Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Online Banking vermutlich Phishing vor Login

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.05.2015, 11:29   #1
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Moin, seit gestern kommt beim Login Versuch auf meiner Online Banking Seite eine seltsame Meldung. Es erscheint die Aufforderung zur Installation von Software auf dem Smartphone und dazu wird die Eingabe der Handynummer verlangt. (Vermutlich um damit an die TANs ranzukommen.
Die Servicehotline der Bank meint es handelt sich um einen Trojaner. Hat aber keine brauchbaren Lösungsvorschläge parat. Im Anhang schicke ich mal vorerst eine detaillierte Information über die Symptome. Sonst funktioniert der PC einwandfrei.
ESET online scan läuft gerade und wird nachgereicht.

Bitte um Hilfe!
Nina
Angehängte Dateien
Dateityp: pdf BA Phishing.pdf (282,3 KB, 136x aufgerufen)

Alt 16.05.2015, 12:01   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



OK, ESET Log dann bitte posten. Funde wenn möglich nicht löschen lassen. Machen das dann manuell.




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Geändert von deeprybka (16.05.2015 um 12:25 Uhr)

Alt 16.05.2015, 13:10   #3
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02
Ran by nina (administrator) on ACERNOTEBOOK on 15-05-2015 15:48:12
Running from K:\Bilder\2015\04 April
Loaded Profiles: nina (Available profiles: nina & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\FireFox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X]
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll => C:\Windows\system32\avgrsstx.dll [12536 2010-07-15] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24] (AVG Technologies CZ, s.r.o.)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2010-07-15] (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF NetworkProxy: "autoconfig_url", "https://guardvpn.net/facebook.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\searchplugins\yahoo_ff.xml [2015-04-07]
FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02]
FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21]
FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21]
FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-12-31]

Chrome: 
=======
CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-07-28] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 15:47 - 2015-05-15 15:48 - 00000000 ____D () C:\FRST
2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable
2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer
2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log
2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer
2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe
2015-04-24 10:03 - 2015-04-30 21:15 - 00000000 ____D () C:\Program Files\FireFox
2015-04-19 21:51 - 2015-04-19 21:51 - 00002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina
2015-05-15 15:05 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 14:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 13:47 - 2009-07-07 02:17 - 01371694 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 11:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 11:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 10:59 - 2009-12-31 18:07 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2015-05-15 10:52 - 2015-03-30 09:26 - 00006979 _____ () C:\Windows\setupact.log
2015-05-15 10:52 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 10:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db
2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer
2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer
2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-03 19:18 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job
2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc
2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird
2015-04-30 21:15 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast
2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype
2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna
2015-04-25 09:37 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne
2015-04-19 21:51 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0
2015-04-19 21:51 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8
2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 19:31 - 2015-04-03 10:21 - 00001454 _____ () C:\Windows\PFRO.log
2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:56 - 2012-04-25 13:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 09:56 - 2011-12-09 18:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2009-10-17 10:31 - 2009-02-10 21:23 - 0192484 _____ () C:\Program Files\Common Files\Acer GameZone online.ico
2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin
2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm
2015-04-19 21:51 - 2015-04-19 21:51 - 0002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg
2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log
2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\nina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\nina\AppData\Local\Temp\utt484D.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:23

==================== End Of Log ============================
         
--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 02
Ran by nina at 2015-05-15 15:49:23
Running from K:\Bilder\2015\04 April
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3389578649-474333246-578579119-500 - Administrator - Disabled)
Gast (S-1-5-21-3389578649-474333246-578579119-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3389578649-474333246-578579119-1005 - Limited - Enabled)
nina (S-1-5-21-3389578649-474333246-578579119-1006 - Administrator - Enabled) => C:\Users\nina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
A1 Servicecenter (HKLM\...\A1 Servicecenter) (Version: 1.4.0.43 - A1 Telekom Austria AG)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.01.0805 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
BitComet 1.36 (HKLM\...\BitComet) (Version: 1.36 - CometNetwork)
BitTorrent (HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.)
Brinno Incorporated Brinno TimeLapse Camera 1.75.0 (HKLM\...\Brinno TimeLapse Camera) (Version: 1.75.0 - Brinno Incorporated)
Canon MP Navigator EX 1.2 (HKLM\...\MP Navigator EX 1.2) (Version:  - )
Canon MP190 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
DeepBurner v1.9.0.228 (HKLM\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FastStone Photo Resizer 3.2 (HKLM\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Green City - Go South (HKLM\...\e44bb2cd2c15dad53d3887ef83640eaa) (Version:  - Zylom)
HappyFoto-Designer 5.4 (HKLM\...\HappyFoto-Designer_is1) (Version:  - )
HOFER Bestellsoftware 4.14.5 (HKLM\...\HOFER Bestellsoftware) (Version: 4.14.5 - ORWO Net)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KeePass Password Safe 1.17 (HKLM\...\KeePass Password Safe_is1) (Version: 1.17 - Dominik Reichl)
Launch Manager (HKLM\...\LManager) (Version: 3.0.03 - Acer Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
LucasArts' Monkey4 (HKLM\...\LucasArts' Monkey4) (Version:  - )
MedienManager 1.5.1 (HKLM\...\8781-9705-0578-2960) (Version: 1.5.1 - A1 Telekom Austria AG)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Picture It! Foto Designer Pro Plus 10 (HKLM\...\PictureItSuite_v10) (Version: 10.0.0708 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{E29CFB36-F070-4612-8DB5-7038161B6294}) (Version: 14.1.431 - O&O Software GmbH)
O&O SafeErase (HKLM\...\{C0DB2307-0373-4CEF-B841-5C2431897336}) (Version: 4.1.153 - O&O Software GmbH)
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Unity Web Player (HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3389578649-474333246-578579119-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

07-05-2015 10:19:30 Geplanter Prüfpunkt
14-05-2015 19:24:24 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00725960-1587-4E58-9406-F0A0B08CEDE2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {054BC02A-AEC3-43C0-B6B3-84BB9B444E57} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {29D0FBE7-7E08-47DB-814A-221C67B7C562} - System32\Tasks\Paragon Archive name arc_121014163857289 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group)
Task: {2C5384C9-5890-4AF0-BF0E-B12E4B976F5F} - System32\Tasks\Paragon Archive name arc_121014163721442 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group)
Task: {39A26BEE-C322-479C-82EA-302B70D5C6B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.)
Task: {3E206D79-79E0-4B0E-8CC3-36CFE21FA3A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3F5EE653-260C-4DEE-9C3C-84F87F5CB911} - System32\Tasks\Paragon Archive name arc_121014164056536 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group)
Task: {4814C721-B672-4B9E-8002-0E3257B3CD05} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4F441DC2-1E14-4607-B85F-CA342AC79DBA} - System32\Tasks\{30AFB53F-3582-4BCA-9C9A-3C501F8B31ED} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\nina\Desktop
Task: {81A1C4BB-DC00-4703-BBFA-56DA7DE385CE} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {8EDA5EB4-2448-4F5C-8EC7-33CB5EDF57AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.)
Task: {9598C3F4-F2A5-407B-B77B-FB1C1D44A0BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A5E408A2-D24D-4EBF-BC3D-E72246AFBD0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {B23327A8-5F71-4BDB-BE6F-AC81BDE65895} - System32\Tasks\Paragon Archive name arc_121014164007286 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group)
Task: {BC7A9D6F-9B27-4898-807E-2EBFB4846A8B} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {D9605096-5080-4FC1-BB77-BA1D5A117737} - System32\Tasks\{0611987B-0C3E-47AD-9819-7F2766480BDB} => C:\Program Files\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {FE35006A-D1AA-4394-8617-1B9A94398902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014163838647.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic
Task: C:\Windows\Tasks\Paragon Archive name arc_121014163857289.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014163956242.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic
Task: C:\Windows\Tasks\Paragon Archive name arc_121014164007286.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014164039485.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic
Task: C:\Windows\Tasks\Paragon Archive name arc_121014164056536.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014164118423.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic

==================== Loaded Modules (Whitelisted) ==============

2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2015-02-15 11:17 - 2015-02-15 11:17 - 00182784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\6e34b85e4b592f012562cd3ea07a3609\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-02-15 11:18 - 2015-02-15 11:18 - 15005696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\377f67cec6e354732922f4cfdac2623e\Kies.Theme.ni.dll
2015-02-15 11:17 - 2015-02-15 11:17 - 01833984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\dffddc07bad99dc5b76f2c8f7e74a839\Kies.UI.ni.dll
2015-02-15 11:17 - 2015-02-15 11:17 - 00077824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\639d0f46adb0215d1e316e8477638409\Kies.MVVM.ni.dll
2015-02-15 11:18 - 2015-02-15 11:18 - 00233472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\de6a15348040911b2e63c8dbe3c77275\ASF_cSharpAPI.ni.dll
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:270A3983
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\nina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BcmSqlStartupSvc => 2
MSCONFIG\Services: SQLWriter => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C822F4F2-BC00-44DE-ABDC-9041D4521A82}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{D1DF1E13-5A2C-4A60-806D-4DB09F982CDE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{E0E327E6-A15E-4C6E-A694-BC426EB6E0DE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8AB5CF77-CDCF-4FF7-88EB-26A8F7296A05}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{491AAAC6-4E3B-4ACA-B80F-D83C64EC119A}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{7CBD0C0A-735F-4601-B26C-711DE90ABC8A}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{4371448C-E089-4BA7-96F8-2CD3847098A3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C5791CD6-84FE-4543-9AAD-68919703490E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9203D4DC-08E7-4F35-8708-233EEDF39500}] => (Allow) svchost.exe
FirewallRules: [{B613AC91-420C-4AF2-9B93-9C011F89550F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A7F47625-206F-4529-9840-2B5B1A068546}] => (Allow) C:\Program Files\AVG\AVG9\avgnsx.exe
FirewallRules: [{31578B3D-78C6-4D93-84F3-E2E0B974E440}] => (Allow) C:\Program Files\AVG\AVG9\avgemc.exe
FirewallRules: [{9788B5EC-076C-4757-B7A3-D180B15F3A68}] => (Allow) C:\Program Files\AVG\AVG9\avgupd.exe
FirewallRules: [{29FF43C1-3A88-45E0-B3D6-1C0C4EAD1D96}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3F1A7833-5562-4F99-B96F-A42A0A453AF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{B8015FB5-F9EC-401D-9F66-C7C6F43C9CB6}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{8DB4DD6A-45AA-4EA0-A8DA-F2DA00F8A66B}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{28E7C70A-520A-4CFD-B1CE-EE03B51360C2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{6CC4FF0C-27F7-451A-AB23-FAF6AD0E27F6}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0A2D0E97-7302-44ED-9A3F-E7131FABE87A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{45CE1AFD-45D6-457B-971D-D0BDEA96D384}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{971CE99B-E6AE-4B7C-B8D4-CDE92E494B47}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DFB6013D-A78E-46E0-9506-B073D67CE0DB}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{A1469E5D-729D-49D7-A174-1A4A9A83F2B6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{EF3DC344-0570-48B0-AD15-421B0C7D65F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D3A55F21-E36B-4B66-8C39-5E7016FB087F}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0BCD1E8D-A9BB-4B40-B92F-EA354FE01185}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{56D76889-892F-493A-A093-6DC3A18A4A79}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3271B1A8-0117-41A6-AC28-FD8EA17EBE11}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe
FirewallRules: [{73DBF6ED-DDA0-43FF-B922-E57A441A8703}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe
FirewallRules: [{3DDD6AC8-4C52-495D-B84A-C7E9B86025EA}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{A664FD27-1102-40A7-80E9-AA2F20051B7E}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{BD1DF53E-B630-4AC4-AA5F-65989332E40F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F18AFB04-58F4-4703-9305-CADD18C84D62}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [TCP Query User{B5BE8917-C2E3-4D02-B3A0-6C1D1768617F}C:\program files\firefox\plugin-container.exe] => (Allow) C:\program files\firefox\plugin-container.exe
FirewallRules: [UDP Query User{D3C5DFC0-6E61-4EB7-9A72-42979537EC21}C:\program files\firefox\plugin-container.exe] => (Allow) C:\program files\firefox\plugin-container.exe
FirewallRules: [{6FD47898-8A61-4CD8-AD5E-B630C6AFDAF0}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Servicecenter\Start.exe
FirewallRules: [{F249B5EE-639F-4DEA-81E2-F964120B9DDC}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Servicecenter\Start.exe
FirewallRules: [{F243B0A7-725B-456A-97B5-A8D1D4E0831D}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Breitband\A1Breitband.exe
FirewallRules: [{08D45A01-8DBE-4B71-8ED0-52F9448C8B82}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Breitband\A1Breitband.exe
FirewallRules: [{90596C98-4E3F-4239-BFEA-1D9A5A100F05}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Modemwechsel\A1Modemwechsel.exe
FirewallRules: [{0DAA9DA8-1701-4B9D-954F-3CC0B2B7BEB8}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Modemwechsel\A1Modemwechsel.exe
FirewallRules: [{EB083CDA-EFBF-47BA-8FB1-9DABCCCA2625}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
FirewallRules: [{E8F92151-AE11-4FF6-A098-8BB3BE26691C}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
FirewallRules: [{8CD6832F-45AD-4F98-B852-C320878CE6B5}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Modemkonfigurator.exe
FirewallRules: [{3C168986-A3D9-41EB-BF23-937663696D66}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Modemkonfigurator.exe
FirewallRules: [{7CD70E09-633F-4A9E-BFD4-97E56ED1BA54}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe
FirewallRules: [{7CAD7F81-8024-448F-9EDE-C3130F645190}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe
FirewallRules: [{FD15F0DA-4E37-4227-969F-ED6A0C9CF319}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{9B52A403-E369-434B-8125-AC46C509BC67}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{ECEC3DB9-56AD-46A5-9C02-66244B0770A5}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1CMDTool.exe
FirewallRules: [{C4BC22C2-0086-4F37-A71B-BDFC0D632A8C}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1CMDTool.exe
FirewallRules: [{B359EF6B-CC51-489B-A9E3-8A95DD0859CE}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{97502A5B-AF93-43E8-9A74-7D8EBBB8BB74}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{3699E62E-6F7E-418E-86CD-F9F8ACB0BFC7}] => (Allow) C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe
FirewallRules: [{17CF6469-529A-4EA1-9A3F-BEFD7C4B843B}] => (Allow) C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe
FirewallRules: [{372992F4-2129-4812-BE38-E9E890539CF0}] => (Allow) C:\Program Files\Telekom-Austria\MedienManager\MedienManager.exe
FirewallRules: [{5E3D6AEC-40ED-4681-B4E0-E7B1AE100134}] => (Allow) C:\Program Files\Telekom-Austria\MedienManager\MedienManager.exe
FirewallRules: [{D797096E-CC57-4F90-BD33-A103B187914B}] => (Allow) LPort=4004
FirewallRules: [{D40ADB4E-13E3-4DE4-9F59-8F2EBEB8661A}] => (Allow) LPort=1900
FirewallRules: [{82997A2E-606E-48FD-9402-5971BDE3D220}] => (Allow) C:\Users\nina\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F7C3221C-1023-45CD-8B6A-A43B5169384F}] => (Allow) C:\Users\nina\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{06767E68-CE34-4D0A-AF36-4CCA676B8309}] => (Allow) C:\Program Files\FireFox\firefox.exe
FirewallRules: [{FAEB8AD1-9AB0-4D07-945C-0C84717A4C99}] => (Allow) C:\Program Files\FireFox\firefox.exe
FirewallRules: [TCP Query User{C41EA1CF-7C98-4821-BA8C-F206E92814D2}C:\program files\firefox\firefox.exe] => (Allow) C:\program files\firefox\firefox.exe
FirewallRules: [UDP Query User{926C827E-D6C6-497D-A24C-4A4F0548EF00}C:\program files\firefox\firefox.exe] => (Allow) C:\program files\firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 11:43:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/14/2015 10:53:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HappyFoto-Designer.exe, Version 5.3.13.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: af8

