|
Log-Analyse und Auswertung: Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf InfizierungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.03.2014, 09:57 | #1 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Lieber Helferinnen, liebe Helfer, ich wende mich an Euch mit der Bitte um Hilfe. Ich benutze Windows Home 7 Premium in einer 64bit Version. Bei dem Versuch Java Runtime auf den neusten Stand zu bringen, gab es ein Problem (welches ich inzwischen lösen konnte, indem ich JRE komplett deinstalliert und dann neu installiert habe). JAVA forderte mich auf das Fixit Programm von Microsoft auszuführen (MicrosoftFixit.ProgramInstallUninstall.RNP.Run). Dabei bekomme ich jedoch folgende Fehlermeldung: We're sorry, but the program encountered an erro trying to contact the server. Please try again later. [Code 8004FE2C] Eine kurze Google-Suche deutet in mehreren Fällen auf eine Infizierung des Systems mit Schadsoftware. Um diese Situation bei mir ausschließen zu können, wende ich mich an Euch. Ich habe versucht, mich an die "Für alle Hilfesuchenden!"-Regeln zu halten, defogger, FRST und GMER installiert und ausgeführt, es folgt der jeweilige Inhalt der jeweiligen Textdateien . Ich bin sehr froh über die Möglichkeit, die mir dieses Forum bietet, bin mir dabei völlig im Klaren, dass jegliche Hilfe alles andere als eine Selbstverständlichkeit ist und danke Euch deshalb schon im Voraus für Eure Mühe. Viele Grüße Max defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:20 on 16/03/2014 (Alex) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Alex (administrator) on MOSES on 16-03-2014 09:20:46 Running from C:\Users\Alex\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EeeManager.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\EMOSDControl.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMMessageParser.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2010-07-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor) HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [OOBESetup] - C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-11-12] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [AsShellApplication] - C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [NCInstallQueue] - rundll32 netman.dll,ProcessQueue [360448 2009-07-14] (Microsoft Corporation) HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2 HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\schtasks.lnk ShortcutTarget: schtasks.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fm4.orf.at/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCACA911FDE26CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DCC000FF046C4137&affID=119557&tt=070813_wc1&tsp=4970 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO-x32: SaveByclick - {54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} - C:\ProgramData\SaveByclick\5102497f92a47.dll () BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF Homepage: hxxp://fm4.orf.at/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SaveByclick - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\5102497f928b4@5102497f928ef.com [2013-01-25] FF Extension: German Dictionary - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-15] FF Extension: Zotero Word for Windows Integration - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zoteroWinWordIntegration@zotero.org [2013-12-12] FF Extension: Hide My Ass Proxy Extension - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\extension@hidemyass.com.xpi [2011-09-10] FF Extension: Stealthy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\stealthyextension@gmail.com.xpi [2011-09-10] FF Extension: TrackMeNot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2011-06-01] FF Extension: Zotero - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-03-10] FF Extension: NoScript - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-01] FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-01] FF Extension: BetterPrivacy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-07-01] FF Extension: vshare Add-On - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-13] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2013-12-28] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [] Chrome: ======= CHR Extension: (SaveByclick) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh [2013-01-25] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-01-31] ==================== Services (Whitelisted) ================= R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project) ==================== Drivers (Whitelisted) ==================== R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140314.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\ENG64.SYS [126040 2014-03-10] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\EX64.SYS [2099288 2014-03-10] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 kxddypow; \??\C:\Users\Alex\AppData\Local\Temp\kxddypow.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-16 09:20 - 2014-03-16 09:20 - 00021188 _____ () C:\Users\Alex\Desktop\FRST.txt 2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log 2014-03-16 09:19 - 2014-03-16 08:42 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2014-03-16 09:19 - 2014-03-16 08:42 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe 2014-03-16 09:19 - 2014-03-16 08:42 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe 2014-03-16 09:04 - 2014-03-16 09:20 - 00000000 ____D () C:\FRST 2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable 2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-13 20:49 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 20:49 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 20:49 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 20:49 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 20:49 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 20:49 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 20:49 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 20:49 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 20:49 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 20:49 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 20:49 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 20:49 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 20:49 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 20:49 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 20:49 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 20:49 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 20:49 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 20:49 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 20:49 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 20:49 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 20:49 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 20:49 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 20:49 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 20:49 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 20:49 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 20:49 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 20:49 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 20:49 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 20:49 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 