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:03:23.0286 0x0768  NTIBackupSvc - ok
23:03:23.0333 0x0768  [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:03:23.0333 0x0768  NTIDrvr - ok
23:03:23.0349 0x0768  [ DF1C10A75DF7E50195FC417F88A33227, 1551A6243236FD46F34C6F2443A3CC78D5424D9BCECB8576227A9E0AC91EC804 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:03:23.0380 0x0768  NTISchedulerSvc - ok
23:03:23.0411 0x0768  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:03:23.0427 0x0768  ntrigdigi - ok
23:03:23.0442 0x0768  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
23:03:23.0458 0x0768  Null - ok
23:03:23.0848 0x0768  [ EC0E8BC4CA37007DDB51F0DCC0C5472F, 38F04B90DDE98FCA37264CC7A71A7E42273CDFFE2C2571EB203522503B60213D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:24.0207 0x0768  nvlddmkm - ok
23:03:24.0332 0x0768  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:03:24.0363 0x0768  nvraid - ok
23:03:24.0410 0x0768  [ 736054614AB962D4EC01EF4ABCE115F1, 64AB175B70FEE31367961469603D091E01FBC8F343099005FD06B2B9314655E0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
23:03:24.0410 0x0768  nvsmu - ok
23:03:24.0441 0x0768  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:03:24.0456 0x0768  nvstor - ok
23:03:24.0503 0x0768  [ 1199B2052F7861C1D39C2318E70904C9, A3CAE98D7A4023487D6A118D070AFE00A2B8113DF89828F173C69255B2F3C267 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
23:03:24.0503 0x0768  nvstor32 - ok
23:03:24.0550 0x0768  [ 6A4BB2DDFA34BC3C4D20478B1F0E335C, 22DA3DFB91A0BA1A468F18C560FE636D3E99456E3499A55B52B6B3E3F1CCBB5E ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:03:24.0581 0x0768  nvsvc - ok
23:03:24.0628 0x0768  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:03:24.0644 0x0768  nv_agp - ok
23:03:24.0659 0x0768  NwlnkFlt - ok
23:03:24.0675 0x0768  NwlnkFwd - ok
23:03:24.0768 0x0768  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:03:24.0815 0x0768  odserv - ok
23:03:24.0862 0x0768  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:03:24.0878 0x0768  ohci1394 - ok
23:03:24.0940 0x0768  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:24.0971 0x0768  ose - ok
23:03:25.0034 0x0768  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:03:25.0080 0x0768  p2pimsvc - ok
23:03:25.0127 0x0768  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:03:25.0158 0x0768  p2psvc - ok
23:03:25.0205 0x0768  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
23:03:25.0221 0x0768  Parport - ok
23:03:25.0236 0x0768  [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:03:25.0252 0x0768  partmgr - ok
23:03:25.0283 0x0768  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:03:25.0283 0x0768  Parvdm - ok
23:03:25.0314 0x0768  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:03:25.0330 0x0768  PcaSvc - ok
23:03:25.0346 0x0768  [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
23:03:25.0361 0x0768  pci - ok
23:03:25.0377 0x0768  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:03:25.0392 0x0768  pciide - ok
23:03:25.0424 0x0768  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:03:25.0439 0x0768  pcmcia - ok
23:03:25.0502 0x0768  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:03:25.0564 0x0768  PEAUTH - ok
23:03:25.0689 0x0768  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
23:03:25.0736 0x0768  pla - ok
23:03:25.0767 0x0768  [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:03:25.0782 0x0768  PlugPlay - ok
23:03:25.0845 0x0768  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:03:25.0860 0x0768  Pml Driver HPZ12 - ok
23:03:25.0938 0x0768  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:03:25.0985 0x0768  PNRPAutoReg - ok
23:03:26.0016 0x0768  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:03:26.0048 0x0768  PNRPsvc - ok
23:03:26.0094 0x0768  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:03:26.0110 0x0768  PolicyAgent - ok
23:03:26.0141 0x0768  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:03:26.0157 0x0768  PptpMiniport - ok
23:03:26.0172 0x0768  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:03:26.0172 0x0768  Processor - ok
23:03:26.0204 0x0768  [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:03:26.0219 0x0768  ProfSvc - ok
23:03:26.0235 0x0768  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:26.0235 0x0768  ProtectedStorage - ok
23:03:26.0250 0x0768  [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:03:26.0266 0x0768  PSched - ok
23:03:26.0360 0x0768  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:03:26.0438 0x0768  ql2300 - ok
23:03:26.0469 0x0768  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:03:26.0484 0x0768  ql40xx - ok
23:03:26.0531 0x0768  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
23:03:26.0547 0x0768  QWAVE - ok
23:03:26.0562 0x0768  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:03:26.0578 0x0768  QWAVEdrv - ok
23:03:26.0609 0x0768  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:03:26.0625 0x0768  RasAcd - ok
23:03:26.0640 0x0768  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
23:03:26.0656 0x0768  RasAuto - ok
23:03:26.0687 0x0768  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:26.0703 0x0768  Rasl2tp - ok
23:03:26.0734 0x0768  [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
23:03:26.0765 0x0768  RasMan - ok
23:03:26.0781 0x0768  [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:26.0796 0x0768  RasPppoe - ok
23:03:26.0812 0x0768  [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:03:26.0828 0x0768  RasSstp - ok
23:03:26.0859 0x0768  [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:03:26.0890 0x0768  rdbss - ok
23:03:26.0921 0x0768  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:26.0921 0x0768  RDPCDD - ok
23:03:26.0968 0x0768  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:03:26.0999 0x0768  rdpdr - ok
23:03:26.0999 0x0768  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:03:27.0015 0x0768  RDPENCDD - ok
23:03:27.0062 0x0768  [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:03:27.0093 0x0768  RDPWD - ok
23:03:27.0140 0x0768  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
23:03:27.0140 0x0768  regi - ok
23:03:27.0186 0x0768  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:03:27.0202 0x0768  RemoteAccess - ok
23:03:27.0264 0x0768  [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:03:27.0296 0x0768  RemoteRegistry - ok
23:03:27.0311 0x0768  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
23:03:27.0327 0x0768  RpcLocator - ok
23:03:27.0358 0x0768  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs           C:\Windows\system32\rpcss.dll
23:03:27.0374 0x0768  RpcSs - ok
23:03:27.0405 0x0768  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:03:27.0420 0x0768  rspndr - ok
23:03:27.0436 0x0768  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
23:03:27.0436 0x0768  SamSs - ok
23:03:27.0467 0x0768  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:03:27.0483 0x0768  sbp2port - ok
23:03:27.0514 0x0768  [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:03:27.0545 0x0768  SCardSvr - ok
23:03:27.0592 0x0768  [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
23:03:27.0639 0x0768  Schedule - ok
23:03:27.0654 0x0768  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:03:27.0654 0x0768  SCPolicySvc - ok
23:03:27.0701 0x0768  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:03:27.0717 0x0768  SDRSVC - ok
23:03:27.0732 0x0768  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:03:27.0748 0x0768  secdrv - ok
23:03:27.0764 0x0768  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
23:03:27.0764 0x0768  seclogon - ok
23:03:27.0779 0x0768  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
23:03:27.0779 0x0768  SENS - ok
23:03:27.0826 0x0768  [ CB3E852B818946F396E35A976EE6B552, 2CA45BEBD2F607E66F13DBD23DE7FB4E0C74F9B93A649B270E96A97000B650CA ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
23:03:27.0842 0x0768  Ser2pl - ok
23:03:27.0842 0x0768  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:03:27.0857 0x0768  Serenum - ok
23:03:27.0888 0x0768  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
23:03:27.0904 0x0768  Serial - ok
23:03:27.0935 0x0768  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:03:27.0935 0x0768  sermouse - ok
23:03:28.0013 0x0768  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:03:28.0013 0x0768  SessionEnv - ok
23:03:28.0044 0x0768  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:03:28.0060 0x0768  sffdisk - ok
23:03:28.0091 0x0768  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:03:28.0107 0x0768  sffp_mmc - ok
23:03:28.0122 0x0768  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:03:28.0138 0x0768  sffp_sd - ok
23:03:28.0154 0x0768  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:03:28.0169 0x0768  sfloppy - ok
23:03:28.0200 0x0768  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:03:28.0216 0x0768  SharedAccess - ok
23:03:28.0247 0x0768  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:28.0263 0x0768  ShellHWDetection - ok
23:03:28.0294 0x0768  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:03:28.0310 0x0768  sisagp - ok
23:03:28.0325 0x0768  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:03:28.0341 0x0768  SiSRaid2 - ok
23:03:28.0372 0x0768  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:03:28.0373 0x0768  SiSRaid4 - ok
23:03:28.0529 0x0768  [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
23:03:28.0669 0x0768  slsvc - ok
23:03:28.0701 0x0768  [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:03:28.0732 0x0768  SLUINotify - ok
23:03:28.0747 0x0768  [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:03:28.0763 0x0768  Smb - ok
23:03:28.0794 0x0768  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:03:28.0794 0x0768  SNMPTRAP - ok
23:03:28.0841 0x0768  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:03:28.0841 0x0768  spldr - ok
23:03:28.0888 0x0768  [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
23:03:28.0903 0x0768  Spooler - ok
23:03:28.0981 0x0768  [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:03:29.0013 0x0768  srv - ok
23:03:29.0044 0x0768  [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:03:29.0059 0x0768  srv2 - ok
23:03:29.0106 0x0768  [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:03:29.0122 0x0768  srvnet - ok
23:03:29.0184 0x0768  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:03:29.0200 0x0768  SSDPSRV - ok
23:03:29.0247 0x0768  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:03:29.0262 0x0768  ssmdrv - ok
23:03:29.0309 0x0768  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:03:29.0325 0x0768  SstpSvc - ok
23:03:29.0356 0x0768  [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
23:03:29.0387 0x0768  stisvc - ok
23:03:29.0434 0x0768  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:03:29.0449 0x0768  swenum - ok
23:03:29.0496 0x0768  [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
23:03:29.0496 0x0768  swprv - ok
23:03:29.0527 0x0768  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:03:29.0543 0x0768  Symc8xx - ok