Startzeit: 01d08e2348fec705

Endzeit: 47

Anwendungspfad: C:\Program Files\HappyFoto-Designer\HappyFoto-Designer.exe

Berichts-ID:

Error: (05/14/2015 10:49:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HappyFoto-Designer.exe, Version 5.3.13.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10dc

Startzeit: 01d08e22252ddf86

Endzeit: 47

Anwendungspfad: C:\Program Files\HappyFoto-Designer\HappyFoto-Designer.exe

Berichts-ID:

Error: (05/14/2015 00:48:57 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/13/2015 04:13:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/13/2015 02:42:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: AcerNotebook)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/12/2015 09:51:17 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/11/2015 11:18:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/11/2015 10:30:34 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/09/2015 01:20:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (05/15/2015 03:30:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 03:30:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 03:30:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/15/2015 11:03:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 11:03:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 11:03:18 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/15/2015 10:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 10:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/15/2015 10:54:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/15/2015 10:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (03/19/2015 08:53:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1917 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (02/25/2015 06:19:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 1976.93 MB
Available physical RAM: 910.52 MB
Total Pagefile: 3953.85 MB
Available Pagefile: 2087.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.68 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:88.12 GB) (Free:22.48 GB) NTFS
Drive d: (Daten) (Fixed) (Total:48.83 GB) (Free:27.23 GB) NTFS
Drive f: (ext_Eigene) (Fixed) (Total:79.16 GB) (Free:18.9 GB) NTFS
Drive g: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:466.22 GB) NTFS
Drive h: (ext_Daten) (Fixed) (Total:104.89 GB) (Free:11.97 GB) NTFS
Drive k: (ext_sonstige) (Fixed) (Total:48.83 GB) (Free:19.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3A3B601C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: B559B559)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=79.2 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
ESET Prüfergebnisse:

Code:
ATTFilter
C:\Users\nina\AppData\Local\Temp\utt484D.tmp.exe	Variante von Win32/Toolbar.Widgi.N evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\AppData\Local\Temp\~sp607C.tmp	Win32/Toolbar.Widgi.O evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\AppData\Local\Temp\DMR\dmr_72.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\AppData\Local\Temp\nsc9D9A.tmp\SP.dll	Variante von Win32/Toolbar.Widgi.P evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\Downloads\Free Mp3 Wma Converter - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\Downloads\MP3Gain - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\nina\Downloads\PDFCreator-2_0_1-setup.exe	Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
H:\Studium\Stefan\Downloads\Setup_641FreeFlvConverter.exe	Win32/Toolbar.Widgi evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
H:\Studium\Stefan\Downloads\Alcohol 120% v1.9.7 (Build 6221) [CiM Patch][h33t][matt14]\Alcohol120_trial_1.9.7.6221.exe	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
K:\Bilder\2015\04 April\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\IslandRealmsSetup-dm.exe	Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\ShamanOdysseySetup-dm.exe	Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\TropicalFarmSetup-dm.exe	Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
         
__________________

Alt 16.05.2015, 13:26   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Hi,
kommen diese Meldungen auch wenn Du den Internet Explorer benutzt?
Wann warst Du das letzte Mal im OB ohne diese Meldungen?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.05.2015, 20:30   #5
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Beim IE kommt die gleiche Meldung. Wann ich das online banking zuletzt genutzt habe kann ich nicht genau sagen, maximal eine Woche. Beim letzten Mal war noch alles normal.


Alt 16.05.2015, 20:31   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Schritt 1

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Online Banking vermutlich Phishing vor Login

Alt 16.05.2015, 20:48   #7
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



TDDS report:

Code:
ATTFilter
21:41:00.0460 0x1498  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:41:07.0463 0x1498  ============================================================
21:41:07.0463 0x1498  Current date / time: 2015/05/16 21:41:07.0463
21:41:07.0463 0x1498  SystemInfo:
21:41:07.0463 0x1498  
21:41:07.0463 0x1498  OS Version: 6.1.7601 ServicePack: 1.0
21:41:07.0463 0x1498  Product type: Workstation
21:41:07.0463 0x1498  ComputerName: ACERNOTEBOOK
21:41:07.0464 0x1498  UserName: nina
21:41:07.0464 0x1498  Windows directory: C:\Windows
21:41:07.0464 0x1498  System windows directory: C:\Windows
21:41:07.0464 0x1498  Processor architecture: Intel x86
21:41:07.0464 0x1498  Number of processors: 2
21:41:07.0464 0x1498  Page size: 0x1000
21:41:07.0464 0x1498  Boot type: Normal boot
21:41:07.0464 0x1498  ============================================================
21:41:08.0215 0x1498  KLMD registered as C:\Windows\system32\drivers\39705263.sys
21:41:08.0598 0x1498  System UUID: {FC610601-5636-42D7-D565-9D8929B6216B}
21:41:09.0137 0x1498  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:41:09.0156 0x1498  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115000 ( 1863.02 Gb ), SectorSize: 0x1000, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:41:09.0157 0x1498  ============================================================
21:41:09.0157 0x1498  \Device\Harddisk0\DR0:
21:41:09.0157 0x1498  MBR partitions:
21:41:09.0157 0x1498  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
21:41:09.0157 0x1498  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0xB03E800
21:41:09.0174 0x1498  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC871800, BlocksNum 0x61A7800
21:41:09.0174 0x1498  \Device\Harddisk1\DR1:
21:41:09.0405 0x1498  MBR partitions:
21:41:09.0405 0x1498  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C0915
21:41:09.0405 0x1498  ============================================================
21:41:09.0506 0x1498  C: <-> \Device\Harddisk0\DR0\Partition2
21:41:09.0549 0x1498  D: <-> \Device\Harddisk0\DR0\Partition3
21:41:09.0569 0x1498  G: <-> \Device\Harddisk1\DR1\Partition1
21:41:09.0585 0x1498  ============================================================
21:41:09.0585 0x1498  Initialize success
21:41:09.0585 0x1498  ============================================================
21:42:30.0982 0x06e4  ============================================================
21:42:30.0982 0x06e4  Scan started
21:42:30.0982 0x06e4  Mode: Manual; SigCheck; TDLFS; 
21:42:30.0982 0x06e4  ============================================================
21:42:30.0982 0x06e4  KSN ping started
21:42:40.0676 0x06e4  KSN ping finished: true
21:42:41.0910 0x06e4  ================ Scan system memory ========================
21:42:41.0910 0x06e4  System memory - ok
21:42:41.0911 0x06e4  ================ Scan services =============================
21:42:42.0119 0x06e4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:42:42.0258 0x06e4  1394ohci - ok
21:42:42.0334 0x06e4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:42:42.0357 0x06e4  ACPI - ok
21:42:42.0410 0x06e4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:42:42.0490 0x06e4  AcpiPmi - ok
21:42:42.0598 0x06e4  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:42:42.0612 0x06e4  AdobeARMservice - ok
21:42:42.0727 0x06e4  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:42:42.0746 0x06e4  AdobeFlashPlayerUpdateSvc - ok
21:42:42.0816 0x06e4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:42:42.0854 0x06e4  adp94xx - ok
21:42:42.0886 0x06e4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:42:42.0920 0x06e4  adpahci - ok
21:42:42.0946 0x06e4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:42:42.0964 0x06e4  adpu320 - ok
21:42:43.0001 0x06e4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:42:43.0048 0x06e4  AeLookupSvc - ok
21:42:43.0117 0x06e4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
21:42:43.0185 0x06e4  AFD - ok
21:42:43.0209 0x06e4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:42:43.0225 0x06e4  agp440 - ok
21:42:43.0271 0x06e4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:42:43.0286 0x06e4  aic78xx - ok
21:42:43.0342 0x06e4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
21:42:43.0392 0x06e4  ALG - ok
21:42:43.0439 0x06e4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:42:43.0452 0x06e4  aliide - ok
21:42:43.0477 0x06e4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:42:43.0492 0x06e4  amdagp - ok
21:42:43.0509 0x06e4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:42:43.0522 0x06e4  amdide - ok
21:42:43.0558 0x06e4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:42:43.0613 0x06e4  AmdK8 - ok
21:42:43.0630 0x06e4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:42:43.0662 0x06e4  AmdPPM - ok
21:42:43.0704 0x06e4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:42:43.0720 0x06e4  amdsata - ok
21:42:43.0760 0x06e4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:42:43.0781 0x06e4  amdsbs - ok
21:42:43.0799 0x06e4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:42:43.0815 0x06e4  amdxata - ok
21:42:43.0859 0x06e4  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
21:42:43.0897 0x06e4  AppID - ok
21:42:43.0919 0x06e4  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:42:43.0958 0x06e4  AppIDSvc - ok
21:42:44.0021 0x06e4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
21:42:44.0068 0x06e4  Appinfo - ok
21:42:44.0108 0x06e4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:42:44.0168 0x06e4  AppMgmt - ok
21:42:44.0226 0x06e4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:42:44.0242 0x06e4  arc - ok
21:42:44.0290 0x06e4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:42:44.0307 0x06e4  arcsas - ok
21:42:44.0426 0x06e4  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:42:44.0452 0x06e4  aspnet_state - ok
21:42:44.0491 0x06e4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:42:44.0617 0x06e4  AsyncMac - ok
21:42:44.0667 0x06e4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:42:44.0681 0x06e4  atapi - ok
21:42:44.0740 0x06e4  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:42:44.0793 0x06e4  AudioEndpointBuilder - ok
21:42:44.0812 0x06e4  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:42:44.0838 0x06e4  Audiosrv - ok
21:42:44.0946 0x06e4  [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc         C:\Program Files\AVG\AVG9\avgemc.exe
21:42:45.0005 0x06e4  avg9emc - ok
21:42:45.0057 0x06e4  [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd          C:\Program Files\AVG\AVG9\avgwdsvc.exe
21:42:45.0093 0x06e4  avg9wd - ok
21:42:45.0146 0x06e4  [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86        C:\Windows\System32\Drivers\avgldx86.sys
21:42:45.0166 0x06e4  AvgLdx86 - ok
21:42:45.0216 0x06e4  [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86        C:\Windows\System32\Drivers\avgmfx86.sys
21:42:45.0226 0x06e4  AvgMfx86 - ok
21:42:45.0263 0x06e4  [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX         C:\Windows\System32\Drivers\avgtdix.sys
21:42:45.0280 0x06e4  AvgTdiX - ok
21:42:45.0327 0x06e4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:42:45.0402 0x06e4  AxInstSV - ok
21:42:45.0462 0x06e4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:42:45.0549 0x06e4  b06bdrv - ok
21:42:45.0600 0x06e4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:42:45.0648 0x06e4  b57nd60x - ok
21:42:45.0717 0x06e4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
21:42:45.0746 0x06e4  BDESVC - ok
21:42:45.0785 0x06e4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:42:45.0838 0x06e4  Beep - ok
21:42:45.0917 0x06e4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
21:42:46.0002 0x06e4  BFE - ok
21:42:46.0066 0x06e4  BITCOMET_HELPER_SERVICE - ok
21:42:46.0118 0x06e4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
21:42:46.0306 0x06e4  BITS - ok
21:42:46.0330 0x06e4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:42:46.0360 0x06e4  blbdrive - ok
21:42:46.0397 0x06e4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:42:46.0453 0x06e4  bowser - ok
21:42:46.0482 0x06e4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:42:46.0564 0x06e4  BrFiltLo - ok
21:42:46.0574 0x06e4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:42:46.0590 0x06e4  BrFiltUp - ok
21:42:46.0628 0x06e4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
21:42:46.0661 0x06e4  Browser - ok
21:42:46.0692 0x06e4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:42:46.0749 0x06e4  Brserid - ok
21:42:46.0774 0x06e4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:42:46.0805 0x06e4  BrSerWdm - ok
21:42:46.0828 0x06e4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:42:46.0860 0x06e4  BrUsbMdm - ok
21:42:46.0866 0x06e4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:42:46.0884 0x06e4  BrUsbSer - ok
21:42:46.0911 0x06e4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:42:46.0950 0x06e4  BTHMODEM - ok
21:42:47.0010 0x06e4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
21:42:47.0058 0x06e4  bthserv - ok
21:42:47.0103 0x06e4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:42:47.0134 0x06e4  cdfs - ok
21:42:47.0193 0x06e4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:42:47.0224 0x06e4  cdrom - ok
21:42:47.0262 0x06e4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:42:47.0314 0x06e4  CertPropSvc - ok
21:42:47.0352 0x06e4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:42:47.0390 0x06e4  circlass - ok
21:42:47.0432 0x06e4  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
21:42:47.0455 0x06e4  CLFS - ok
21:42:47.0521 0x06e4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:42:47.0535 0x06e4  clr_optimization_v2.0.50727_32 - ok
21:42:47.0588 0x06e4  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:42:47.0625 0x06e4  clr_optimization_v4.0.30319_32 - ok
21:42:47.0646 0x06e4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:42:47.0679 0x06e4  CmBatt - ok
21:42:47.0702 0x06e4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:42:47.0716 0x06e4  cmdide - ok
21:42:47.0753 0x06e4  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
21:42:47.0815 0x06e4  CNG - ok
21:42:47.0886 0x06e4  [ 720A32C2D7BE2F21C1213A2EC9C16CDD, B8B276E2A5486ED78849E72F895729AE5077EE1C1AA459C74163BD5909ABE927 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:42:47.0938 0x06e4  CnxtHdAudService - ok
21:42:47.0956 0x06e4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:42:47.0971 0x06e4  Compbatt - ok
21:42:48.0008 0x06e4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:42:48.0044 0x06e4  CompositeBus - ok
21:42:48.0057 0x06e4  COMSysApp - ok
21:42:48.0080 0x06e4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:42:48.0094 0x06e4  crcdisk - ok
21:42:48.0136 0x06e4  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:42:48.0173 0x06e4  CryptSvc - ok
21:42:48.0238 0x06e4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
21:42:48.0319 0x06e4  CSC - ok
21:42:48.0370 0x06e4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
21:42:48.0434 0x06e4  CscService - ok
21:42:48.0481 0x06e4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:42:48.0548 0x06e4  DcomLaunch - ok
21:42:48.0582 0x06e4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
21:42:48.0620 0x06e4  defragsvc - ok
21:42:48.0649 0x06e4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:42:48.0680 0x06e4  DfsC - ok
21:42:48.0736 0x06e4  [ 560B0DCE52DFED6623B27C9BAFA6F236, BB4156BB1CCA64CCDE065870DAE56CD58BF05CEBF7C3B17C7A821FDF02A8B157 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:42:48.0771 0x06e4  dg_ssudbus - ok
21:42:48.0846 0x06e4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:42:48.0911 0x06e4  Dhcp - ok
21:42:48.0937 0x06e4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
21:42:48.0974 0x06e4  discache - ok
21:42:49.0023 0x06e4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:42:49.0038 0x06e4  Disk - ok
21:42:49.0104 0x06e4  [ C701324C9E0C25DD9D60311BD87FBC84, 86BE238FCC60A55C92D303452A9D5DFA838AE560BDC03A5C6F0F9ABE92062B5A ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
21:42:49.0115 0x06e4  DKbFltr - ok
21:42:49.0147 0x06e4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:42:49.0198 0x06e4  Dnscache - ok
21:42:49.0230 0x06e4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:42:49.0265 0x06e4  dot3svc - ok
21:42:49.0329 0x06e4  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:42:49.0373 0x06e4  Dot4 - ok
21:42:49.0416 0x06e4  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:42:49.0449 0x06e4  Dot4Print - ok
21:42:49.0500 0x06e4  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:42:49.0530 0x06e4  dot4usb - ok
21:42:49.0583 0x06e4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
21:42:49.0648 0x06e4  DPS - ok
21:42:49.0694 0x06e4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:42:49.0743 0x06e4  drmkaud - ok
21:42:49.0796 0x06e4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:42:49.0860 0x06e4  DXGKrnl - ok
21:42:49.0918 0x06e4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
21:42:49.0965 0x06e4  EapHost - ok
21:42:50.0137 0x06e4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:42:50.0329 0x06e4  ebdrv - ok