23:03:29.0559 0x0768  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:03:29.0574 0x0768  Sym_hi - ok
23:03:29.0605 0x0768  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:03:29.0621 0x0768  Sym_u3 - ok
23:03:29.0668 0x0768  [ BF7AA84D5AF0FAA0978C840E63B17DBF, ED07F47BCD96B524F3E4EE01DB46D26FDB790167B7BA7C7097D75E10FE1144A4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:03:29.0683 0x0768  SynTP - ok
23:03:29.0730 0x0768  [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
23:03:29.0761 0x0768  SysMain - ok
23:03:29.0793 0x0768  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:29.0808 0x0768  TabletInputService - ok
23:03:29.0855 0x0768  [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:03:29.0871 0x0768  TapiSrv - ok
23:03:29.0886 0x0768  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
23:03:29.0902 0x0768  TBS - ok
23:03:30.0011 0x0768  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:03:30.0073 0x0768  Tcpip - ok
23:03:30.0136 0x0768  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:03:30.0167 0x0768  Tcpip6 - ok
23:03:30.0214 0x0768  [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:03:30.0229 0x0768  tcpipreg - ok
23:03:30.0261 0x0768  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:03:30.0261 0x0768  TDPIPE - ok
23:03:30.0292 0x0768  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:03:30.0307 0x0768  TDTCP - ok
23:03:30.0323 0x0768  [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:03:30.0339 0x0768  tdx - ok
23:03:30.0666 0x0768  [ F01CC856780524410EA86C07C39E5B77, 01C62D94D7FB7E411BAC2E2996BC09EBBDC0F3E03C62D06E1121DCB169AD6326 ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:03:31.0150 0x0768  TeamViewer9 - ok
23:03:31.0212 0x0768  [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:03:31.0212 0x0768  teamviewervpn - ok
23:03:31.0243 0x0768  [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:03:31.0259 0x0768  TermDD - ok
23:03:31.0306 0x0768  [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
23:03:31.0337 0x0768  TermService - ok
23:03:31.0353 0x0768  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
23:03:31.0368 0x0768  Themes - ok
23:03:31.0384 0x0768  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:03:31.0399 0x0768  THREADORDER - ok
23:03:31.0431 0x0768  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
23:03:31.0431 0x0768  TrkWks - ok
23:03:31.0493 0x0768  [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:31.0493 0x0768  TrustedInstaller - ok
23:03:31.0555 0x0768  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:31.0571 0x0768  tssecsrv - ok
23:03:31.0602 0x0768  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:03:31.0602 0x0768  tunmp - ok
23:03:31.0618 0x0768  [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:03:31.0633 0x0768  tunnel - ok
23:03:31.0649 0x0768  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:03:31.0665 0x0768  uagp35 - ok
23:03:31.0696 0x0768  [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:03:31.0696 0x0768  UBHelper - ok
23:03:31.0727 0x0768  [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:03:31.0758 0x0768  udfs - ok
23:03:31.0805 0x0768  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:03:31.0821 0x0768  UI0Detect - ok
23:03:31.0852 0x0768  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:03:31.0867 0x0768  uliagpkx - ok
23:03:31.0883 0x0768  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:03:31.0914 0x0768  uliahci - ok
23:03:31.0977 0x0768  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:03:31.0992 0x0768  UlSata - ok
23:03:32.0023 0x0768  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:03:32.0039 0x0768  ulsata2 - ok
23:03:32.0070 0x0768  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:03:32.0070 0x0768  umbus - ok
23:03:32.0101 0x0768  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
23:03:32.0117 0x0768  upnphost - ok
23:03:32.0164 0x0768  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:03:32.0179 0x0768  USBAAPL - ok
23:03:32.0211 0x0768  [ AFB10A231254A1920C3BB4A0D02E1CA6, 8B9748B9935812ED7F318733D9F1390379EEC27F81F95C181548A11E13AD51D2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:32.0226 0x0768  usbccgp - ok
23:03:32.0257 0x0768  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:03:32.0273 0x0768  usbcir - ok
23:03:32.0304 0x0768  [ 44245742C4ED2EAFD69020583424455B, 143E7ADD24C2839D90916533B51AAB221DC0CEB088C0496BB7054CDC553C3A20 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:03:32.0320 0x0768  usbehci - ok
23:03:32.0351 0x0768  [ DB39B3F83AF77BCA019D7DF6AADDBDAE, D3FAD71C8BA3850D7AF732DC76550E4A2C83A250A7E11480A915E458676BD36E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:03:32.0382 0x0768  usbhub - ok
23:03:32.0413 0x0768  [ 5FEE2A4AAAEBCD2E6576E7C90959B3FD, B5BC6BAA54A229A6AB3324F080EC441B27E2F8AE6E08A0DE3A19EA2CF9C228F6 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:03:32.0429 0x0768  usbohci - ok
23:03:32.0460 0x0768  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:03:32.0476 0x0768  usbprint - ok
23:03:32.0538 0x0768  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:03:32.0554 0x0768  usbscan - ok
23:03:32.0585 0x0768  [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:32.0601 0x0768  USBSTOR - ok
23:03:32.0647 0x0768  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:03:32.0663 0x0768  usbuhci - ok
23:03:32.0710 0x0768  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:03:32.0725 0x0768  usbvideo - ok
23:03:32.0757 0x0768  [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
23:03:32.0757 0x0768  UxSms - ok
23:03:32.0803 0x0768  [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
23:03:32.0819 0x0768  vds - ok
23:03:32.0897 0x0768  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:32.0913 0x0768  vga - ok
23:03:32.0944 0x0768  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:03:32.0959 0x0768  VgaSave - ok
23:03:33.0006 0x0768  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:03:33.0022 0x0768  viaagp - ok
23:03:33.0037 0x0768  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:03:33.0038 0x0768  ViaC7 - ok
23:03:33.0070 0x0768  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
23:03:33.0085 0x0768  viaide - ok
23:03:33.0116 0x0768  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:03:33.0132 0x0768  volmgr - ok
23:03:33.0179 0x0768  [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:03:33.0210 0x0768  volmgrx - ok
23:03:33.0226 0x0768  [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:03:33.0241 0x0768  volsnap - ok
23:03:33.0288 0x0768  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:03:33.0304 0x0768  vsmraid - ok
23:03:33.0569 0x0768  [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
23:03:33.0694 0x0768  VSS - ok
23:03:33.0756 0x0768  [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
23:03:33.0787 0x0768  W32Time - ok
23:03:33.0818 0x0768  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:03:33.0834 0x0768  WacomPen - ok
23:03:33.0865 0x0768  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:03:33.0896 0x0768  Wanarp - ok
23:03:33.0928 0x0768  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:03:33.0928 0x0768  Wanarpv6 - ok
23:03:33.0990 0x0768  [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:03:34.0052 0x0768  wcncsvc - ok
23:03:34.0084 0x0768  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:34.0099 0x0768  WcsPlugInService - ok
23:03:34.0115 0x0768  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
23:03:34.0146 0x0768  Wd - ok
23:03:34.0286 0x0768  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:03:34.0349 0x0768  Wdf01000 - ok
23:03:34.0396 0x0768  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:03:34.0411 0x0768  WdiServiceHost - ok
23:03:34.0427 0x0768  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:03:34.0442 0x0768  WdiSystemHost - ok
23:03:34.0489 0x0768  [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
23:03:34.0505 0x0768  WebClient - ok
23:03:34.0552 0x0768  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:03:34.0567 0x0768  Wecsvc - ok
23:03:34.0614 0x0768  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:03:34.0630 0x0768  wercplsupport - ok
23:03:34.0708 0x0768  [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:03:34.0708 0x0768  WerSvc - ok
23:03:34.0879 0x0768  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:03:34.0910 0x0768  WinDefend - ok
23:03:34.0926 0x0768  WinHttpAutoProxySvc - ok
23:03:35.0051 0x0768  [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:03:35.0113 0x0768  Winmgmt - ok
23:03:35.0238 0x0768  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:03:35.0316 0x0768  WinRM - ok
23:03:35.0456 0x0768  [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:03:35.0503 0x0768  Wlansvc - ok
23:03:35.0534 0x0768  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:03:35.0534 0x0768  WmiAcpi - ok
23:03:35.0612 0x0768  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:03:35.0659 0x0768  wmiApSrv - ok
23:03:35.0924 0x0768  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:36.0018 0x0768  WMPNetworkSvc - ok
23:03:36.0065 0x0768  [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:03:36.0080 0x0768  WPCSvc - ok
23:03:36.0127 0x0768  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:03:36.0127 0x0768  WPDBusEnum - ok
23:03:36.0190 0x0768  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:03:36.0205 0x0768  WpdUsb - ok
23:03:36.0502 0x0768  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:36.0533 0x0768  WPFFontCache_v0400 - ok
23:03:36.0580 0x0768  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:03:36.0595 0x0768  ws2ifsl - ok
23:03:36.0642 0x0768  [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:03:36.0658 0x0768  wscsvc - ok
23:03:36.0658 0x0768  WSearch - ok
23:03:37.0126 0x0768  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:03:37.0266 0x0768  wuauserv - ok
23:03:37.0328 0x0768  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:37.0344 0x0768  WUDFRd - ok
23:03:37.0391 0x0768  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:03:37.0406 0x0768  wudfsvc - ok
23:03:37.0438 0x0768  ================ Scan global ===============================
23:03:37.0469 0x0768  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:03:37.0594 0x0768  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:03:37.0609 0x0768  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:03:37.0718 0x0768  [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
23:03:37.0734 0x0768  [ Global ] - ok
23:03:37.0734 0x0768  ================ Scan MBR ==================================
23:03:37.0765 0x0768  [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0
23:03:41.0150 0x0768  \Device\Harddisk0\DR0 - ok
23:03:41.0150 0x0768  ================ Scan VBR ==================================
23:03:41.0166 0x0768  [ 43D87206C057BCE97569830AF6F4007B ] \Device\Harddisk0\DR0\Partition1
23:03:41.0213 0x0768  \Device\Harddisk0\DR0\Partition1 - ok
23:03:41.0244 0x0768  [ 0983BC0F70EBA7ECAEB0375F4B675ACD ] \Device\Harddisk0\DR0\Partition2
23:03:41.0275 0x0768  \Device\Harddisk0\DR0\Partition2 - ok
23:03:41.0291 0x0768
         