21:42:50.0369 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] EFS             C:\Windows\System32\lsass.exe
21:42:50.0416 0x06e4  EFS - ok
21:42:50.0481 0x06e4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:42:50.0562 0x06e4  ehRecvr - ok
21:42:50.0581 0x06e4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
21:42:50.0643 0x06e4  ehSched - ok
21:42:50.0710 0x06e4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:42:50.0757 0x06e4  elxstor - ok
21:42:50.0855 0x06e4  [ 7FC5C35144B2FF94FD65576D8C129D2B, DE7AAB85110617A51965030781C91E4A9EA0AB42B3B6200F88ADCF40009664BC ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:42:50.0902 0x06e4  ePowerSvc - ok
21:42:50.0926 0x06e4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:42:50.0961 0x06e4  ErrDev - ok
21:42:51.0029 0x06e4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
21:42:51.0112 0x06e4  EventSystem - ok
21:42:51.0147 0x06e4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:42:51.0197 0x06e4  exfat - ok
21:42:51.0227 0x06e4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:42:51.0282 0x06e4  fastfat - ok
21:42:51.0346 0x06e4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
21:42:51.0428 0x06e4  Fax - ok
21:42:51.0442 0x06e4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:42:51.0470 0x06e4  fdc - ok
21:42:51.0509 0x06e4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
21:42:51.0557 0x06e4  fdPHost - ok
21:42:51.0583 0x06e4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:42:51.0613 0x06e4  FDResPub - ok
21:42:51.0626 0x06e4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:42:51.0642 0x06e4  FileInfo - ok
21:42:51.0666 0x06e4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:42:51.0718 0x06e4  Filetrace - ok
21:42:51.0727 0x06e4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:42:51.0744 0x06e4  flpydisk - ok
21:42:51.0797 0x06e4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:42:51.0818 0x06e4  FltMgr - ok
21:42:51.0916 0x06e4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
21:42:52.0031 0x06e4  FontCache - ok
21:42:52.0117 0x06e4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:42:52.0132 0x06e4  FontCache3.0.0.0 - ok
21:42:52.0150 0x06e4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:42:52.0166 0x06e4  FsDepends - ok
21:42:52.0216 0x06e4  [ 790A4CA68F44BE35967B3DF61F3E4675, 7CBC77C620ABA75FEF4BA8AD9C38766D50CD18106EBA4693F162F2C5A7D46AA8 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
21:42:52.0238 0x06e4  FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
21:43:01.0932 0x06e4  Detect skipped due to KSN trusted
21:43:01.0932 0x06e4  FsUsbExDisk - ok
21:43:02.0022 0x06e4  [ D3F9205CC4CB07553F2F9472C767EA87, B1DF2B8D718CF7958E5E0B367859EEFB45CC9042B1B88E0C4DA884DF2608B59A ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
21:43:02.0064 0x06e4  FsUsbExService - detected UnsignedFile.Multi.Generic ( 1 )
21:43:11.0930 0x06e4  Detect skipped due to KSN trusted
21:43:11.0930 0x06e4  FsUsbExService - ok
21:43:11.0991 0x06e4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:43:12.0011 0x06e4  Fs_Rec - ok
21:43:12.0067 0x06e4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:43:12.0091 0x06e4  fvevol - ok
21:43:12.0145 0x06e4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:43:12.0160 0x06e4  gagp30kx - ok
21:43:12.0264 0x06e4  [ DA3E277F51F300CCAB335D5382148E27, AE3DE9CA0B70DE4D157BCEB5D84B30D53A14E7DF445B3DC70768FCDC955226DB ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
21:43:12.0304 0x06e4  Garmin Core Update Service - ok
21:43:12.0355 0x06e4  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:43:12.0366 0x06e4  GEARAspiWDM - ok
21:43:12.0428 0x06e4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:43:12.0503 0x06e4  gpsvc - ok
21:43:12.0611 0x06e4  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files\Acer\Registration\GregHSRW.exe
21:43:12.0671 0x06e4  Greg_Service - ok
21:43:12.0754 0x06e4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:43:12.0773 0x06e4  gupdate - ok
21:43:12.0796 0x06e4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:43:12.0807 0x06e4  gupdatem - ok
21:43:12.0844 0x06e4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:43:12.0912 0x06e4  hcw85cir - ok
21:43:12.0984 0x06e4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:43:13.0046 0x06e4  HdAudAddService - ok
21:43:13.0096 0x06e4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:43:13.0139 0x06e4  HDAudBus - ok
21:43:13.0157 0x06e4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:43:13.0200 0x06e4  HidBatt - ok
21:43:13.0231 0x06e4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:43:13.0266 0x06e4  HidBth - ok
21:43:13.0274 0x06e4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:43:13.0301 0x06e4  HidIr - ok
21:43:13.0342 0x06e4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
21:43:13.0399 0x06e4  hidserv - ok
21:43:13.0453 0x06e4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:43:13.0480 0x06e4  HidUsb - ok
21:43:13.0496 0x06e4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:43:13.0543 0x06e4  hkmsvc - ok
21:43:13.0588 0x06e4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:43:13.0638 0x06e4  HomeGroupListener - ok
21:43:13.0697 0x06e4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:43:13.0718 0x06e4  HomeGroupProvider - ok
21:43:13.0765 0x06e4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:43:13.0782 0x06e4  HpSAMD - ok
21:43:13.0838 0x06e4  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:43:13.0910 0x06e4  HTTP - ok
21:43:13.0942 0x06e4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:43:13.0956 0x06e4  hwpolicy - ok
21:43:14.0021 0x06e4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:43:14.0051 0x06e4  i8042prt - ok
21:43:14.0124 0x06e4  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:43:14.0157 0x06e4  IAANTMON - ok
21:43:14.0181 0x06e4  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:43:14.0198 0x06e4  iaStor - ok
21:43:14.0239 0x06e4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:43:14.0273 0x06e4  iaStorV - ok
21:43:14.0345 0x06e4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:43:14.0405 0x06e4  idsvc - ok
21:43:14.0711 0x06e4  [ 36CC40B02AE593D6152AC8BD657720AF, 4AE1417A762EA3B00D49B721D5E147FA741D416DC4617BFBB21BD2EF1F81F057 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:43:15.0152 0x06e4  igfx - ok
21:43:15.0220 0x06e4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:43:15.0234 0x06e4  iirsp - ok
21:43:15.0300 0x06e4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:43:15.0372 0x06e4  IKEEXT - ok
21:43:15.0456 0x06e4  [ 4D8D5B1C895EA0F2A721B98A7CE198F1, A7BB7060B9C5353A5EDD18EE5A0950EE94E44B1B686F110F0E5BFA432D743DD1 ] int15.sys       C:\Windows\System32\OEM\Factory\int15.sys
21:43:15.0486 0x06e4  int15.sys - detected UnsignedFile.Multi.Generic ( 1 )
21:43:25.0194 0x06e4  Detect skipped due to KSN trusted
21:43:25.0194 0x06e4  int15.sys - ok
21:43:25.0259 0x06e4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:43:25.0282 0x06e4  intelide - ok
21:43:25.0344 0x06e4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:43:25.0387 0x06e4  intelppm - ok
21:43:25.0421 0x06e4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:43:25.0470 0x06e4  IPBusEnum - ok
21:43:25.0503 0x06e4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:43:25.0534 0x06e4  IpFilterDriver - ok
21:43:25.0577 0x06e4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:43:25.0674 0x06e4  iphlpsvc - ok
21:43:25.0710 0x06e4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:43:25.0748 0x06e4  IPMIDRV - ok
21:43:25.0778 0x06e4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:43:25.0810 0x06e4  IPNAT - ok
21:43:25.0836 0x06e4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:43:25.0904 0x06e4  IRENUM - ok
21:43:25.0918 0x06e4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:43:25.0933 0x06e4  isapnp - ok
21:43:25.0968 0x06e4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:43:25.0992 0x06e4  iScsiPrt - ok
21:43:26.0065 0x06e4  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:43:26.0079 0x06e4  IviRegMgr - ok
21:43:26.0096 0x06e4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:43:26.0111 0x06e4  kbdclass - ok
21:43:26.0146 0x06e4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:43:26.0174 0x06e4  kbdhid - ok
21:43:26.0192 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] KeyIso          C:\Windows\system32\lsass.exe
21:43:26.0206 0x06e4  KeyIso - ok
21:43:26.0242 0x06e4  [ 746F89CE0C6569C589E6AC4D3DA82D41, 6D41311CBA8BB7C9C09C1757D7947539B67FE3EFF6299502176C673809BAEAD8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:43:26.0257 0x06e4  KSecDD - ok
21:43:26.0291 0x06e4  [ D800E1EAF33630A1636BB21E8256AA92, D07542A242E0D52B494BE63A6A141207D0A59CF66ABEBA9CE33877594BF7BA5D ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:43:26.0309 0x06e4  KSecPkg - ok
21:43:26.0358 0x06e4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:43:26.0424 0x06e4  KtmRm - ok
21:43:26.0472 0x06e4  [ 3705B2273E8EFC9A707864AB7324B614, CDEDA70C51E4F9F511396F43C857FFE5537E7EEC8D385169C0D7435A54FCA646 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
21:43:26.0525 0x06e4  L1C - ok
21:43:26.0544 0x06e4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:43:26.0594 0x06e4  LanmanServer - ok
21:43:26.0648 0x06e4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:43:26.0695 0x06e4  LanmanWorkstation - ok
21:43:26.0764 0x06e4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:43:26.0814 0x06e4  lltdio - ok
21:43:26.0862 0x06e4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:43:26.0921 0x06e4  lltdsvc - ok
21:43:26.0932 0x06e4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:43:26.0966 0x06e4  lmhosts - ok
21:43:27.0003 0x06e4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:43:27.0024 0x06e4  LSI_FC - ok
21:43:27.0043 0x06e4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:43:27.0060 0x06e4  LSI_SAS - ok
21:43:27.0080 0x06e4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:43:27.0095 0x06e4  LSI_SAS2 - ok
21:43:27.0117 0x06e4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:43:27.0136 0x06e4  LSI_SCSI - ok
21:43:27.0184 0x06e4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:43:27.0233 0x06e4  luafv - ok
21:43:27.0305 0x06e4  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:43:27.0316 0x06e4  LVPr2Mon - ok
21:43:27.0364 0x06e4  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:43:27.0378 0x06e4  LVPrcSrv - ok
21:43:27.0437 0x06e4  [ B895839B8743E400D7C7DAE156F74E7E, 52E13C6260F7E6718C782DF0B43D838FB4939B314695A7A9CB2012D8B224066B ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
21:43:27.0490 0x06e4  LVRS - ok
21:43:27.0544 0x06e4  [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
21:43:27.0555 0x06e4  LVUSBSta - ok
21:43:27.0585 0x06e4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:43:27.0603 0x06e4  Mcx2Svc - ok
21:43:27.0638 0x06e4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:43:27.0653 0x06e4  megasas - ok
21:43:27.0706 0x06e4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:43:27.0729 0x06e4  MegaSR - ok
21:43:27.0830 0x06e4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:43:27.0844 0x06e4  Microsoft Office Groove Audit Service - ok
21:43:27.0882 0x06e4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
21:43:27.0932 0x06e4  MMCSS - ok
21:43:27.0941 0x06e4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
21:43:27.0981 0x06e4  Modem - ok
21:43:28.0024 0x06e4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:43:28.0041 0x06e4  monitor - ok
21:43:28.0087 0x06e4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:43:28.0101 0x06e4  mouclass - ok
21:43:28.0153 0x06e4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:43:28.0195 0x06e4  mouhid - ok
21:43:28.0241 0x06e4  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:43:28.0256 0x06e4  mountmgr - ok
21:43:28.0318 0x06e4  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:43:28.0337 0x06e4  MozillaMaintenance - ok
21:43:28.0371 0x06e4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:43:28.0388 0x06e4  mpio - ok
21:43:28.0434 0x06e4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:43:28.0465 0x06e4  mpsdrv - ok
21:43:28.0514 0x06e4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:43:28.0570 0x06e4  MpsSvc - ok
21:43:28.0614 0x06e4  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:43:28.0665 0x06e4  MRxDAV - ok
21:43:28.0699 0x06e4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:43:28.0733 0x06e4  mrxsmb - ok
21:43:28.0756 0x06e4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:43:28.0795 0x06e4  mrxsmb10 - ok
21:43:28.0805 0x06e4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:43:28.0825 0x06e4  mrxsmb20 - ok
21:43:28.0864 0x06e4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:43:28.0878 0x06e4  msahci - ok
21:43:28.0973 0x06e4  [ D98350792A7CE82E7459A7C36481BEDA, 7A7634F78ECF4E26F83C49A52806F2DD84158DFC0A33EDC3C87B38B3846129F2 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:43:28.0988 0x06e4  MSCamSvc - ok
21:43:29.0011 0x06e4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:43:29.0028 0x06e4  msdsm - ok
21:43:29.0048 0x06e4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
21:43:29.0068 0x06e4  MSDTC - ok