Alt 23.03.2015, 22:18   #12
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



(Teil2)

Code:
ATTFilter
================ Scan generic autorun ======================
23:03:41.0384 0x0768  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:03:41.0462 0x0768  Windows Defender - ok
23:03:41.0868 0x0768  [ C459786D07FEAD5717DD1AC287BB2519, 05858DD2145B7822959FCB0B8132A1D0BD3CA05DEF40F85008EB0C1F02FE29EF ] C:\Windows\RtHDVCpl.exe
23:03:42.0055 0x0768  RtHDVCpl - ok
23:03:42.0242 0x0768  [ 19D93154C82FE39A99B269CED1056A92, 1E3EE58A7B5F24402A26A4DE0BF0C4F4D14629BB22174A7D81E305486584C1F2 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:03:42.0289 0x0768  SynTPEnh - ok
23:03:42.0320 0x0768  [ 6882D187F65ECA79110848A68FDEB2BF, 1BE59945F6D5040E9675DC31C27AD230D4C2C02B84BD4E16AB459D04D9B9E7B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
23:03:42.0336 0x0768  BkupTray - ok
23:03:42.0383 0x0768  [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:03:42.0398 0x0768  Adobe Reader Speed Launcher - ok
23:03:42.0414 0x0768  NvCplDaemon - ok
23:03:42.0414 0x0768  NvMediaCenter - ok
23:03:42.0445 0x0768  [ E3CC162D68C5443C98FA67D34D1EDFDF, 5BBD2706373CF6A07E6BA0ADC4BA9DC4152A6D3599FBC3F8FA96365949AE8F73 ] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
23:03:42.0461 0x0768  WarReg_PopUp - ok
23:03:42.0523 0x0768  [ 5676E75F98FF8E0F81DFF604A09288BB, 4A0F928EC4A76EF479DA418E613D560DDF0BC1BAE11F28214B181129781392E6 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
23:03:42.0539 0x0768  TkBellExe - ok
23:03:42.0554 0x0768  Seagull Drivers - ok
23:03:42.0601 0x0768  [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:03:42.0632 0x0768  SunJavaUpdateSched - ok
23:03:42.0679 0x0768  [ CA1930CFDA3D4FCEDA5ADD18EB8A3B34, 91A8DC83D6A3F79F17680FF1E7714876199EC73DE8766E2A17FC657D765DFE84 ] C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe
23:03:42.0710 0x0768  PDF7 Registry Controller - ok
23:03:42.0757 0x0768  [ 8F28FBD3B4D76E8A7FD5C6931F33A108, 417B62C25437BA7A266FEB2E4948AC01A0E36ECE04F2373C7BBCD3F8C20090C4 ] C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe
23:03:42.0788 0x0768  Nuance PDF Converter 7-reminder - ok
23:03:42.0866 0x0768  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
23:03:42.0913 0x0768  QuickTime Task - ok
23:03:42.0976 0x0768  [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
23:03:43.0007 0x0768  iTunesHelper - ok
23:03:43.0178 0x0768  [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
23:03:43.0241 0x0768  avgnt - ok
23:03:43.0366 0x0768  [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
23:03:43.0366 0x0768  Avira Systray - ok
23:03:43.0522 0x0768  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:43.0646 0x0768  Sidebar - ok
23:03:43.0662 0x0768  WindowsWelcomeCenter - ok
23:03:43.0740 0x0768  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:43.0771 0x0768  Sidebar - ok
23:03:43.0771 0x0768  WindowsWelcomeCenter - ok
23:03:43.0834 0x0768  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:03:43.0865 0x0768  ehTray.exe - ok
23:03:43.0880 0x0768  TomTomHOME.exe - ok
23:03:43.0958 0x0768  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
23:03:43.0990 0x0768  ISUSPM - ok
23:03:44.0005 0x0768  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:03:44.0036 0x0768  WMPNSCFG - ok
23:03:44.0036 0x0768  Waiting for KSN requests completion. In queue: 19
23:03:45.0222 0x0768  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41010 ( enabled : outofdate )
23:03:45.0284 0x0768  Win FW state via NFP2: enabled
23:03:45.0550 0x0768  ============================================================
23:03:45.0550 0x0768  Scan finished
23:03:45.0550 0x0768  ============================================================
23:03:45.0565 0x0758  Detected object count: 0
23:03:45.0565 0x0758  Actual detected object count: 0
23:04:45.0030 0x14e0  ============================================================
23:04:45.0030 0x14e0  Scan started
23:04:45.0030 0x14e0  Mode: Manual; SigCheck; TDLFS; 
23:04:45.0030 0x14e0  ============================================================
23:04:45.0030 0x14e0  KSN ping started
23:04:45.0248 0x14e0  KSN ping finished: true
23:04:45.0685 0x14e0  ================ Scan system memory ========================
23:04:45.0685 0x14e0  System memory - ok
23:04:45.0685 0x14e0  ================ Scan services =============================
23:04:45.0763 0x14e0  [ F73DB97453B47B805B73A98023961505, 483F82A46AD73B3736F63CC5B473E0D47D04F1B4A3B40A49024165ACC2CC98FD ] AAV UpdateService C:\Program Files\Common Files\AAV\aavus.exe
23:04:45.0881 0x14e0  AAV UpdateService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:45.0881 0x14e0  Detect skipped due to KSN trusted
23:04:45.0881 0x14e0  AAV UpdateService - ok
23:04:46.0037 0x14e0  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:04:46.0099 0x14e0  ACPI - ok
23:04:46.0177 0x14e0  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:46.0208 0x14e0  AdobeFlashPlayerUpdateSvc - ok
23:04:46.0271 0x14e0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:04:46.0318 0x14e0  adp94xx - ok
23:04:46.0364 0x14e0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:04:46.0380 0x14e0  adpahci - ok
23:04:46.0411 0x14e0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:04:46.0427 0x14e0  adpu160m - ok
23:04:46.0458 0x14e0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:04:46.0489 0x14e0  adpu320 - ok
23:04:46.0504 0x14e0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:04:46.0625 0x14e0  AeLookupSvc - ok
23:04:46.0656 0x14e0  [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
23:04:46.0741 0x14e0  AFD - ok
23:04:46.0797 0x14e0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:04:46.0798 0x14e0  agp440 - ok
23:04:46.0842 0x14e0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:04:46.0857 0x14e0  aic78xx - ok
23:04:46.0893 0x14e0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
23:04:46.0934 0x14e0  ALG - ok
23:04:46.0956 0x14e0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
23:04:46.0967 0x14e0  aliide - ok
23:04:46.0990 0x14e0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:04:47.0002 0x14e0  amdagp - ok
23:04:47.0047 0x14e0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
23:04:47.0048 0x14e0  amdide - ok
23:04:47.0085 0x14e0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:04:47.0164 0x14e0  AmdK7 - ok
23:04:47.0166 0x14e0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:04:47.0216 0x14e0  AmdK8 - ok
23:04:47.0385 0x14e0  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:04:47.0431 0x14e0  AntiVirSchedulerService - ok
23:04:47.0459 0x14e0  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:04:47.0529 0x14e0  AntiVirService - ok
23:04:47.0556 0x14e0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
23:04:47.0613 0x14e0  Appinfo - ok
23:04:47.0713 0x14e0  [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:04:47.0728 0x14e0  Apple Mobile Device - ok
23:04:47.0764 0x14e0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
23:04:47.0764 0x14e0  arc - ok
23:04:47.0796 0x14e0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:04:47.0811 0x14e0  arcsas - ok
23:04:47.0827 0x14e0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:47.0885 0x14e0  AsyncMac - ok
23:04:47.0916 0x14e0  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:04:47.0932 0x14e0  atapi - ok
23:04:47.0963 0x14e0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:04:48.0025 0x14e0  AudioEndpointBuilder - ok
23:04:48.0041 0x14e0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:04:48.0065 0x14e0  Audiosrv - ok
23:04:48.0114 0x14e0  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:04:48.0161 0x14e0  avgntflt - ok
23:04:48.0207 0x14e0  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:04:48.0223 0x14e0  avipbb - ok
23:04:48.0350 0x14e0  [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
23:04:48.0381 0x14e0  Avira.OE.ServiceHost - ok
23:04:48.0412 0x14e0  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:04:48.0428 0x14e0  avkmgr - ok
23:04:48.0475 0x14e0  [ 6FB43F0DADB3FDC287D080C19666AF8D, D2AA2172CEAF5954E4F04728D1BC9EA7C47A20E8918E876287FC766895FB617A ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:04:48.0537 0x14e0  b57nd60x - ok
23:04:48.0600 0x14e0  [ C38077D14ADF896EE1E1DBBCBCF77E14, 93CAEB3C124277D4C9D4E4622AB2213ECC60AAFFA754197297583431EDAE0472 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
23:04:48.0705 0x14e0  BCM43XX - ok
23:04:48.0763 0x14e0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:04:48.0827 0x14e0  Beep - ok
23:04:48.0880 0x14e0  [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE             C:\Windows\System32\bfe.dll
23:04:48.0965 0x14e0  BFE - ok
23:04:49.0012 0x14e0  [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\System32\qmgr.dll
23:04:49.0105 0x14e0  BITS - ok
23:04:49.0137 0x14e0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:04:49.0183 0x14e0  blbdrive - ok
23:04:49.0246 0x14e0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:04:49.0293 0x14e0  Bonjour Service - ok
23:04:49.0355 0x14e0  [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:04:49.0417 0x14e0  bowser - ok
23:04:49.0449 0x14e0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:04:49.0511 0x14e0  BrFiltLo - ok
23:04:49.0542 0x14e0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:04:49.0605 0x14e0  BrFiltUp - ok
23:04:49.0636 0x14e0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
23:04:49.0714 0x14e0  Browser - ok
23:04:49.0761 0x14e0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:04:49.0948 0x14e0  Brserid - ok
23:04:49.0979 0x14e0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:04:50.0042 0x14e0  BrSerWdm - ok
23:04:50.0059 0x14e0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:04:50.0166 0x14e0  BrUsbMdm - ok
23:04:50.0191 0x14e0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:04:50.0270 0x14e0  BrUsbSer - ok
23:04:50.0308 0x14e0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:04:50.0401 0x14e0  BTHMODEM - ok
23:04:50.0478 0x14e0  [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
23:04:50.0478 0x14e0  BUNAgentSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:04:50.0478 0x14e0  Detect skipped due to KSN trusted
23:04:50.0478 0x14e0  BUNAgentSvc - ok
23:04:50.0493 0x14e0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:04:50.0540 0x14e0  cdfs - ok
23:04:50.0571 0x14e0  [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:04:50.0603 0x14e0  cdrom - ok
23:04:50.0634 0x14e0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:04:50.0681 0x14e0  CertPropSvc - ok
23:04:50.0712 0x14e0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:04:50.0743 0x14e0  circlass - ok
23:04:50.0774 0x14e0  [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
23:04:50.0805 0x14e0  CLFS - ok
23:04:50.0899 0x14e0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:50.0915 0x14e0  clr_optimization_v2.0.50727_32 - ok
23:04:50.0959 0x14e0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:50.0986 0x14e0  clr_optimization_v4.0.30319_32 - ok