21:43:29.0091 0x06e4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:43:29.0140 0x06e4  Msfs - ok
21:43:29.0162 0x06e4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:43:29.0227 0x06e4  mshidkmdf - ok
21:43:29.0252 0x06e4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:43:29.0266 0x06e4  msisadrv - ok
21:43:29.0320 0x06e4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:43:29.0351 0x06e4  MSiSCSI - ok
21:43:29.0357 0x06e4  msiserver - ok
21:43:29.0393 0x06e4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:43:29.0423 0x06e4  MSKSSRV - ok
21:43:29.0450 0x06e4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:43:29.0495 0x06e4  MSPCLOCK - ok
21:43:29.0518 0x06e4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:43:29.0565 0x06e4  MSPQM - ok
21:43:29.0594 0x06e4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:43:29.0613 0x06e4  MsRPC - ok
21:43:29.0630 0x06e4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:43:29.0644 0x06e4  mssmbios - ok
21:43:29.0651 0x06e4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:43:29.0695 0x06e4  MSTEE - ok
21:43:29.0702 0x06e4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:43:29.0723 0x06e4  MTConfig - ok
21:43:29.0743 0x06e4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:43:29.0757 0x06e4  Mup - ok
21:43:29.0787 0x06e4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
21:43:29.0857 0x06e4  napagent - ok
21:43:29.0896 0x06e4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:43:29.0938 0x06e4  NativeWifiP - ok
21:43:30.0007 0x06e4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:43:30.0081 0x06e4  NDIS - ok
21:43:30.0113 0x06e4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:43:30.0151 0x06e4  NdisCap - ok
21:43:30.0181 0x06e4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:43:30.0231 0x06e4  NdisTapi - ok
21:43:30.0260 0x06e4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:43:30.0308 0x06e4  Ndisuio - ok
21:43:30.0334 0x06e4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:43:30.0365 0x06e4  NdisWan - ok
21:43:30.0388 0x06e4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:43:30.0437 0x06e4  NDProxy - ok
21:43:30.0501 0x06e4  [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:43:30.0507 0x06e4  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:43:40.0648 0x06e4  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:43:40.0648 0x06e4  Force sending object to P2P due to detect: Net Driver HPZ12
21:44:00.0650 0x06e4  Object send P2P result: false
21:44:10.0439 0x06e4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:44:10.0501 0x06e4  NetBIOS - ok
21:44:10.0547 0x06e4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:44:10.0622 0x06e4  NetBT - ok
21:44:10.0643 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] Netlogon        C:\Windows\system32\lsass.exe
21:44:10.0657 0x06e4  Netlogon - ok
21:44:10.0692 0x06e4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
21:44:10.0745 0x06e4  Netman - ok
21:44:10.0812 0x06e4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:10.0858 0x06e4  NetMsmqActivator - ok
21:44:10.0869 0x06e4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:10.0885 0x06e4  NetPipeActivator - ok
21:44:10.0913 0x06e4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
21:44:10.0988 0x06e4  netprofm - ok
21:44:11.0018 0x06e4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:11.0033 0x06e4  NetTcpActivator - ok
21:44:11.0042 0x06e4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:11.0058 0x06e4  NetTcpPortSharing - ok
21:44:11.0323 0x06e4  [ EF51B405AD8ACAAE6F0231290D20F516, 2BBD53127E1375E36590ECBA9DA6AAD133E850A90D5B5610DED99D37987CAADD ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
21:44:11.0723 0x06e4  NETw5s32 - ok
21:44:11.0932 0x06e4  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
21:44:12.0146 0x06e4  netw5v32 - ok
21:44:12.0189 0x06e4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:12.0204 0x06e4  nfrd960 - ok
21:44:12.0245 0x06e4  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:44:12.0299 0x06e4  NlaSvc - ok
21:44:12.0342 0x06e4  [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
21:44:12.0441 0x06e4  nmwcd - ok
21:44:12.0482 0x06e4  [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
21:44:12.0531 0x06e4  nmwcdc - ok
21:44:12.0551 0x06e4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:44:12.0582 0x06e4  Npfs - ok
21:44:12.0610 0x06e4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
21:44:12.0662 0x06e4  nsi - ok
21:44:12.0701 0x06e4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:44:12.0731 0x06e4  nsiproxy - ok
21:44:12.0806 0x06e4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:44:12.0869 0x06e4  Ntfs - ok
21:44:12.0930 0x06e4  [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:44:12.0952 0x06e4  NTIBackupSvc - ok
21:44:12.0993 0x06e4  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F, 97CE08B0797A6A13567B49A2AD9BE95C019E3F199857823005F68702CD6A5B08 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:44:13.0003 0x06e4  NTIDrvr - ok
21:44:13.0046 0x06e4  [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:44:13.0083 0x06e4  NTISchedulerSvc - ok
21:44:13.0109 0x06e4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
21:44:13.0138 0x06e4  Null - ok
21:44:13.0174 0x06e4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:44:13.0191 0x06e4  nvraid - ok
21:44:13.0217 0x06e4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:44:13.0235 0x06e4  nvstor - ok
21:44:13.0254 0x06e4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:44:13.0271 0x06e4  nv_agp - ok
21:44:13.0363 0x06e4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:44:13.0416 0x06e4  odserv - ok
21:44:13.0510 0x06e4  [ B3E5887095F1DE8737DA3441D29F60E4, 722DCC5F8AE62C7EE87C14AFA447EB630EDDB23C56E921E5FA8C72C12011C676 ] ogmservice      C:\Program Files\Online Games Manager\ogmservice.exe
21:44:13.0568 0x06e4  ogmservice - ok
21:44:13.0608 0x06e4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:44:13.0625 0x06e4  ohci1394 - ok
21:44:13.0795 0x06e4  [ A696D9A45009FB110922FB1A53002FAC, 1DD82A60F3CF86D8BAD82128AEC23407A673C5B7E1DA31026770E94C30B5E65E ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
21:44:13.0947 0x06e4  OODefragAgent - ok
21:44:14.0019 0x06e4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:14.0034 0x06e4  ose - ok
21:44:14.0079 0x06e4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:44:14.0140 0x06e4  p2pimsvc - ok
21:44:14.0184 0x06e4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:44:14.0218 0x06e4  p2psvc - ok
21:44:14.0247 0x06e4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:44:14.0284 0x06e4  Parport - ok
21:44:14.0329 0x06e4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:44:14.0344 0x06e4  partmgr - ok
21:44:14.0357 0x06e4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:44:14.0392 0x06e4  Parvdm - ok
21:44:14.0425 0x06e4  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:44:14.0471 0x06e4  PcaSvc - ok
21:44:14.0542 0x06e4  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:44:14.0607 0x06e4  pccsmcfd - ok
21:44:14.0622 0x06e4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
21:44:14.0639 0x06e4  pci - ok
21:44:14.0662 0x06e4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:44:14.0675 0x06e4  pciide - ok
21:44:14.0703 0x06e4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:14.0722 0x06e4  pcmcia - ok
21:44:14.0730 0x06e4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:44:14.0744 0x06e4  pcw - ok
21:44:14.0788 0x06e4  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:44:14.0833 0x06e4  PEAUTH - ok
21:44:14.0898 0x06e4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:44:15.0006 0x06e4  PeerDistSvc - ok
21:44:15.0062 0x06e4  [ A05F0D7419CF4680EEDD5736E6549E7B, D8B32DE00A317593D61016E4823370B073618F9760A785FF7DA0F26DD5E4FCAB ] pepifilter      C:\Windows\system32\DRIVERS\lv302af.sys
21:44:15.0072 0x06e4  pepifilter - ok
21:44:15.0231 0x06e4  [ 4BB5AC2DD485B8EEFCCB977EE66A68AD, 8C45E74697B2484A26DE693D179AF81F2F4DC4EC0985908A89EF6167F3096056 ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
21:44:15.0389 0x06e4  PID_PEPI - ok
21:44:15.0489 0x06e4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
21:44:15.0609 0x06e4  pla - ok
21:44:15.0684 0x06e4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:44:15.0746 0x06e4  PlugPlay - ok
21:44:15.0784 0x06e4  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:44:15.0791 0x06e4  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:44:25.0791 0x06e4  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:44:35.0862 0x06e4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:44:35.0890 0x06e4  PNRPAutoReg - ok
21:44:35.0915 0x06e4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:44:35.0936 0x06e4  PNRPsvc - ok
21:44:35.0979 0x06e4  [ 0648C9DB881557749039CFEE5E97E1A3, B26D87A585D611B0B14133A353AABE0CC305E5080A6A5701095A4DFB0D41C319 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
21:44:36.0000 0x06e4  Point32 - ok
21:44:36.0053 0x06e4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:44:36.0117 0x06e4  PolicyAgent - ok
21:44:36.0162 0x06e4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
21:44:36.0194 0x06e4  Power - ok
21:44:36.0243 0x06e4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:44:36.0298 0x06e4  PptpMiniport - ok
21:44:36.0340 0x06e4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:44:36.0384 0x06e4  Processor - ok
21:44:36.0427 0x06e4  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:44:36.0462 0x06e4  ProfSvc - ok
21:44:36.0483 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] ProtectedStorage C:\Windows\system32\lsass.exe
21:44:36.0498 0x06e4  ProtectedStorage - ok
21:44:36.0544 0x06e4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:44:36.0596 0x06e4  Psched - ok
21:44:36.0650 0x06e4  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:44:36.0671 0x06e4  PSI_SVC_2 - ok
21:44:36.0723 0x06e4  [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393, EB25ADA930E325728D0569B737FDF34295037DC14DEE7483F77E47438B849741 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:44:36.0730 0x06e4  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
21:44:46.0402 0x06e4  Detect skipped due to KSN trusted
21:44:46.0402 0x06e4  PxHelp20 - ok
21:44:46.0527 0x06e4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:44:46.0655 0x06e4  ql2300 - ok
21:44:46.0679 0x06e4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:46.0696 0x06e4  ql40xx - ok
21:44:46.0737 0x06e4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
21:44:46.0777 0x06e4  QWAVE - ok
21:44:46.0802 0x06e4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:44:46.0820 0x06e4  QWAVEdrv - ok
21:44:46.0828 0x06e4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:44:46.0858 0x06e4  RasAcd - ok
21:44:46.0908 0x06e4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:46.0959 0x06e4  RasAgileVpn - ok
21:44:46.0989 0x06e4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
21:44:47.0023 0x06e4  RasAuto - ok
21:44:47.0030 0x06e4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:47.0075 0x06e4  Rasl2tp - ok
21:44:47.0118 0x06e4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
21:44:47.0181 0x06e4  RasMan - ok
21:44:47.0189 0x06e4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:47.0228 0x06e4  RasPppoe - ok
21:44:47.0250 0x06e4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:44:47.0279 0x06e4  RasSstp - ok
21:44:47.0367 0x06e4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:44:47.0425 0x06e4  rdbss - ok
21:44:47.0451 0x06e4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:47.0492 0x06e4  rdpbus - ok
21:44:47.0523 0x06e4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:47.0567 0x06e4  RDPCDD - ok
21:44:47.0612 0x06e4  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:44:47.0661 0x06e4  RDPDR - ok
21:44:47.0680 0x06e4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:44:47.0720 0x06e4  RDPENCDD - ok
21:44:47.0730 0x06e4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:44:47.0761 0x06e4  RDPREFMP - ok
21:44:47.0827 0x06e4  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:44:47.0885 0x06e4  RdpVideoMiniport - ok
21:44:47.0918 0x06e4  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:44:47.0947 0x06e4  RDPWD - ok
21:44:47.0980 0x06e4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:44:47.0998 0x06e4  rdyboost - ok
21:44:48.0028 0x06e4  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
21:44:48.0037 0x06e4  regi - ok
21:44:48.0084 0x06e4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:44:48.0115 0x06e4  RemoteAccess - ok
21:44:48.0145 0x06e4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:44:48.0195 0x06e4  RemoteRegistry - ok
21:44:48.0239 0x06e4  [ 0F6756EF8BDA6DFA7BE50465C83132BB, 1AE76B66F04A2AE99CD1A1368D4998C8081E89578A37D7D535D8CBCAA6136AE0 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
21:44:48.0297 0x06e4  RimUsb - ok
21:44:48.0322 0x06e4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:44:48.0353 0x06e4  RpcEptMapper - ok
21:44:48.0381 0x06e4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
21:44:48.0396 0x06e4  RpcLocator - ok
21:44:48.0436 0x06e4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
21:44:48.0474 0x06e4  RpcSs - ok