23:04:51.0022 0x14e0  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:51.0132 0x14e0  CmBatt - ok
23:04:51.0164 0x14e0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:04:51.0183 0x14e0  cmdide - ok
23:04:51.0327 0x14e0  [ B80751FE12E2FEF90AA0960AE7358E89, 906D83FB63BD1814731E92257B8FD5381225EA4CFA76D91045F2C00278F5A58E ] ComodoBackupService C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
23:04:51.0483 0x14e0  ComodoBackupService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:51.0483 0x14e0  Detect skipped due to KSN trusted
23:04:51.0483 0x14e0  ComodoBackupService - ok
23:04:51.0514 0x14e0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:04:51.0529 0x14e0  Compbatt - ok
23:04:51.0545 0x14e0  COMSysApp - ok
23:04:51.0561 0x14e0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:04:51.0576 0x14e0  crcdisk - ok
23:04:51.0607 0x14e0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:04:51.0670 0x14e0  Crusoe - ok
23:04:51.0717 0x14e0  [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:04:51.0763 0x14e0  CryptSvc - ok
23:04:51.0826 0x14e0  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:04:51.0888 0x14e0  DcomLaunch - ok
23:04:51.0935 0x14e0  [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:04:51.0966 0x14e0  DfsC - ok
23:04:52.0153 0x14e0  [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
23:04:52.0294 0x14e0  DFSR - ok
23:04:52.0341 0x14e0  [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:04:52.0403 0x14e0  Dhcp - ok
23:04:52.0434 0x14e0  [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
23:04:52.0450 0x14e0  disk - ok
23:04:52.0450 0x14e0  DKbFltr - ok
23:04:52.0512 0x14e0  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:04:52.0559 0x14e0  Dnscache - ok
23:04:52.0606 0x14e0  [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
23:04:52.0684 0x14e0  dot3svc - ok
23:04:52.0731 0x14e0  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:04:52.0809 0x14e0  Dot4 - ok
23:04:52.0824 0x14e0  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:04:52.0887 0x14e0  Dot4Print - ok
23:04:52.0933 0x14e0  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:04:53.0011 0x14e0  dot4usb - ok
23:04:53.0043 0x14e0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
23:04:53.0105 0x14e0  DPS - ok
23:04:53.0136 0x14e0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:04:53.0167 0x14e0  drmkaud - ok
23:04:53.0230 0x14e0  [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:04:53.0386 0x14e0  DXGKrnl - ok
23:04:53.0417 0x14e0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:04:53.0464 0x14e0  E1G60 - ok
23:04:53.0495 0x14e0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
23:04:53.0542 0x14e0  EapHost - ok
23:04:53.0557 0x14e0  [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:04:53.0573 0x14e0  Ecache - ok
23:04:53.0651 0x14e0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:04:53.0667 0x14e0  ehRecvr - ok
23:04:53.0698 0x14e0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
23:04:53.0745 0x14e0  ehSched - ok
23:04:53.0776 0x14e0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
23:04:53.0791 0x14e0  ehstart - ok
23:04:53.0838 0x14e0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:04:53.0854 0x14e0  elxstor - ok
23:04:53.0916 0x14e0  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:04:54.0010 0x14e0  EMDMgmt - ok
23:04:54.0025 0x14e0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:04:54.0072 0x14e0  ErrDev - ok
23:04:54.0135 0x14e0  [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService       C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
23:04:54.0150 0x14e0  ETService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:54.0150 0x14e0  Detect skipped due to KSN trusted
23:04:54.0150 0x14e0  ETService - ok
23:04:54.0213 0x14e0  [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
23:04:54.0259 0x14e0  EventSystem - ok
23:04:54.0291 0x14e0  [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:04:54.0337 0x14e0  exfat - ok
23:04:54.0369 0x14e0  [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:04:54.0415 0x14e0  fastfat - ok
23:04:54.0447 0x14e0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:04:54.0493 0x14e0  fdc - ok
23:04:54.0525 0x14e0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
23:04:54.0571 0x14e0  fdPHost - ok
23:04:54.0571 0x14e0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:04:54.0634 0x14e0  FDResPub - ok
23:04:54.0665 0x14e0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:04:54.0681 0x14e0  FileInfo - ok
23:04:54.0712 0x14e0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:04:54.0759 0x14e0  Filetrace - ok
23:04:54.0821 0x14e0  [ 6B82884EED135613E3E560204DB4242D, A56FF600CBFC02B0E5E7C0180F3221E3BEF3102DC6877074FBFA90502F886478 ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
23:04:54.0821 0x14e0  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
23:04:54.0821 0x14e0  Detect skipped due to KSN trusted
23:04:54.0821 0x14e0  FirebirdGuardianDefaultInstance - ok
23:04:55.0086 0x14e0  [ ECD2FFCFE1C21C00E0DE0B0866EDDF38, 1DA942358F97518E68057093C86157A441140517F1B04AB75E20C44F2CED7563 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
23:04:55.0398 0x14e0  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
23:04:55.0398 0x14e0  Detect skipped due to KSN trusted
23:04:55.0398 0x14e0  FirebirdServerDefaultInstance - ok
23:04:55.0429 0x14e0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:04:55.0461 0x14e0  flpydisk - ok
23:04:55.0507 0x14e0  [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:04:55.0523 0x14e0  FltMgr - ok
23:04:55.0601 0x14e0  [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:04:55.0617 0x14e0  FontCache3.0.0.0 - ok
23:04:55.0648 0x14e0  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:04:55.0679 0x14e0  Fs_Rec - ok
23:04:55.0726 0x14e0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:04:55.0726 0x14e0  gagp30kx - ok
23:04:55.0773 0x14e0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:04:55.0773 0x14e0  GEARAspiWDM - ok
23:04:55.0851 0x14e0  [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:04:55.0960 0x14e0  gpsvc - ok
23:04:56.0022 0x14e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:04:56.0038 0x14e0  gupdate - ok
23:04:56.0038 0x14e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:04:56.0053 0x14e0  gupdatem - ok
23:04:56.0100 0x14e0  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:04:56.0178 0x14e0  HdAudAddService - ok
23:04:56.0194 0x14e0  [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:56.0241 0x14e0  HDAudBus - ok
23:04:56.0256 0x14e0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:04:56.0334 0x14e0  HidBth - ok
23:04:56.0350 0x14e0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:04:56.0412 0x14e0  HidIr - ok
23:04:56.0459 0x14e0  [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\system32\hidserv.dll
23:04:56.0524 0x14e0  hidserv - ok
23:04:56.0540 0x14e0  [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:04:56.0587 0x14e0  HidUsb - ok
23:04:56.0618 0x14e0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:04:56.0665 0x14e0  hkmsvc - ok
23:04:56.0712 0x14e0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:04:56.0727 0x14e0  HpCISSs - ok
23:04:56.0790 0x14e0  [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:04:56.0899 0x14e0  HTTP - ok
23:04:56.0914 0x14e0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:04:56.0930 0x14e0  i2omp - ok
23:04:56.0977 0x14e0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:57.0024 0x14e0  i8042prt - ok
23:04:57.0070 0x14e0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:04:57.0086 0x14e0  iaStorV - ok
23:04:57.0224 0x14e0  [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:04:57.0302 0x14e0  idsvc - ok
23:04:57.0349 0x14e0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:04:57.0364 0x14e0  iirsp - ok
23:04:57.0411 0x14e0  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:04:57.0473 0x14e0  IKEEXT - ok
23:04:57.0536 0x14e0  [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15           C:\Windows\system32\drivers\int15.sys
23:04:57.0551 0x14e0  int15 - ok
23:04:57.0676 0x14e0  [ FE912E4A9719A9792669DEBB403CB9B1, C3C7F4B98B6EC5266AF29B9AC8373424D8A5035CDFF60DB85DB336819BFE8F39 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:04:57.0785 0x14e0  IntcAzAudAddService - ok
23:04:57.0848 0x14e0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
23:04:57.0848 0x14e0  intelide - ok
23:04:57.0879 0x14e0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:04:57.0926 0x14e0  intelppm - ok
23:04:57.0988 0x14e0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:04:58.0066 0x14e0  IPBusEnum - ok
23:04:58.0082 0x14e0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:58.0147 0x14e0  IpFilterDriver - ok
23:04:58.0178 0x14e0  [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:04:58.0225 0x14e0  iphlpsvc - ok
23:04:58.0240 0x14e0  IpInIp - ok
23:04:58.0287 0x14e0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:04:58.0318 0x14e0  IPMIDRV - ok
23:04:58.0319 0x14e0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:04:58.0389 0x14e0  IPNAT - ok
23:04:58.0436 0x14e0  [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:04:58.0452 0x14e0  iPod Service - ok
23:04:58.0476 0x14e0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:04:58.0512 0x14e0  IRENUM - ok
23:04:58.0564 0x14e0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:04:58.0577 0x14e0  isapnp - ok
23:04:58.0644 0x14e0  [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:04:58.0645 0x14e0  iScsiPrt - ok
23:04:58.0660 0x14e0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:04:58.0675 0x14e0  iteatapi - ok
23:04:58.0699 0x14e0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:04:58.0712 0x14e0  iteraid - ok
23:04:58.0749 0x14e0  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:04:58.0762 0x14e0  IviRegMgr - ok
23:04:58.0814 0x14e0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:58.0829 0x14e0  kbdclass - ok
23:04:58.0845 0x14e0  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:58.0907 0x14e0  kbdhid - ok
23:04:58.0923 0x14e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
23:04:58.0954 0x14e0  KeyIso - ok
23:04:59.0016 0x14e0  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:04:59.0064 0x14e0  KSecDD - ok
23:04:59.0129 0x14e0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:04:59.0254 0x14e0  KtmRm - ok
23:04:59.0272 0x14e0  [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:04:59.0312 0x14e0  LanmanServer - ok
23:04:59.0367 0x14e0  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:04:59.0426 0x14e0  LanmanWorkstation - ok
23:04:59.0494 0x14e0  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:04:59.0504 0x14e0  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
23:04:59.0504 0x14e0  Detect skipped due to KSN trusted
23:04:59.0504 0x14e0  LightScribeService - ok
23:04:59.0532 0x14e0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:04:59.0576 0x14e0  lltdio - ok
23:04:59.0629 0x14e0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:04:59.0691 0x14e0  lltdsvc - ok
23:04:59.0707 0x14e0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:04:59.0785 0x14e0  lmhosts - ok
23:04:59.0816 0x14e0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:04:59.0831 0x14e0  LSI_FC - ok
23:04:59.0878 0x14e0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:04:59.0878 0x14e0  LSI_SAS - ok
23:04:59.0909 0x14e0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:04:59.0925 0x14e0  LSI_SCSI - ok
23:04:59.0941 0x14e0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:04:59.0987 0x14e0  luafv - ok
23:05:00.0034 0x14e0  [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
23:05:00.0050 0x14e0  mbamchameleon - ok
23:05:00.0062 0x14e0  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:05:00.0103 0x14e0  MBAMSwissArmy - ok
23:05:00.0134 0x14e0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:05:00.0165 0x14e0  Mcx2Svc - ok
23:05:00.0212 0x14e0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
23:05:00.0228 0x14e0  megasas - ok
23:05:00.0259 0x14e0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:05:00.0297 0x14e0  MegaSR - ok
23:05:00.0344 0x14e0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
23:05:00.0406 0x14e0  MMCSS - ok
23:05:00.0422 0x14e0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
23:05:00.0469 0x14e0  Modem - ok
23:05:00.0500 0x14e0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:05:00.0531 0x14e0  monitor - ok
23:05:00.0562 0x14e0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:05:00.0578 0x14e0  mouclass - ok
23:05:00.0594 0x14e0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:05:00.0640 0x14e0  mouhid - ok
23:05:00.0656 0x14e0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:05:00.0672 0x14e0  MountMgr - ok
23:05:00.0734 0x14e0  [ 8446B9C86C11F94502BC55321637FDE9, D04BAF2FB69526BB6B4182FB7284F61E311CEB313142C3A46BD2741D515457CF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:05:00.0750 0x14e0  MozillaMaintenance - ok
23:05:00.0765 0x14e0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:05:00.0781 0x14e0  mpio - ok
23:05:00.0812 0x14e0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:05:00.0843 0x14e0  mpsdrv - ok
23:05:00.0890 0x14e0  [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:05:00.0968 0x14e0  MpsSvc - ok
23:05:01.0015 0x14e0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:05:01.0030 0x14e0  Mraid35x - ok
23:05:01.0062 0x14e0  [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:05:01.0108 0x14e0  MRxDAV - ok
23:05:01.0155 0x14e0  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:01.0233 0x14e0  mrxsmb - ok
23:05:01.0249 0x14e0  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:01.0327 0x14e0  mrxsmb10 - ok
23:05:01.0342 0x14e0  [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:01.0374 0x14e0  mrxsmb20 - ok
23:05:01.0390 0x14e0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:05:01.0398 0x14e0  msahci - ok
23:05:01.0422 0x14e0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:05:01.0435 0x14e0  msdsm - ok
23:05:01.0492 0x14e0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
23:05:01.0539 0x14e0  MSDTC - ok
23:05:01.0570 0x14e0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:05:01.0603 0x14e0  Msfs - ok
23:05:01.0614 0x14e0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:05:01.0632 0x14e0  msisadrv - ok
23:05:01.0670 0x14e0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:05:01.0729 0x14e0  MSiSCSI - ok
23:05:01.0734 0x14e0  msiserver - ok
23:05:01.0769 0x14e0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:05:01.0814 0x14e0  MSKSSRV - ok
23:05:01.0837 0x14e0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:01.0873 0x14e0  MSPCLOCK - ok
23:05:01.0892 0x14e0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:05:01.0923 0x14e0  MSPQM - ok
23:05:01.0961 0x14e0  [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:05:01.0977 0x14e0  MsRPC - ok
23:05:02.0031 0x14e0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:02.0046 0x14e0  mssmbios - ok
23:05:02.0062 0x14e0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:05:02.0093 0x14e0  MSTEE - ok
23:05:02.0109 0x14e0  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:05:02.0124 0x14e0  Mup - ok
23:05:02.0202 0x14e0  [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
23:05:02.0249 0x14e0  napagent - ok
23:05:02.0280 0x14e0  [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:05:02.0312 0x14e0  NativeWifiP - ok
23:05:02.0358 0x14e0  [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:05:02.0390 0x14e0  NDIS - ok
23:05:02.0421 0x14e0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:02.0452 0x14e0  NdisTapi - ok
23:05:02.0468 0x14e0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:02.0484 0x14e0  Ndisuio - ok
23:05:02.0514 0x14e0  [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:02.0552 0x14e0  NdisWan - ok
23:05:02.0574 0x14e0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:05:02.0600 0x14e0  NDProxy - ok
23:05:02.0645 0x14e0  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:05:02.0655 0x14e0  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:05:02.0655 0x14e0  Detect skipped due to KSN trusted
23:05:02.0655 0x14e0  Net Driver HPZ12 - ok
23:05:02.0663 0x14e0  Netaapl - ok
23:05:02.0690 0x14e0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:05:02.0738 0x14e0  NetBIOS - ok
23:05:02.0776 0x14e0  [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:05:02.0818 0x14e0  netbt - ok
23:05:02.0837 0x14e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
23:05:02.0854 0x14e0  Netlogon - ok
23:05:02.0907 0x14e0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
23:05:02.0954 0x14e0  Netman - ok
23:05:03.0032 0x14e0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
23:05:03.0079 0x14e0  netprofm - ok
23:05:03.0096 0x14e0  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:05:03.0131 0x14e0  NetTcpPortSharing - ok
23:05:03.0178 0x14e0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:05:03.0194 0x14e0  nfrd960 - ok
23:05:03.0209 0x14e0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:05:03.0256 0x14e0  NlaSvc - ok
23:05:03.0272 0x14e0  [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:05:03.0318 0x14e0  Npfs - ok
23:05:03.0350 0x14e0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
23:05:03.0381 0x14e0  nsi - ok
23:05:03.0396 0x14e0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:05:03.0443 0x14e0  nsiproxy - ok
23:05:03.0506 0x14e0  [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:05:03.0677 0x14e0  Ntfs - ok
23:05:03.0724 0x14e0  [ CB76F68BA0D57C5D25B538981B1C611C, D078ADEFCF1559EA86AFBD3F6766065EE12B85CF44736A87D4140FB0C480215E ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:05:03.0755 0x14e0  NTIBackupSvc - ok
23:05:03.0786 0x14e0  [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:05:03.0802 0x14e0  NTIDrvr - ok
23:05:03.0833 0x14e0  [ DF1C10A75DF7E50195FC417F88A33227, 1551A6243236FD46F34C6F2443A3CC78D5424D9BCECB8576227A9E0AC91EC804 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:05:03.0849 0x14e0  NTISchedulerSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:05:03.0849 0x14e0  Detect skipped due to KSN trusted
23:05:03.0849 0x14e0  NTISchedulerSvc - ok
23:05:03.0880 0x14e0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:05:03.0942 0x14e0  ntrigdigi - ok
23:05:03.0958 0x14e0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
23:05:04.0020 0x14e0  Null - ok
23:05:04.0473 0x14e0  [ EC0E8BC4CA37007DDB51F0DCC0C5472F, 38F04B90DDE98FCA37264CC7A71A7E42273CDFFE2C2571EB203522503B60213D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:05.0284 0x14e0  nvlddmkm - ok
23:05:05.0378 0x14e0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:05:05.0393 0x14e0  nvraid - ok
23:05:05.0424 0x14e0  [ 736054614AB962D4EC01EF4ABCE115F1, 64AB175B70FEE31367961469603D091E01FBC8F343099005FD06B2B9314655E0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
23:05:05.0471 0x14e0  nvsmu - ok
23:05:05.0502 0x14e0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:05:05.0518 0x14e0  nvstor - ok
23:05:05.0549 0x14e0  [ 1199B2052F7861C1D39C2318E70904C9, A3CAE98D7A4023487D6A118D070AFE00A2B8113DF89828F173C69255B2F3C267 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
23:05:05.0596 0x14e0  nvstor32 - ok
23:05:05.0643 0x14e0  [ 6A4BB2DDFA34BC3C4D20478B1F0E335C, 22DA3DFB91A0BA1A468F18C560FE636D3E99456E3499A55B52B6B3E3F1CCBB5E ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:05:05.0690 0x14e0  nvsvc - ok
23:05:05.0736 0x14e0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:05:05.0752 0x14e0  nv_agp - ok
23:05:05.0768 0x14e0  NwlnkFlt - ok
23:05:05.0783 0x14e0  NwlnkFwd - ok
23:05:05.0877 0x14e0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:05:05.0924 0x14e0  odserv - ok
23:05:05.0970 0x14e0  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:05:06.0033 0x14e0  ohci1394 - ok
23:05:06.0064 0x14e0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:06.0080 0x14e0  ose - ok
23:05:06.0126 0x14e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:05:06.0236 0x14e0  p2pimsvc - ok
23:05:06.0282 0x14e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:05:06.0329 0x14e0  p2psvc - ok
23:05:06.0376 0x14e0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
23:05:06.0470 0x14e0  Parport - ok
23:05:06.0501 0x14e0  [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:05:06.0516 0x14e0  partmgr - ok
23:05:06.0548 0x14e0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:05:06.0610 0x14e0  Parvdm - ok
23:05:06.0641 0x14e0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:05:06.0672 0x14e0  PcaSvc - ok
23:05:06.0704 0x14e0  [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
23:05:06.0719 0x14e0  pci - ok
23:05:06.0735 0x14e0  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:05:06.0766 0x14e0  pciide - ok
23:05:06.0782 0x14e0  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:05:06.0797 0x14e0  pcmcia - ok
23:05:06.0860 0x14e0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:05:06.0969 0x14e0  PEAUTH - ok
23:05:07.0125 0x14e0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
23:05:07.0281 0x14e0  pla - ok
23:05:07.0343 0x14e0  [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:05:07.0390 0x14e0  PlugPlay - ok
23:05:07.0452 0x14e0  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:05:07.0484 0x14e0  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:05:07.0484 0x14e0  Detect skipped due to KSN trusted
23:05:07.0484 0x14e0  Pml Driver HPZ12 - ok
23:05:07.0515 0x14e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:05:07.0577 0x14e0  PNRPAutoReg - ok
23:05:07.0608 0x14e0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:05:07.0686 0x14e0  PNRPsvc - ok
23:05:07.0764 0x14e0  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:05:07.0827 0x14e0  PolicyAgent - ok
23:05:07.0874 0x14e0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:05:07.0952 0x14e0  PptpMiniport - ok
23:05:07.0967 0x14e0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:05:08.0014 0x14e0  Processor - ok