21:44:48.0535 0x06e4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:44:48.0585 0x06e4  rspndr - ok
21:44:48.0639 0x06e4  [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
21:44:48.0669 0x06e4  RSUSBSTOR - ok
21:44:48.0752 0x06e4  [ B5A4B7D779CF4070DF408DE18BD33B02, 45D68D32AE10DB0D76F3455DF84ACD2289485C38FC411B71C2DD3E0FB9923473 ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:44:48.0781 0x06e4  RS_Service - detected UnsignedFile.Multi.Generic ( 1 )
21:44:58.0691 0x06e4  Detect skipped due to KSN trusted
21:44:58.0692 0x06e4  RS_Service - ok
21:44:58.0700 0x06e4  RtsUIR - ok
21:44:58.0761 0x06e4  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:44:58.0813 0x06e4  s3cap - ok
21:44:58.0831 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] SamSs           C:\Windows\system32\lsass.exe
21:44:58.0844 0x06e4  SamSs - ok
21:44:58.0888 0x06e4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:44:58.0904 0x06e4  sbp2port - ok
21:44:58.0945 0x06e4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:44:58.0998 0x06e4  SCardSvr - ok
21:44:59.0028 0x06e4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:44:59.0066 0x06e4  scfilter - ok
21:44:59.0153 0x06e4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
21:44:59.0231 0x06e4  Schedule - ok
21:44:59.0264 0x06e4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:44:59.0291 0x06e4  SCPolicySvc - ok
21:44:59.0329 0x06e4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:44:59.0391 0x06e4  SDRSVC - ok
21:44:59.0440 0x06e4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:44:59.0508 0x06e4  secdrv - ok
21:44:59.0543 0x06e4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
21:44:59.0592 0x06e4  seclogon - ok
21:44:59.0628 0x06e4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
21:44:59.0659 0x06e4  SENS - ok
21:44:59.0691 0x06e4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:44:59.0755 0x06e4  SensrSvc - ok
21:44:59.0779 0x06e4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:44:59.0808 0x06e4  Serenum - ok
21:44:59.0836 0x06e4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:44:59.0853 0x06e4  Serial - ok
21:44:59.0882 0x06e4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:44:59.0897 0x06e4  sermouse - ok
21:45:00.0021 0x06e4  [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:45:00.0078 0x06e4  ServiceLayer - ok
21:45:00.0133 0x06e4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:45:00.0194 0x06e4  SessionEnv - ok
21:45:00.0230 0x06e4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:45:00.0258 0x06e4  sffdisk - ok
21:45:00.0280 0x06e4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:45:00.0309 0x06e4  sffp_mmc - ok
21:45:00.0327 0x06e4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:45:00.0343 0x06e4  sffp_sd - ok
21:45:00.0374 0x06e4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:45:00.0388 0x06e4  sfloppy - ok
21:45:00.0441 0x06e4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:45:00.0490 0x06e4  SharedAccess - ok
21:45:00.0534 0x06e4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:45:00.0582 0x06e4  ShellHWDetection - ok
21:45:00.0615 0x06e4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:45:00.0629 0x06e4  sisagp - ok
21:45:00.0651 0x06e4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:45:00.0666 0x06e4  SiSRaid2 - ok
21:45:00.0674 0x06e4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:45:00.0690 0x06e4  SiSRaid4 - ok
21:45:00.0797 0x06e4  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:45:00.0830 0x06e4  SkypeUpdate - ok
21:45:00.0867 0x06e4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:45:00.0918 0x06e4  Smb - ok
21:45:00.0975 0x06e4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:45:01.0006 0x06e4  SNMPTRAP - ok
21:45:01.0041 0x06e4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:45:01.0056 0x06e4  spldr - ok
21:45:01.0089 0x06e4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
21:45:01.0129 0x06e4  Spooler - ok
21:45:01.0283 0x06e4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
21:45:01.0499 0x06e4  sppsvc - ok
21:45:01.0545 0x06e4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:45:01.0574 0x06e4  sppuinotify - ok
21:45:01.0654 0x06e4  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:45:01.0676 0x06e4  SQLWriter - ok
21:45:01.0718 0x06e4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:45:01.0800 0x06e4  srv - ok
21:45:01.0819 0x06e4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:45:01.0863 0x06e4  srv2 - ok
21:45:01.0889 0x06e4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:45:01.0922 0x06e4  srvnet - ok
21:45:01.0956 0x06e4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:45:01.0993 0x06e4  SSDPSRV - ok
21:45:02.0025 0x06e4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:45:02.0056 0x06e4  SstpSvc - ok
21:45:02.0115 0x06e4  [ 585FDB94DB04AC1C56298D1FD1F1389E, 5CEBAAF3B649E580B3EF2B9B38426D6EE13B244BE1274BA0C0A468EC4CFB680C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:45:02.0133 0x06e4  ssudmdm - ok
21:45:02.0185 0x06e4  [ E0B86430E0B26C10B355B9E590FD25E0, ACCAF68AB6F905DC474D49E3664D2BEC82B489813F1355E7B4E48C47051DF278 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
21:45:02.0202 0x06e4  ssudserd - ok
21:45:02.0262 0x06e4  [ EAA66218CD39F5BB1B4853A78C67C787, 59B4B270A24EDE9B30F2613A4904ECC30C60FEC27DDB87C03EC8F97C33178272 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
21:45:02.0275 0x06e4  ss_bbus - ok
21:45:02.0301 0x06e4  [ 91765F99914ED8693D8BC76524F21581, 2A5D52E05804DED18032646A501047B85FC5C383CC5442349CE525FCD49DC2DC ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
21:45:02.0312 0x06e4  ss_bmdfl - ok
21:45:02.0337 0x06e4  [ 840E7B738B03C10EE91D9B7D3D6EFF15, DE72972834532588C44CD558BEDEE7189F1E2ABC46DD7D6D55117FDCCF928C4B ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
21:45:02.0350 0x06e4  ss_bmdm - ok
21:45:02.0374 0x06e4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:45:02.0387 0x06e4  stexstor - ok
21:45:02.0436 0x06e4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:45:02.0491 0x06e4  StiSvc - ok
21:45:02.0521 0x06e4  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:45:02.0536 0x06e4  storflt - ok
21:45:02.0563 0x06e4  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
21:45:02.0598 0x06e4  StorSvc - ok
21:45:02.0628 0x06e4  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:45:02.0642 0x06e4  storvsc - ok
21:45:02.0673 0x06e4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:45:02.0686 0x06e4  swenum - ok
21:45:02.0709 0x06e4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
21:45:02.0781 0x06e4  swprv - ok
21:45:02.0831 0x06e4  [ C93AA00FB1386CC00D0A66BA41847421, DAE280511F7FDD419CB04794A623DDEF7A8921510DA1F2823955B1AB8FC45560 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:45:02.0849 0x06e4  SynTP - ok
21:45:02.0911 0x06e4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
21:45:03.0008 0x06e4  SysMain - ok
21:45:03.0056 0x06e4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
21:45:03.0077 0x06e4  TabletInputService - ok
21:45:03.0120 0x06e4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:45:03.0167 0x06e4  TapiSrv - ok
21:45:03.0200 0x06e4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
21:45:03.0233 0x06e4  TBS - ok
21:45:03.0311 0x06e4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:45:03.0392 0x06e4  Tcpip - ok
21:45:03.0451 0x06e4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:45:03.0497 0x06e4  TCPIP6 - ok
21:45:03.0544 0x06e4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:45:03.0559 0x06e4  tcpipreg - ok
21:45:03.0593 0x06e4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:45:03.0619 0x06e4  TDPIPE - ok
21:45:03.0638 0x06e4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:45:03.0653 0x06e4  TDTCP - ok
21:45:03.0681 0x06e4  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:45:03.0710 0x06e4  tdx - ok
21:45:03.0736 0x06e4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:45:03.0750 0x06e4  TermDD - ok
21:45:03.0804 0x06e4  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
21:45:03.0898 0x06e4  TermService - ok
21:45:03.0926 0x06e4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
21:45:03.0945 0x06e4  Themes - ok
21:45:03.0956 0x06e4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:45:03.0986 0x06e4  THREADORDER - ok
21:45:04.0002 0x06e4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
21:45:04.0034 0x06e4  TrkWks - ok
21:45:04.0100 0x06e4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:45:04.0158 0x06e4  TrustedInstaller - ok
21:45:04.0187 0x06e4  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:04.0201 0x06e4  tssecsrv - ok
21:45:04.0240 0x06e4  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:45:04.0300 0x06e4  TsUsbFlt - ok
21:45:04.0351 0x06e4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:45:04.0394 0x06e4  tunnel - ok
21:45:04.0422 0x06e4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:45:04.0437 0x06e4  uagp35 - ok
21:45:04.0460 0x06e4  [ D79C0B9BB011218B93705CBF77FA3E5E, 9205A736E110740AD63A2EBB94676BEE2C89A1EF8168E35FBB9CE82EE32D45EB ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:45:04.0472 0x06e4  UBHelper - ok
21:45:04.0500 0x06e4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:45:04.0558 0x06e4  udfs - ok
21:45:04.0608 0x06e4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:45:04.0645 0x06e4  UI0Detect - ok
21:45:04.0703 0x06e4  [ 9F643D4C0F88ABFE8023236A69E52A76, 65CEA73D6B280AB298E2504B11D641E16FDB683EC088DA93C8B738AE41BA3808 ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
21:45:04.0717 0x06e4  UimBus - ok
21:45:04.0765 0x06e4  [ A6EDD08ED92FBF20FCF45D9C63E3235B, 6FA8AE9CE7BA8601DDCC3AAC5DB7CB432AA1B017F48832000262DD5A6FE01B0E ] Uim_DEVIM       C:\Windows\system32\DRIVERS\uim_devim.sys
21:45:04.0778 0x06e4  Uim_DEVIM - ok
21:45:04.0815 0x06e4  [ DCE5E9644069981C7646D1CC83A938A2, ABB01072E6014AE94949C198223703B8D413BD4343CF6D87C3931B80F3EC9FFF ] Uim_IM          C:\Windows\system32\DRIVERS\uim_im.sys
21:45:04.0857 0x06e4  Uim_IM - ok
21:45:04.0895 0x06e4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:45:04.0910 0x06e4  uliagpkx - ok
21:45:04.0955 0x06e4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:45:04.0972 0x06e4  umbus - ok
21:45:05.0021 0x06e4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:45:05.0036 0x06e4  UmPass - ok
21:45:05.0063 0x06e4  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:45:05.0098 0x06e4  UmRdpService - ok
21:45:05.0168 0x06e4  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:45:05.0202 0x06e4  Updater Service - ok
21:45:05.0232 0x06e4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
21:45:05.0301 0x06e4  upnphost - ok
21:45:05.0358 0x06e4  [ 8721F55D8BC9F89E3A63CEBDF5EF4FA3, C0C82480014B646709869A6A6FA2B71B993F9FCD8E2DB9E8F7D341C21EE169CF ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:45:05.0402 0x06e4  upperdev - ok
21:45:05.0441 0x06e4  [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:45:05.0462 0x06e4  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
21:45:15.0152 0x06e4  Detect skipped due to KSN trusted
21:45:15.0152 0x06e4  USBAAPL - ok
21:45:15.0242 0x06e4  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:45:15.0289 0x06e4  usbaudio - ok
21:45:15.0318 0x06e4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:15.0385 0x06e4  usbccgp - ok
21:45:15.0392 0x06e4  USBCCID - ok
21:45:15.0451 0x06e4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:45:15.0485 0x06e4  usbcir - ok
21:45:15.0519 0x06e4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:45:15.0549 0x06e4  usbehci - ok
21:45:15.0605 0x06e4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:45:15.0638 0x06e4  usbhub - ok
21:45:15.0657 0x06e4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:45:15.0694 0x06e4  usbohci - ok
21:45:15.0737 0x06e4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:45:15.0779 0x06e4  usbprint - ok
21:45:15.0805 0x06e4  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:45:15.0854 0x06e4  usbscan - ok
21:45:15.0904 0x06e4  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
21:45:15.0974 0x06e4  usbser - ok
21:45:15.0995 0x06e4  [ 4E66C71D8D010BFB0DF1042D25E9CB0F, E581ED3557A06FEE7F35DF1C18C7D74FEFD1FC5E6CDAD6692F66F4A033830F1C ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:45:16.0045 0x06e4  UsbserFilt - ok
21:45:16.0084 0x06e4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:16.0121 0x06e4  USBSTOR - ok
21:45:16.0146 0x06e4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:45:16.0183 0x06e4  usbuhci - ok
21:45:16.0247 0x06e4  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:45:16.0288 0x06e4  usbvideo - ok
21:45:16.0324 0x06e4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
21:45:16.0388 0x06e4  UxSms - ok
21:45:16.0409 0x06e4  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] VaultSvc        C:\Windows\system32\lsass.exe
21:45:16.0423 0x06e4  VaultSvc - ok
21:45:16.0453 0x06e4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:45:16.0467 0x06e4  vdrvroot - ok
21:45:16.0512 0x06e4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
21:45:16.0573 0x06e4  vds - ok
21:45:16.0633 0x06e4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:16.0650 0x06e4  vga - ok