23:05:08.0045 0x14e0  [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:05:08.0092 0x14e0  ProfSvc - ok
23:05:08.0108 0x14e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:05:08.0123 0x14e0  ProtectedStorage - ok
23:05:08.0139 0x14e0  [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:05:08.0186 0x14e0  PSched - ok
23:05:08.0295 0x14e0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:05:08.0357 0x14e0  ql2300 - ok
23:05:08.0388 0x14e0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:05:08.0404 0x14e0  ql40xx - ok
23:05:08.0451 0x14e0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
23:05:08.0482 0x14e0  QWAVE - ok
23:05:08.0498 0x14e0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:05:08.0529 0x14e0  QWAVEdrv - ok
23:05:08.0560 0x14e0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:05:08.0654 0x14e0  RasAcd - ok
23:05:08.0685 0x14e0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
23:05:08.0763 0x14e0  RasAuto - ok
23:05:08.0794 0x14e0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:08.0825 0x14e0  Rasl2tp - ok
23:05:08.0856 0x14e0  [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
23:05:08.0919 0x14e0  RasMan - ok
23:05:08.0934 0x14e0  [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:08.0997 0x14e0  RasPppoe - ok
23:05:09.0028 0x14e0  [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:05:09.0059 0x14e0  RasSstp - ok
23:05:09.0090 0x14e0  [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:05:09.0122 0x14e0  rdbss - ok
23:05:09.0153 0x14e0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:09.0200 0x14e0  RDPCDD - ok
23:05:09.0231 0x14e0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:05:09.0278 0x14e0  rdpdr - ok
23:05:09.0278 0x14e0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:05:09.0324 0x14e0  RDPENCDD - ok
23:05:09.0371 0x14e0  [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:05:09.0434 0x14e0  RDPWD - ok
23:05:09.0465 0x14e0  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
23:05:09.0465 0x14e0  regi - ok
23:05:09.0512 0x14e0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:05:09.0543 0x14e0  RemoteAccess - ok
23:05:09.0590 0x14e0  [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:05:09.0636 0x14e0  RemoteRegistry - ok
23:05:09.0652 0x14e0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
23:05:09.0683 0x14e0  RpcLocator - ok
23:05:09.0714 0x14e0  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs           C:\Windows\system32\rpcss.dll
23:05:09.0777 0x14e0  RpcSs - ok
23:05:09.0808 0x14e0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:05:09.0839 0x14e0  rspndr - ok
23:05:09.0855 0x14e0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
23:05:09.0870 0x14e0  SamSs - ok
23:05:09.0902 0x14e0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:05:09.0917 0x14e0  sbp2port - ok
23:05:09.0948 0x14e0  [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:05:09.0995 0x14e0  SCardSvr - ok
23:05:10.0058 0x14e0  [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
23:05:10.0104 0x14e0  Schedule - ok
23:05:10.0136 0x14e0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:05:10.0182 0x14e0  SCPolicySvc - ok
23:05:10.0229 0x14e0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:05:10.0276 0x14e0  SDRSVC - ok
23:05:10.0307 0x14e0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:05:10.0401 0x14e0  secdrv - ok
23:05:10.0432 0x14e0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
23:05:10.0479 0x14e0  seclogon - ok
23:05:10.0510 0x14e0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
23:05:10.0541 0x14e0  SENS - ok
23:05:10.0572 0x14e0  [ CB3E852B818946F396E35A976EE6B552, 2CA45BEBD2F607E66F13DBD23DE7FB4E0C74F9B93A649B270E96A97000B650CA ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
23:05:10.0604 0x14e0  Ser2pl - detected UnsignedFile.Multi.Generic ( 1 )
23:05:10.0604 0x14e0  Detect skipped due to KSN trusted
23:05:10.0604 0x14e0  Ser2pl - ok
23:05:10.0619 0x14e0  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:05:10.0682 0x14e0  Serenum - ok
23:05:10.0728 0x14e0  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
23:05:10.0791 0x14e0  Serial - ok
23:05:10.0806 0x14e0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:05:10.0838 0x14e0  sermouse - ok
23:05:10.0900 0x14e0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:05:10.0931 0x14e0  SessionEnv - ok
23:05:10.0962 0x14e0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:05:10.0994 0x14e0  sffdisk - ok
23:05:11.0009 0x14e0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:05:11.0056 0x14e0  sffp_mmc - ok
23:05:11.0087 0x14e0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:05:11.0118 0x14e0  sffp_sd - ok
23:05:11.0150 0x14e0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:05:11.0228 0x14e0  sfloppy - ok
23:05:11.0274 0x14e0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:05:11.0321 0x14e0  SharedAccess - ok
23:05:11.0352 0x14e0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:05:11.0384 0x14e0  ShellHWDetection - ok
23:05:11.0399 0x14e0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:05:11.0415 0x14e0  sisagp - ok
23:05:11.0446 0x14e0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:05:11.0446 0x14e0  SiSRaid2 - ok
23:05:11.0477 0x14e0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:05:11.0493 0x14e0  SiSRaid4 - ok
23:05:11.0680 0x14e0  [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
23:05:11.0867 0x14e0  slsvc - ok
23:05:11.0883 0x14e0  [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:05:11.0914 0x14e0  SLUINotify - ok
23:05:11.0930 0x14e0  [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:05:11.0961 0x14e0  Smb - ok
23:05:11.0992 0x14e0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:05:12.0008 0x14e0  SNMPTRAP - ok
23:05:12.0039 0x14e0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:05:12.0054 0x14e0  spldr - ok
23:05:12.0086 0x14e0  [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
23:05:12.0132 0x14e0  Spooler - ok
23:05:12.0195 0x14e0  [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:05:12.0242 0x14e0  srv - ok
23:05:12.0273 0x14e0  [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:05:12.0351 0x14e0  srv2 - ok
23:05:12.0382 0x14e0  [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:05:12.0429 0x14e0  srvnet - ok
23:05:12.0460 0x14e0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:05:12.0538 0x14e0  SSDPSRV - ok
23:05:12.0569 0x14e0  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:05:12.0585 0x14e0  ssmdrv - ok
23:05:12.0616 0x14e0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:05:12.0663 0x14e0  SstpSvc - ok
23:05:12.0694 0x14e0  [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
23:05:12.0741 0x14e0  stisvc - ok
23:05:12.0772 0x14e0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:05:12.0788 0x14e0  swenum - ok
23:05:12.0819 0x14e0  [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
23:05:12.0850 0x14e0  swprv - ok
23:05:12.0881 0x14e0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:05:12.0881 0x14e0  Symc8xx - ok
23:05:12.0912 0x14e0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:05:12.0928 0x14e0  Sym_hi - ok
23:05:12.0944 0x14e0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:05:12.0944 0x14e0  Sym_u3 - ok
23:05:12.0990 0x14e0  [ BF7AA84D5AF0FAA0978C840E63B17DBF, ED07F47BCD96B524F3E4EE01DB46D26FDB790167B7BA7C7097D75E10FE1144A4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:05:13.0006 0x14e0  SynTP - ok
23:05:13.0037 0x14e0  [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
23:05:13.0115 0x14e0  SysMain - ok
23:05:13.0146 0x14e0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:05:13.0178 0x14e0  TabletInputService - ok
23:05:13.0224 0x14e0  [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:05:13.0271 0x14e0  TapiSrv - ok
23:05:13.0287 0x14e0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
23:05:13.0365 0x14e0  TBS - ok
23:05:13.0427 0x14e0  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:05:13.0490 0x14e0  Tcpip - ok
23:05:13.0552 0x14e0  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:05:13.0614 0x14e0  Tcpip6 - ok
23:05:13.0661 0x14e0  [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:05:13.0755 0x14e0  tcpipreg - ok
23:05:13.0770 0x14e0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:05:13.0817 0x14e0  TDPIPE - ok
23:05:13.0833 0x14e0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:05:13.0864 0x14e0  TDTCP - ok
23:05:13.0895 0x14e0  [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:05:13.0942 0x14e0  tdx - ok
23:05:14.0238 0x14e0  [ F01CC856780524410EA86C07C39E5B77, 01C62D94D7FB7E411BAC2E2996BC09EBBDC0F3E03C62D06E1121DCB169AD6326 ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:05:14.0566 0x14e0  TeamViewer9 - ok
23:05:14.0613 0x14e0  [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:05:14.0644 0x14e0  teamviewervpn - ok
23:05:14.0691 0x14e0  [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:05:14.0706 0x14e0  TermDD - ok
23:05:14.0769 0x14e0  [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
23:05:14.0847 0x14e0  TermService - ok
23:05:14.0878 0x14e0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
23:05:14.0909 0x14e0  Themes - ok
23:05:14.0940 0x14e0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:05:14.0972 0x14e0  THREADORDER - ok
23:05:15.0003 0x14e0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
23:05:15.0050 0x14e0  TrkWks - ok
23:05:15.0112 0x14e0  [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:05:15.0159 0x14e0  TrustedInstaller - ok
23:05:15.0190 0x14e0  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:15.0237 0x14e0  tssecsrv - ok
23:05:15.0268 0x14e0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:05:15.0284 0x14e0  tunmp - ok
23:05:15.0299 0x14e0  [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:05:15.0315 0x14e0  tunnel - ok
23:05:15.0346 0x14e0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:05:15.0346 0x14e0  uagp35 - ok
23:05:15.0377 0x14e0  [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:05:15.0393 0x14e0  UBHelper - ok
23:05:15.0424 0x14e0  [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:05:15.0486 0x14e0  udfs - ok
23:05:15.0533 0x14e0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:05:15.0580 0x14e0  UI0Detect - ok
23:05:15.0611 0x14e0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:05:15.0611 0x14e0  uliagpkx - ok
23:05:15.0642 0x14e0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:05:15.0658 0x14e0  uliahci - ok
23:05:15.0674 0x14e0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:05:15.0689 0x14e0  UlSata - ok
23:05:15.0720 0x14e0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:05:15.0736 0x14e0  ulsata2 - ok
23:05:15.0752 0x14e0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:05:15.0798 0x14e0  umbus - ok
23:05:15.0845 0x14e0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
23:05:15.0923 0x14e0  upnphost - ok
23:05:15.0970 0x14e0  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:05:15.0986 0x14e0  USBAAPL - ok