21:45:16.0675 0x06e4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:45:16.0727 0x06e4  VgaSave - ok
21:45:16.0767 0x06e4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:45:16.0785 0x06e4  vhdmp - ok
21:45:16.0826 0x06e4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:45:16.0841 0x06e4  viaagp - ok
21:45:16.0861 0x06e4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:45:16.0900 0x06e4  ViaC7 - ok
21:45:16.0935 0x06e4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:45:16.0948 0x06e4  viaide - ok
21:45:16.0981 0x06e4  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:45:17.0000 0x06e4  vmbus - ok
21:45:17.0017 0x06e4  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:45:17.0043 0x06e4  VMBusHID - ok
21:45:17.0052 0x06e4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:45:17.0068 0x06e4  volmgr - ok
21:45:17.0102 0x06e4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:45:17.0125 0x06e4  volmgrx - ok
21:45:17.0155 0x06e4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:45:17.0177 0x06e4  volsnap - ok
21:45:17.0216 0x06e4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:45:17.0233 0x06e4  vsmraid - ok
21:45:17.0290 0x06e4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
21:45:17.0380 0x06e4  VSS - ok
21:45:17.0410 0x06e4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:45:17.0457 0x06e4  vwifibus - ok
21:45:17.0493 0x06e4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:45:17.0511 0x06e4  vwififlt - ok
21:45:17.0547 0x06e4  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:45:17.0565 0x06e4  vwifimp - ok
21:45:17.0700 0x06e4  [ E26744E5DD71A16E80D4DD5A286B8423, 877F06ADDDF60D3524055C7FF0D9D04BE7A6477F64CF8030576025E72598EB25 ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
21:45:17.0809 0x06e4  VX3000 - ok
21:45:17.0860 0x06e4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
21:45:17.0934 0x06e4  W32Time - ok
21:45:17.0970 0x06e4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:45:17.0985 0x06e4  WacomPen - ok
21:45:18.0027 0x06e4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:45:18.0059 0x06e4  WANARP - ok
21:45:18.0065 0x06e4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:45:18.0092 0x06e4  Wanarpv6 - ok
21:45:18.0224 0x06e4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:45:18.0312 0x06e4  WatAdminSvc - ok
21:45:18.0401 0x06e4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
21:45:18.0510 0x06e4  wbengine - ok
21:45:18.0563 0x06e4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:45:18.0587 0x06e4  WbioSrvc - ok
21:45:18.0630 0x06e4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:45:18.0667 0x06e4  wcncsvc - ok
21:45:18.0687 0x06e4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:45:18.0743 0x06e4  WcsPlugInService - ok
21:45:18.0764 0x06e4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:45:18.0777 0x06e4  Wd - ok
21:45:18.0820 0x06e4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:45:18.0866 0x06e4  Wdf01000 - ok
21:45:18.0904 0x06e4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:45:18.0926 0x06e4  WdiServiceHost - ok
21:45:18.0932 0x06e4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:45:18.0948 0x06e4  WdiSystemHost - ok
21:45:18.0984 0x06e4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
21:45:19.0020 0x06e4  WebClient - ok
21:45:19.0046 0x06e4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:45:19.0103 0x06e4  Wecsvc - ok
21:45:19.0126 0x06e4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:45:19.0155 0x06e4  wercplsupport - ok
21:45:19.0206 0x06e4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
21:45:19.0258 0x06e4  WerSvc - ok
21:45:19.0313 0x06e4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:45:19.0345 0x06e4  WfpLwf - ok
21:45:19.0360 0x06e4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:45:19.0375 0x06e4  WIMMount - ok
21:45:19.0478 0x06e4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:45:19.0601 0x06e4  WinDefend - ok
21:45:19.0631 0x06e4  WinHttpAutoProxySvc - ok
21:45:19.0712 0x06e4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:45:19.0744 0x06e4  Winmgmt - ok
21:45:19.0828 0x06e4  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:45:19.0923 0x06e4  WinRM - ok
21:45:19.0982 0x06e4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:45:20.0020 0x06e4  WinUsb - ok
21:45:20.0087 0x06e4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:45:20.0168 0x06e4  Wlansvc - ok
21:45:20.0213 0x06e4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:45:20.0240 0x06e4  WmiAcpi - ok
21:45:20.0294 0x06e4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:45:20.0322 0x06e4  wmiApSrv - ok
21:45:20.0435 0x06e4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:45:20.0534 0x06e4  WMPNetworkSvc - ok
21:45:20.0567 0x06e4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:45:20.0603 0x06e4  WPCSvc - ok
21:45:20.0642 0x06e4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:45:20.0684 0x06e4  WPDBusEnum - ok
21:45:20.0729 0x06e4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:45:20.0758 0x06e4  ws2ifsl - ok
21:45:20.0782 0x06e4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:45:20.0802 0x06e4  wscsvc - ok
21:45:20.0808 0x06e4  WSearch - ok
21:45:20.0923 0x06e4  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\Windows\system32\wuaueng.dll
21:45:21.0045 0x06e4  wuauserv - ok
21:45:21.0081 0x06e4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:45:21.0111 0x06e4  WudfPf - ok
21:45:21.0165 0x06e4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:21.0197 0x06e4  WUDFRd - ok
21:45:21.0222 0x06e4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:45:21.0239 0x06e4  wudfsvc - ok
21:45:21.0269 0x06e4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:45:21.0330 0x06e4  WwanSvc - ok
21:45:21.0370 0x06e4  ================ Scan global ===============================
21:45:21.0398 0x06e4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
21:45:21.0424 0x06e4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:45:21.0440 0x06e4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:45:21.0468 0x06e4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
21:45:21.0511 0x06e4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
21:45:21.0532 0x06e4  [ Global ] - ok
21:45:21.0532 0x06e4  ================ Scan MBR ==================================
21:45:21.0548 0x06e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:45:21.0942 0x06e4  \Device\Harddisk0\DR0 - ok
21:45:22.0192 0x06e4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:45:22.0394 0x06e4  \Device\Harddisk1\DR1 - ok
21:45:22.0394 0x06e4  ================ Scan VBR ==================================
21:45:22.0399 0x06e4  [ 0E505144060518FD78667C91B4FC3F4C ] \Device\Harddisk0\DR0\Partition1
21:45:22.0447 0x06e4  \Device\Harddisk0\DR0\Partition1 - ok
21:45:22.0456 0x06e4  [ 5355EF96BD341A0C3D67E4C50F387192 ] \Device\Harddisk0\DR0\Partition2
21:45:22.0506 0x06e4  \Device\Harddisk0\DR0\Partition2 - ok
21:45:22.0529 0x06e4  [ C6D781860B39462D325FDAA419B6605C ] \Device\Harddisk0\DR0\Partition3
21:45:22.0531 0x06e4  \Device\Harddisk0\DR0\Partition3 - ok
21:45:22.0539 0x06e4  [ 0574A452B78073454F140F73BBA1BA25 ] \Device\Harddisk1\DR1\Partition1
21:45:22.0543 0x06e4  \Device\Harddisk1\DR1\Partition1 - ok
21:45:22.0547 0x06e4  ================ Scan generic autorun ======================
21:45:22.0610 0x06e4  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
21:45:22.0631 0x06e4  IAAnotif - ok
21:45:22.0690 0x06e4  [ E1B256B757927A1A11FB000B8367BC97, EBAEF95D1297F267D540F45879E20FAC7A2FBCE5B09881BA2F93DE33819E6A3F ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
21:45:22.0735 0x06e4  cAudioFilterAgent - ok
21:45:22.0789 0x06e4  [ DBA9AA300B71FA6D28D72D65D25CCF13, FC749201863D9142B2D93378D8C42CB807FD284719973A766FF61DEDFDD96D21 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
21:45:22.0819 0x06e4  Acer ePower Management - ok
21:45:22.0870 0x06e4  [ 5D6DDC47D96FB9E26FB457E8FCDEC031, D10AADBFCA0848A00C11E9133D823DEED7FDBDE678E13174EFC5B9350AEC01B5 ] C:\Program Files\Launch Manager\LManager.exe
21:45:22.0907 0x06e4  LManager - ok
21:45:22.0996 0x06e4  [ 9ED471B3802FD5611F98043EDD05FB83, ECC45519880A3A604BEDD2AC57F05A5E7D20C53EA0D5C2EEB033D8BEBED299B0 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
21:45:23.0105 0x06e4  SynTPEnh - ok
21:45:23.0227 0x06e4  [ 89C3452463F18E74B578130FEE03F45C, 11DA28EFE26DBE6D5FCC6770F6F963A7D6D283C54E434EB639647539712528D6 ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
21:45:23.0312 0x06e4  AVG9_TRAY - ok
21:45:23.0381 0x06e4  [ A591CADA7FAEA205F5A4FA1D156AE6A8, 6B242D58CE2A4D4E490F01945CF86E4F968F773112C80EBC341624C9740E377B ] C:\Windows\vVX3000.exe
21:45:23.0455 0x06e4  VX3000 - ok
21:45:23.0491 0x06e4  [ 19BE5BF2FF9283894BC0F22322FDF56B, DB1B35B4D65C7BF8BC24C730899E93F10C45FC615C45129B01B76BCEAD9928E0 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe
21:45:23.0505 0x06e4  LifeCam - ok
21:45:23.0524 0x06e4  [ FA75594EED65C420D75F01D54788F9E4, 471FDE66F62FA5F1A45818180E8AABD0AFD802A3DFB55D1FBFD2B3090A3AED44 ] C:\Windows\system32\igfxtray.exe
21:45:23.0541 0x06e4  IgfxTray - ok
21:45:23.0571 0x06e4  [ D282AF9E91C1F1E66FC3858DCCE33303, B0E423DB6A6F8F744CC749AA3835344B25FFAFCEB27EF574E1BFF3780B332CDC ] C:\Windows\system32\hkcmd.exe
21:45:23.0588 0x06e4  HotKeysCmds - ok
21:45:23.0611 0x06e4  [ 401274DE05B52704B006F913D43BE1DD, B26C0C6932A020525A750E9565F3C74ACDDC7CDDAD388D5853904697938CD5E1 ] C:\Windows\system32\igfxpers.exe
21:45:23.0648 0x06e4  Persistence - ok
21:45:23.0725 0x06e4  [ DE18C59221DC6F85A37C80B919389CDE, AEBDF3D1C861E1483B24F58761D1EFB6F8DCB1296368C1B0823F5722357B4372 ] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
21:45:23.0794 0x06e4  IntelliType Pro - ok
21:45:23.0876 0x06e4  [ 5D4C94D357E8A0E087C12CD52DE4E4B6, D7B89DC9B6970FC54C766631E87A2D4BB58623C0A616DEECEF9F029EE7BC746F ] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
21:45:23.0983 0x06e4  IntelliPoint - ok
21:45:24.0138 0x06e4  [ 5FBA0223D339D0C5E20216B645B5EF95, 8F025BD7C5573525F67EB55AF76FB0D3C7411A8ADC19D1E29D9E855D78B760B6 ] C:\Program Files\OO Software\Defrag\oodtray.exe
21:45:24.0272 0x06e4  OODefragTray - ok
21:45:24.0328 0x06e4  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
21:45:24.0339 0x06e4  GrooveMonitor - ok
21:45:24.0421 0x06e4  [ B895A1A6E0B59DD9A7416C176FB56893, 10BD17147FB13A31794C129220449A087FF49115C30906596E76E1B44CCD180F ] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
21:45:24.0462 0x06e4  KiesTrayAgent - ok
21:45:24.0623 0x06e4  [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
21:45:24.0748 0x06e4  LogitechQuickCamRibbon - ok
21:45:24.0814 0x06e4  A1Diagnose - ok
21:45:24.0861 0x06e4  [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files\PDF24\pdf24.exe
21:45:24.0877 0x06e4  PDFPrint - ok
21:45:24.0975 0x06e4  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:45:25.0045 0x06e4  Adobe ARM - ok
21:45:25.0134 0x06e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:45:25.0242 0x06e4  Sidebar - ok
21:45:25.0277 0x06e4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:45:25.0299 0x06e4  mctadmin - ok
21:45:25.0349 0x06e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:45:25.0391 0x06e4  Sidebar - ok
21:45:25.0401 0x06e4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:45:25.0420 0x06e4  mctadmin - ok
21:45:25.0532 0x06e4  [ E4B1E6B06E2479FCDA44BC27D8D7E5A2, 9E29C1CCA08C94DB3232CA70A28651C6E0430FD5AB044D3CB16963F602A27004 ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
21:45:25.0579 0x06e4  GarminExpressTrayApp - ok
21:45:25.0611 0x06e4  swg - ok
21:45:25.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:26.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:27.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:28.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:29.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:30.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:31.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:32.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:33.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:34.0612 0x06e4  Waiting for KSN requests completion. In queue: 93
21:45:35.0670 0x06e4  AV detected via SS2: AVG Anti-Virus Free, C:\Program Files\AVG\AVG9\avgwsc.exe ( 9.0.0.832 ), 0x41000 ( enabled : updated )
21:45:35.0678 0x06e4  Win FW state via NFP2: enabled
21:45:45.0383 0x06e4  ============================================================
21:45:45.0383 0x06e4  Scan finished
21:45:45.0383 0x06e4  ============================================================
21:45:45.0402 0x12f8  Detected object count: 2
21:45:45.0403 0x12f8  Actual detected object count: 2
21:46:32.0002 0x12f8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:46:32.0003 0x12f8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:46:32.0005 0x12f8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:46:32.0005 0x12f8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 16.05.2015, 20:53   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.05.2015, 21:03   #9
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Hi Jürgen, vielen Dank für deine Hilfe: mal eine kurze Zwischenfrage: Wenn ich die Antiviren Software deaktiviere, würde ich gefühlsmäßig die Internetverbindung vorher kappen, was sagst du dazu?