23:05:16.0017 0x14e0  [ AFB10A231254A1920C3BB4A0D02E1CA6, 8B9748B9935812ED7F318733D9F1390379EEC27F81F95C181548A11E13AD51D2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:16.0064 0x14e0  usbccgp - ok
23:05:16.0095 0x14e0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:05:16.0173 0x14e0  usbcir - ok
23:05:16.0204 0x14e0  [ 44245742C4ED2EAFD69020583424455B, 143E7ADD24C2839D90916533B51AAB221DC0CEB088C0496BB7054CDC553C3A20 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:05:16.0220 0x14e0  usbehci - ok
23:05:16.0251 0x14e0  [ DB39B3F83AF77BCA019D7DF6AADDBDAE, D3FAD71C8BA3850D7AF732DC76550E4A2C83A250A7E11480A915E458676BD36E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:05:16.0282 0x14e0  usbhub - ok
23:05:16.0313 0x14e0  [ 5FEE2A4AAAEBCD2E6576E7C90959B3FD, B5BC6BAA54A229A6AB3324F080EC441B27E2F8AE6E08A0DE3A19EA2CF9C228F6 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:05:16.0344 0x14e0  usbohci - ok
23:05:16.0391 0x14e0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:05:16.0454 0x14e0  usbprint - ok
23:05:16.0485 0x14e0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:05:16.0532 0x14e0  usbscan - ok
23:05:16.0578 0x14e0  [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:16.0641 0x14e0  USBSTOR - ok
23:05:16.0688 0x14e0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:05:16.0750 0x14e0  usbuhci - ok
23:05:16.0781 0x14e0  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:05:16.0859 0x14e0  usbvideo - ok
23:05:16.0890 0x14e0  [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
23:05:16.0937 0x14e0  UxSms - ok
23:05:16.0968 0x14e0  [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
23:05:17.0031 0x14e0  vds - ok
23:05:17.0046 0x14e0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:17.0093 0x14e0  vga - ok
23:05:17.0124 0x14e0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:05:17.0171 0x14e0  VgaSave - ok
23:05:17.0187 0x14e0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:05:17.0202 0x14e0  viaagp - ok
23:05:17.0218 0x14e0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:05:17.0249 0x14e0  ViaC7 - ok
23:05:17.0280 0x14e0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
23:05:17.0280 0x14e0  viaide - ok
23:05:17.0312 0x14e0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:05:17.0327 0x14e0  volmgr - ok
23:05:17.0358 0x14e0  [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:05:17.0390 0x14e0  volmgrx - ok
23:05:17.0421 0x14e0  [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:05:17.0452 0x14e0  volsnap - ok
23:05:17.0483 0x14e0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:05:17.0499 0x14e0  vsmraid - ok
23:05:17.0592 0x14e0  [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
23:05:17.0670 0x14e0  VSS - ok
23:05:17.0717 0x14e0  [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
23:05:17.0764 0x14e0  W32Time - ok
23:05:17.0795 0x14e0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:05:17.0873 0x14e0  WacomPen - ok
23:05:17.0904 0x14e0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:05:17.0936 0x14e0  Wanarp - ok
23:05:17.0951 0x14e0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:05:17.0982 0x14e0  Wanarpv6 - ok
23:05:18.0014 0x14e0  [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:05:18.0045 0x14e0  wcncsvc - ok
23:05:18.0076 0x14e0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:05:18.0107 0x14e0  WcsPlugInService - ok
23:05:18.0138 0x14e0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
23:05:18.0138 0x14e0  Wd - ok
23:05:18.0216 0x14e0  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:05:18.0248 0x14e0  Wdf01000 - ok
23:05:18.0263 0x14e0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:05:18.0310 0x14e0  WdiServiceHost - ok
23:05:18.0310 0x14e0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:05:18.0357 0x14e0  WdiSystemHost - ok
23:05:18.0388 0x14e0  [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
23:05:18.0435 0x14e0  WebClient - ok
23:05:18.0466 0x14e0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:05:18.0497 0x14e0  Wecsvc - ok
23:05:18.0528 0x14e0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:05:18.0560 0x14e0  wercplsupport - ok
23:05:18.0591 0x14e0  [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:05:18.0606 0x14e0  WerSvc - ok
23:05:18.0669 0x14e0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:05:18.0700 0x14e0  WinDefend - ok
23:05:18.0716 0x14e0  WinHttpAutoProxySvc - ok
23:05:18.0794 0x14e0  [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:05:18.0840 0x14e0  Winmgmt - ok
23:05:18.0934 0x14e0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:05:18.0996 0x14e0  WinRM - ok
23:05:19.0074 0x14e0  [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:05:19.0152 0x14e0  Wlansvc - ok
23:05:19.0199 0x14e0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:19.0230 0x14e0  WmiAcpi - ok
23:05:19.0262 0x14e0  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:05:19.0308 0x14e0  wmiApSrv - ok
23:05:19.0386 0x14e0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:05:19.0449 0x14e0  WMPNetworkSvc - ok
23:05:19.0496 0x14e0  [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:05:19.0511 0x14e0  WPCSvc - ok
23:05:19.0542 0x14e0  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:05:19.0589 0x14e0  WPDBusEnum - ok
23:05:19.0620 0x14e0  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:05:19.0667 0x14e0  WpdUsb - ok
23:05:19.0792 0x14e0  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:05:19.0839 0x14e0  WPFFontCache_v0400 - ok
23:05:19.0886 0x14e0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:05:19.0932 0x14e0  ws2ifsl - ok
23:05:19.0964 0x14e0  [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:05:19.0979 0x14e0  wscsvc - ok
23:05:19.0995 0x14e0  WSearch - ok
23:05:20.0182 0x14e0  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:05:20.0338 0x14e0  wuauserv - ok
23:05:20.0385 0x14e0  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:20.0447 0x14e0  WUDFRd - ok
23:05:20.0478 0x14e0  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:05:20.0510 0x14e0  wudfsvc - ok
23:05:20.0541 0x14e0  ================ Scan global ===============================
23:05:20.0556 0x14e0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:05:20.0603 0x14e0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:05:20.0634 0x14e0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
23:05:20.0681 0x14e0  [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
23:05:20.0697 0x14e0  [ Global ] - ok
23:05:20.0697 0x14e0  ================ Scan MBR ==================================
23:05:20.0712 0x14e0  [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0
23:05:24.0238 0x14e0  \Device\Harddisk0\DR0 - ok
23:05:24.0238 0x14e0  ================ Scan VBR ==================================
23:05:24.0238 0x14e0  [ 43D87206C057BCE97569830AF6F4007B ] \Device\Harddisk0\DR0\Partition1
23:05:24.0285 0x14e0  \Device\Harddisk0\DR0\Partition1 - ok
23:05:24.0300 0x14e0  [ 0983BC0F70EBA7ECAEB0375F4B675ACD ] \Device\Harddisk0\DR0\Partition2
23:05:24.0332 0x14e0  \Device\Harddisk0\DR0\Partition2 - ok
23:05:24.0332 0x14e0  ================ Scan generic autorun ======================
23:05:24.0441 0x14e0  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:05:24.0519 0x14e0  Windows Defender - ok
23:05:24.0971 0x14e0  [ C459786D07FEAD5717DD1AC287BB2519, 05858DD2145B7822959FCB0B8132A1D0BD3CA05DEF40F85008EB0C1F02FE29EF ] C:\Windows\RtHDVCpl.exe
23:05:25.0455 0x14e0  RtHDVCpl - ok
23:05:25.0595 0x14e0  [ 19D93154C82FE39A99B269CED1056A92, 1E3EE58A7B5F24402A26A4DE0BF0C4F4D14629BB22174A7D81E305486584C1F2 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:05:25.0689 0x14e0  SynTPEnh - ok
23:05:25.0736 0x14e0  [ 6882D187F65ECA79110848A68FDEB2BF, 1BE59945F6D5040E9675DC31C27AD230D4C2C02B84BD4E16AB459D04D9B9E7B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
23:05:25.0751 0x14e0  BkupTray - ok
23:05:25.0814 0x14e0  [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:05:25.0829 0x14e0  Adobe Reader Speed Launcher - ok
23:05:25.0829 0x14e0  NvCplDaemon - ok
23:05:25.0845 0x14e0  NvMediaCenter - ok
23:05:25.0892 0x14e0  [ E3CC162D68C5443C98FA67D34D1EDFDF, 5BBD2706373CF6A07E6BA0ADC4BA9DC4152A6D3599FBC3F8FA96365949AE8F73 ] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
23:05:25.0907 0x14e0  WarReg_PopUp - detected UnsignedFile.Multi.Generic ( 1 )
23:05:25.0907 0x14e0  Detect skipped due to KSN trusted
23:05:25.0907 0x14e0  WarReg_PopUp - ok
23:05:25.0954 0x14e0  [ 5676E75F98FF8E0F81DFF604A09288BB, 4A0F928EC4A76EF479DA418E613D560DDF0BC1BAE11F28214B181129781392E6 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
23:05:25.0970 0x14e0  TkBellExe - ok
23:05:25.0970 0x14e0  Seagull Drivers - ok
23:05:26.0016 0x14e0  [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:05:26.0032 0x14e0  SunJavaUpdateSched - ok
23:05:26.0079 0x14e0  [ CA1930CFDA3D4FCEDA5ADD18EB8A3B34, 91A8DC83D6A3F79F17680FF1E7714876199EC73DE8766E2A17FC657D765DFE84 ] C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe
23:05:26.0094 0x14e0  PDF7 Registry Controller - ok
23:05:26.0141 0x14e0  [ 8F28FBD3B4D76E8A7FD5C6931F33A108, 417B62C25437BA7A266FEB2E4948AC01A0E36ECE04F2373C7BBCD3F8C20090C4 ] C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe
23:05:26.0172 0x14e0  Nuance PDF Converter 7-reminder - ok
23:05:26.0219 0x14e0  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
23:05:26.0250 0x14e0  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
23:05:26.0250 0x14e0  Detect skipped due to KSN trusted
23:05:26.0250 0x14e0  QuickTime Task - ok
23:05:26.0313 0x14e0  [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
23:05:26.0328 0x14e0  iTunesHelper - ok
23:05:26.0516 0x14e0  [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
23:05:26.0578 0x14e0  avgnt - ok
23:05:26.0703 0x14e0  [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
23:05:26.0734 0x14e0  Avira Systray - ok
23:05:26.0874 0x14e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:05:27.0030 0x14e0  Sidebar - ok
23:05:27.0030 0x14e0  WindowsWelcomeCenter - ok
23:05:27.0124 0x14e0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:05:27.0218 0x14e0  Sidebar - ok
23:05:27.0233 0x14e0  WindowsWelcomeCenter - ok
23:05:27.0296 0x14e0  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:05:27.0327 0x14e0  ehTray.exe - ok
23:05:27.0358 0x14e0  TomTomHOME.exe - ok
23:05:27.0436 0x14e0  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
23:05:27.0467 0x14e0  ISUSPM - ok
23:05:27.0483 0x14e0  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:05:27.0561 0x14e0  WMPNSCFG - ok
23:05:27.0576 0x14e0  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41010 ( enabled : outofdate )
23:05:27.0592 0x14e0  Win FW state via NFP2: enabled
23:05:27.0810 0x14e0  ============================================================
23:05:27.0810 0x14e0  Scan finished
23:05:27.0810 0x14e0  ============================================================
23:05:27.0826 0x14ec  Detected object count: 0
23:05:27.0826 0x14ec  Actual detected object count: 0
         
Ich habe mehrmals nacheinander versucht mbar und mbam laufen zu lassen (es war immer nur ein Program installiert). Nach ca. 20 Min. blieb jedes Mal der Rechner hängen und zwar im Ordner C:\USERS\...\APPDATA\LOCAL\TEMP\...

Woran kann das liegen? Kann ich vielleicht ein anderes Progran verwenden?

Alt 24.03.2015, 09:47   #13
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



hi,

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.03.2015, 18:43   #14
ga-bwler
 
UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Zitat:
Zitat von schrauber Beitrag anzeigen
hi,

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.
Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 25.03.2015 06:29:35
Benutzerkonto: Schüle-Laptop\Schüle

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	25.03.2015 06:35:59
C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} 	gefunden: Application.Win32.InstallExt (A)
C:\ProgramData\sweetim 	gefunden: Application.AppInstall (A)
C:\Program Files\sweetim 	gefunden: Application.AppInstall (A)
C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\ffxtlbra@softonic.com 	gefunden: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-768814543-1293272205-1146082735-1000\SOFTWARE\YAHOOPARTNERTOOLBAR 	gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{13ABD093-D46F-40DF-A608-47E162EC799D} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} 	gefunden: Application.InstallTool (A)

Gescannt	245979
Gefunden	12

Scan-Ende:	25.03.2015 08:53:48
Scan-Zeit:	2:17:49
         

Alt 26.03.2015, 15:02   #15
schrauber
/// the machine
/// TB-Ausbilder
 

UPS Phishing Mail geöffnet uns auf Link geklickt - Standard

UPS Phishing Mail geöffnet uns auf Link geklickt



Funde löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu UPS Phishing Mail geöffnet uns auf Link geklickt
administrator, bluescreen 0, converter, defender, explorer, flash player, phishing, registry, services.exe, software, svchost.exe, sweetpacks bundle uninstaller entfernen, symantec, winlogon.exe, yontoo entfernen



Ähnliche Themen: UPS Phishing Mail geöffnet uns auf Link geklickt


  1. Windows 7: Link in Phishing Mail geöffnet
    Log-Analyse und Auswertung - 03.09.2015 (3)
  2. Phishing mail Link geklickt
    Log-Analyse und Auswertung - 22.03.2015 (9)
  3. Windows 7: DHL-Phishing-Mail geöffnet, auf den Link geklickt, .zip-File nicht heruntergeladen
    Log-Analyse und Auswertung - 10.03.2015 (13)
  4. DHL Phishing mail - auf link geklickt (auch mit handy)
    Plagegeister aller Art und deren Bekämpfung - 06.03.2015 (11)
  5. Link in Phishing-Mail wurde geöffnet
    Plagegeister aller Art und deren Bekämpfung - 27.10.2014 (12)
  6. Phising Mail von Paypal geöffnet und Link geklickt auf OSX -> Trojanerbefall?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (5)
  7. Habe auf Link in Phishing Mail geklickt.
    Plagegeister aller Art und deren Bekämpfung - 29.09.2014 (7)
  8. Auf den Link einer Phishing-Mail geklickt. (Angeblich PayPal)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (5)
  9. Link in Phishing mail geöffnet
    Log-Analyse und Auswertung - 10.08.2014 (3)
  10. Win7/64Bit: Link in Phishing mail (Ermittlungsverfahren) geklickt, Frethog-32 found
    Log-Analyse und Auswertung - 27.06.2014 (6)
  11. Phishing Mail geöffnet, auf Link geklickt, nichts ist passiert - was tun?
    Log-Analyse und Auswertung - 18.06.2014 (7)
  12. Phishing-mail link geklickt
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  13. PayPal Phishing-Mail erhalten, auf Link geklickt und Passwort eingegeben
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (9)
  14. Phishing Mail geöffnet, auf Link geklickt, nichts ist passiert - was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (5)
  15. Phishing-Mail erhalten, auf Link geklickt und Daten angegeben
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (26)
  16. Auf den Link in einer Phishing E-Mail geklickt - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (5)
  17. Battle.net Phishing Mail, Link geklickt, aber nichts eingegeben
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (13)

Zum Thema UPS Phishing Mail geöffnet uns auf Link geklickt - Hallo zusammen, ich habe heute eine Phishing Mail von UPS erhalten und ohne die Mail genauer anzuschauen auf den Link geklickt. Es wurde eine ZIP-Datei heruntergeladen. Ob sie automatisch installiert - UPS Phishing Mail geöffnet uns auf Link geklickt...
Archiv
Du betrachtest: UPS Phishing Mail geöffnet uns auf Link geklickt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.