Kann man schon irgendwas sagen über den "Befall"? Ich komme mir ein wenig ferngesteuert vor...

nina

Alt 16.05.2015, 21:07   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Ferngesteuert? Wie hast Du Dir denn die Hilfe über ein Forum vorgestellt?
Schon mal andere Threads gelesen?

Nö, PC brauchst nicht vom Internet trennen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.05.2015, 22:31   #11
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Ja, schon klar, dass es so laufen muss. Sollte auch keine Kritik sein. Bin sehr dankbar über die Hilfe!

Leider habe ich es nicht geschafft meinen AVG free 9 zu deaktivieren, deswegen kamen auch einige Warnmeldungen...

Im Vorfeld hätte ich versucht den zu deinstallieren und durch AVIRA zu ersetzen- bei der Deinstallation hatte ich auch schon meine Probleme, deswegen ist der überhaupt noch da...
a
Hier das logfile:
Code:
ATTFilter
ComboFix 15-05-13.01 - nina 16.05.2015  22:49:08.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.1977.1166 [GMT 2:00]
ausgeführt von:: c:\users\nina\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Acer GameZone online.ico
c:\users\nina\AppData\Roaming\.#
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\unin0407.exe
G:\Autorun.inf
G:\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-16 bis 2015-05-16  ))))))))))))))))))))))))))))))
.
.
2015-05-16 20:59 . 2015-05-16 21:11	--------	d-----w-	c:\users\nina\AppData\Local\temp
2015-05-16 20:59 . 2015-05-16 20:59	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2015-05-16 10:01 . 2015-05-16 10:01	--------	d-----w-	c:\program files\ESET
2015-05-16 08:35 . 2015-05-16 08:36	--------	d-----w-	c:\program files\FireFox
2015-05-15 18:14 . 2015-05-15 18:14	--------	d-----w-	c:\programdata\AVG Security Toolbar
2015-05-15 13:47 . 2015-05-15 13:50	--------	d-----w-	C:\FRST
2015-05-14 09:00 . 2015-05-14 09:00	--------	d-----w-	c:\programdata\HappyFoto-Designer
2015-05-01 18:10 . 2015-05-01 18:10	229608	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2015-04-19 17:01 . 2015-03-10 03:08	1237504	----a-w-	c:\windows\system32\msxml3.dll
2015-04-19 17:01 . 2015-03-10 03:05	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 07:56 . 2012-04-25 11:43	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-04-15 07:56 . 2011-12-09 16:51	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-26 03:11 . 2015-03-28 09:41	2381312	----a-w-	c:\windows\system32\win32k.sys
2015-02-20 04:13 . 2015-03-28 09:38	26624	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-28 09:38	70656	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-28 09:38	10240	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-28 09:38	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-28 09:38	299008	----a-w-	c:\windows\system32\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:01	1230080	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-07 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-24 825864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2014-12-10 2079792]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"A1Diagnose"="c:\program files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe" [2014-05-19 31581288]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-07-04 191528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-31 451416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2013-07-28 226016]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys [2014-05-19 20616]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 2336072]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 07:56]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 10:22]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 10:22]
.
2015-05-02 c:\windows\Tasks\Paragon Archive name arc_121014163721442.job
- c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40]
.
2015-04-02 c:\windows\Tasks\Paragon Archive name arc_121014163857289.job
- c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40]
.
2015-04-03 c:\windows\Tasks\Paragon Archive name arc_121014164007286.job
- c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40]
.
2015-04-03 c:\windows\Tasks\Paragon Archive name arc_121014164056536.job
- c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
IE: 	c:\users\nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloadernew.htm
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxps://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
AddRemove-LucasArts' Monkey4 - c:\windows\unin0407.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-16  23:15:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-16 21:14
.
Vor Suchlauf: 14 Verzeichnis(se), 25.158.467.584 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 25.282.912.256 Bytes frei
.
- - End Of File - - 7124F89938172E7B50D00BA371470007
A36C5E4F47E84449FF07ED3517B43A31
         
sind wir jetzt schlauer?

Alt 17.05.2015, 07:22   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Was mich etwas wundert, dass weder ESET noch AVG die Infektion detektieren.

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
HKLM\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X]
Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] ()
AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:270A3983
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.


Bitte teste jetzt mal ob die Meldungen noch kommen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.05.2015, 10:56   #13
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



So, hier der Inhalt der Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02
Ran by nina at 2015-05-17 11:53:47 Run:1
Running from C:\Users\nina\Downloads
Loaded Profiles: nina (Available profiles: nina & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X]
Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] ()
AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:270A3983
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:6641B59F
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
         
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Value not found.
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif not found.
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Value not found.
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. 
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
C:\ProgramData\TEMP => ":0B9176C0" ADS removed successfully.
C:\ProgramData\TEMP => ":0ED4AC2F" ADS removed successfully.
C:\ProgramData\TEMP => ":140AD176" ADS removed successfully.
C:\ProgramData\TEMP => ":260575F1" ADS removed successfully.
C:\ProgramData\TEMP => ":270A3983" ADS removed successfully.
C:\ProgramData\TEMP => ":2C678471" ADS removed successfully.
C:\ProgramData\TEMP => ":32A82570" ADS removed successfully.
C:\ProgramData\TEMP => ":4673E9EA" ADS removed successfully.
C:\ProgramData\TEMP => ":5BC73C48" ADS removed successfully.
C:\ProgramData\TEMP => ":6017A808" ADS removed successfully.
C:\ProgramData\TEMP => ":6641B59F" ADS removed successfully.
C:\ProgramData\TEMP => ":6F1F66C0" ADS removed successfully.
C:\ProgramData\TEMP => ":7B52659E" ADS removed successfully.
C:\ProgramData\TEMP => ":E51234A9" ADS removed successfully.


The system needed a reboot. 

==== End of Fixlog 11:53:53 ====
         
habe jetzt avira statt avg free installiert. soll ich combofix bei deaktiviertem avira nochmal durchlaufen lassen?

Alt 17.05.2015, 11:14   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



Nein. Was ist mit...

Zitat:
Bitte teste jetzt mal ob die Meldungen noch kommen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.05.2015, 11:15   #15
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login



...und hier noch der neuerliche Log vom FRST Scan.

Kontrolle auf OB Homepage: Meldung kommt nach wie vor.
Riecht für mich stark nach neu Aufsetzen...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by nina (administrator) on ACERNOTEBOOK on 17-05-2015 12:08:34
Running from C:\Users\nina\Downloads
Loaded Profiles: nina (Available profiles: nina & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\FireFox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4AD (the data entry has 226 more characters).
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF NetworkProxy: "autoconfig_url", "https://guardvpn.net/facebook.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\searchplugins\yahoo_ff.xml [2015-04-07]
FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02]
FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21]
FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21]
FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27]

Chrome: 
=======
CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\nina\AppData\Local\Temp\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Users\nina\Downloads\FRST-OlderVersion
2015-05-17 10:10 - 2015-05-17 10:10 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Avira
2015-05-17 10:06 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-05-17 09:57 - 2015-05-17 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\ProgramData\Avira
2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\Program Files\Avira
2015-05-17 09:57 - 2015-05-17 09:57 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-16 23:15 - 2015-05-16 23:15 - 00016193 _____ () C:\ComboFix.txt
2015-05-16 22:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-16 22:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-16 22:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-16 22:36 - 2015-05-16 23:15 - 00000000 ____D () C:\Qoobox
2015-05-16 22:36 - 2015-05-16 23:13 - 00000000 ____D () C:\Windows\erdnt
2015-05-16 21:56 - 2015-05-16 21:56 - 05623645 ____R (Swearware) C:\Users\nina\Desktop\ComboFix.exe
2015-05-16 21:40 - 2015-05-16 21:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\nina\Desktop\tdsskiller.exe
2015-05-16 14:09 - 2015-05-16 14:09 - 00002142 _____ () C:\Users\nina\Desktop\eset.txt
2015-05-16 12:01 - 2015-05-16 12:01 - 00000000 ____D () C:\Program Files\ESET
2015-05-16 10:35 - 2015-05-16 10:36 - 00000000 ____D () C:\Program Files\FireFox
2015-05-15 15:49 - 2015-05-15 15:50 - 00044597 _____ () C:\Users\nina\Downloads\Addition.txt
2015-05-15 15:48 - 2015-05-17 12:08 - 00020240 _____ () C:\Users\nina\Downloads\FRST.txt
2015-05-15 15:47 - 2015-05-17 12:08 - 00000000 ____D () C:\FRST
2015-05-15 15:46 - 2015-05-17 11:53 - 01146368 _____ (Farbar) C:\Users\nina\Downloads\FRST.exe
2015-05-15 15:42 - 2015-05-15 15:42 - 00000470 _____ () C:\Users\nina\Downloads\defogger_disable.log
2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable
2015-05-15 15:41 - 2015-05-15 15:41 - 00050477 _____ () C:\Users\nina\Downloads\Defogger.exe
2015-05-15 15:31 - 2015-05-15 15:31 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\nina\Downloads\avira_de_av_5555f4ed49790__ws.exe
2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer
2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log
2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer
2015-05-14 10:54 - 2015-05-14 10:59 - 316562064 _____ ( ) C:\Users\nina\Downloads\HappyFoto-Designer.exe
2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe
2015-04-19 21:51 - 2015-04-19 21:51 - 00002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:03 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 12:03 - 2009-07-07 02:17 - 01523751 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 11:59 - 2015-03-30 09:26 - 00007427 _____ () C:\Windows\setupact.log
2015-05-17 11:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 11:58 - 2015-04-03 10:21 - 00169732 _____ () C:\Windows\PFRO.log
2015-05-17 11:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 09:57 - 2013-07-28 12:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-17 09:15 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 09:06 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast
2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-16 23:11 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-16 20:45 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-16 10:07 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina
2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db
2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer
2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer
2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job
2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc
2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird
2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype
2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna
2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne
2015-04-19 21:51 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0
2015-04-19 21:51 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8
2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin
2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm
2015-04-19 21:51 - 2015-04-19 21:51 - 0002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg
2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log
2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\nina\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:23

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Online Banking vermutlich Phishing vor Login
anhang, aufforderung, banking, eingabe, erscheint, formation, funktioniert, gestern, handy, handynummer, information, installation, login, online, online banking, phishing, phone, scan, seite, seltsame, software, tans, troja, vermutlich, vorerst



Ähnliche Themen: Online Banking vermutlich Phishing vor Login


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Windows 8.1: Online-Banking-Trojaner (BAWAG) entfernt, noch immer falsche Login-Seite
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (24)
  3. Online Banking gesperrt wg. Phishing
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (9)
  4. Merkwürdige TAN-Abfrage nach Login bei Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (27)
  5. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  6. Kreditkartenabfrage nach Online-Banking-Login - Trojan.BTSoft.Gen ?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  7. Phishing-Attacke, Bereinigung vor Online-Banking-Entsperrung nötig
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (8)
  8. PIN angeblich falsch mit TAN bestätigen - Login online Banking comdirect
    Log-Analyse und Auswertung - 28.04.2012 (15)
  9. Commerzbank Online-Banking Phishing???
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (6)
  10. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  11. Phishing Trojaner Sparkasse Online Banking
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (57)
  12. Online-Banking (Sparkasse) verlangt nach Login Eingabe von mehreren TAN
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (1)
  13. Phishing Online Banking Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  14. firefox schließt bei onlinebanking, t-online login....
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (22)
  15. Bin vermutlich in eine Phishing Falle geraten
    Log-Analyse und Auswertung - 09.12.2009 (3)
  16. Verdacht auf Viren (Phishing / Online-Banking)
    Log-Analyse und Auswertung - 12.11.2009 (53)
  17. Online Banking gesperrt wegen Phishing und Trojanern
    Log-Analyse und Auswertung - 15.06.2009 (6)

Zum Thema Online Banking vermutlich Phishing vor Login - Moin, seit gestern kommt beim Login Versuch auf meiner Online Banking Seite eine seltsame Meldung. Es erscheint die Aufforderung zur Installation von Software auf dem Smartphone und dazu wird die - Online Banking vermutlich Phishing vor Login...
Archiv
Du betrachtest: Online Banking vermutlich Phishing vor Login auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.