20:49 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 20:49 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 20:49 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 20:49 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 20:49 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 20:49 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 20:49 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 20:49 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 20:49 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 20:49 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 20:49 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 20:49 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 20:49 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 20:49 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 20:49 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 20:49 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 20:49 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 20:49 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 20:49 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-06 08:47 - 2014-03-06 08:46 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype 2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp 2014-02-16 13:53 - 2014-02-16 13:53 - 00058516 _____ () C:\Users\Alex\Documents\ESt2013_Minius_Andreea.elfo 2014-02-16 13:18 - 2014-02-16 13:18 - 00056575 _____ () C:\Users\Alex\Documents\ESt2013_Koplenig_Alexander.elfo 2014-02-15 17:19 - 2014-02-15 17:19 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-02-15 17:19 - 2014-02-15 17:19 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-02-15 17:18 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p(1).exe 2014-02-15 17:17 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p.exe 2014-02-15 16:29 - 2014-02-15 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-03-16 09:20 - 2014-03-16 09:20 - 00021188 _____ () C:\Users\Alex\Desktop\FRST.txt 2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log 2014-03-16 09:20 - 2014-03-16 09:04 - 00000000 ____D () C:\FRST 2014-03-16 09:14 - 2012-04-13 17:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-16 09:06 - 2013-01-16 19:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype 2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable 2014-03-16 09:04 - 2011-05-31 16:59 - 00000000 ____D () C:\Users\Alex 2014-03-16 08:53 - 2011-05-31 16:57 - 01099312 _____ () C:\Windows\WindowsUpdate.log 2014-03-16 08:43 - 2011-06-09 18:26 - 00000432 _____ () C:\Windows\BRWMARK.INI 2014-03-16 08:42 - 2014-03-16 09:19 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2014-03-16 08:42 - 2014-03-16 09:19 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe 2014-03-16 08:42 - 2014-03-16 09:19 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe 2014-03-16 08:33 - 2011-08-14 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-16 08:33 - 2011-06-02 09:41 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-16 08:30 - 2013-10-17 12:59 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-16 08:20 - 2012-01-17 17:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox 2014-03-16 08:03 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-16 08:03 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-16 07:58 - 2012-01-23 10:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\FreePDF_XP 2014-03-16 07:58 - 2011-08-14 14:17 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-16 07:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-16 07:56 - 2009-07-14 05:51 - 00177420 _____ () C:\Windows\setupact.log 2014-03-15 16:38 - 2009-08-29 02:51 - 00713958 _____ () C:\Windows\system32\perfh007.dat 2014-03-15 16:38 - 2009-08-29 02:51 - 00154074 _____ () C:\Windows\system32\perfc007.dat 2014-03-15 16:38 - 2009-07-14 06:13 - 01648656 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-15 16:33 - 2009-07-14 05:45 - 00425240 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 21:59 - 2012-10-23 10:51 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype 2014-03-13 20:43 - 2012-07-01 14:34 - 00000000 ____D () C:\Users\Andy\AppData\Local\FreePDF_XP 2014-03-12 19:14 - 2012-04-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 19:14 - 2012-04-13 17:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 19:14 - 2011-05-31 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-10 09:24 - 2012-03-10 10:16 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment 2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Sammelband BZV 2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Datenanalyse-Einführung_2013 2014-03-10 09:02 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Burmesisch 2014-03-08 18:13 - 2012-02-17 09:26 - 00000000 ____D () C:\Users\Alex\AppData\Local\FE1A721D-403E-4008-A26F-F1182F15E75C.aplzod 2014-03-06 09:42 - 2013-07-31 08:22 - 00002046 ____H () C:\Users\Alex\Documents\Default.rdp 2014-03-06 08:46 - 2014-03-06 08:47 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif 2014-03-02 15:15 - 2013-03-17 16:13 - 00000000 ____D () C:\Windows\rescache 2014-03-01 07:05 - 2014-03-13 20:49 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-13 20:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-13 20:49 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-13 20:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-13 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-13 20:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-13 20:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-13 20:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-13 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-13 20:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-13 20:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-13 20:49 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-13 20:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-13 20:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-13 20:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-13 20:49 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-13 20:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-13 20:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 20:49 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-13 20:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 20:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-13 20:49 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-13 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-13 20:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-13 20:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-13 20:49 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-13 20:49 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-13 20:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-13 20:49 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-13 20:49 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-13 20:49 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 20:49 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 20:49 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-13 20:49 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-13 20:49 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-13 20:49 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-13 20:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-13 20:49 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype 2014-02-28 09:18 - 2011-07-21 16:39 - 00000000 ____D () C:\ProgramData\Skype 2014-02-26 12:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-25 20:20 - 2011-09-09 11:41 - 01622000 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 19:26 - 2011-05-19 00:53 - 01293224 _____ () C:\Windows\PFRO.log 2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp 2014-02-21 14:28 - 2011-08-14 14:17 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-21 14:28 - 2011-08-14 14:17 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-21 13:20 - 2014-01-09 13:06 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps 2014-02-21 13:20 - 2013-01-27 09:13 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc 2014-02-17 20:14 - 2013-08-15 13:57 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 20:12 - 2011-09-09 09:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 13:53 - 2014-02-16 13:53 - 00058516 _____ () C:\Users\Alex\Documents\ESt2013_Minius_Andreea.elfo 2014-02-16 13:18 - 2014-02-16 13:18 - 00056575 _____ () C:\Users\Alex\Documents\ESt2013_Koplenig_Alexander.elfo 2014-02-16 12:53 - 2012-02-12 12:24 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\elsterformular 2014-02-16 11:56 - 2012-12-26 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-15 17:20 - 2013-02-07 20:19 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\elsterformular 2014-02-15 17:19 - 2014-02-15 17:19 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-02-15 17:19 - 2014-02-15 17:19 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-02-15 17:18 - 2014-02-15 17:18 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p(1).exe 2014-02-15 17:18 - 2014-02-15 17:17 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Andy\Downloads\ElsterFormular-15.0.20140212p.exe 2014-02-15 16:29 - 2014-02-15 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox Files to move or delete: ==================== C:\Users\Alex\AppData\Roaming\CamLayout.ini C:\Users\Alex\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Alex\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-03-02 15:08 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-16 09:38:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3750528AS rev.CC46 698.64GB Running: xpcnmm1p.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxddypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766e1465 2 bytes [6E, 76] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766e14bb 2 bytes [6E, 76] .text ... * 2 .text C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe[3940] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000766e1465 2 bytes [6E, 76] .text C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe[3940] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766e14bb 2 bytes [6E, 76] .text ... * 2 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778ffcb0 5 bytes JMP 000000010032091c .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778ffe14 5 bytes JMP 0000000100320048 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778ffea8 5 bytes JMP 00000001003202ee .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077900004 5 bytes JMP 00000001003204b2 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077900038 5 bytes JMP 00000001003209fe .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077900068 5 bytes JMP 0000000100320ae0 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077900084 5 bytes JMP 0000000100020050 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007790079c 5 bytes JMP 000000010032012a .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007790088c 5 bytes JMP 0000000100320758 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779008a4 5 bytes JMP 0000000100320676 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077900df4 5 bytes JMP 00000001003203d0 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077901920 5 bytes JMP 0000000100320594 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077901be4 5 bytes JMP 000000010032083a .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077901d70 5 bytes JMP 000000010032020c .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000757d524f 7 bytes JMP 0000000100320f52 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000757d53d0 7 bytes JMP 0000000100330210 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000757d5677 1 byte JMP 0000000100330048 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000757d5679 5 bytes {JMP 0xffffffff8ab5a9d1} .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000757d589a 7 bytes JMP 0000000100320ca6 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000757d5a1d 7 bytes JMP 00000001003303d8 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000757d5c9b 7 bytes JMP 000000010033012c .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000757d5d87 7 bytes JMP 00000001003302f4 .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000757d7240 7 bytes JMP 0000000100320e6e .text C:\Users\Alex\Desktop\xpcnmm1p.exe[4528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075731492 7 bytes JMP 00000001003304bc ---- Processes - GMER 2.1 ---- Library C:\Users\login\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2252] (Dropbox Shell Extension/Dropbox, Inc.)(2011-12-05 19:17:22) 0000000010000000 Library C:\Users\login\AppData\Roaming\Dropbox\bin\MSVCR71.dll (*** suspicious ***) @ C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe [3940] (Microsoft® C Runtime Library/Microsoft Corporation)(2007-07-18 21:33:54) 000000007c340000 Library C:\Users\login\AppData\Roaming\Dropbox\bin\MSVCP71.dll (*** suspicious ***) @ C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe [3940] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2011-09-29 00:53:44) 000000007c3a0000 ---- EOF - GMER 2.1 ---- |
16.03.2014, 11:07 | #2 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf InfizierungBitte installiere/ deinstalliere keine Software während wir hier zusammen arbeiten. Keine Scans durchführen, ausser die von mir geforderten. Arbeite die Schritte bitte der Reihe nach ab. Sollte es bei einem Probleme geben, stoppe bitte und berichte mir so gut es geht über das Problem. Ich glaube einfach, dass hier nur ein Service verbogen ist und ein bisschen Adware vorhanden. Ich brauche dafür aber noch die Addtion.txt Starte bitte FRST. Setze einen Haken bei Addition.txt und drücke auf Scan. FRST wird 2 Logfiles erstellen, ich brauche aber nur die Addition.txt Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
16.03.2014, 11:14 | #3 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Lieber Larusso,
__________________besten Dank für die rasche Antwort, hier die Addition.txt Viele Grüße Max Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Alex at 2014-03-16 11:12:29 Running from C:\Users\Alex\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version: 5.16.1603 - ActiveState) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - ) Any Video Converter Ultimate 4.3.2 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation) Ashampoo Snap 3.50 (HKLM-x32\...\Ashampoo Snap 3_is1) (Version: 3.5.0 - ashampoo GmbH & Co. KG) ASUS Easy Update (HKLM-x32\...\{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}) (Version: 2.00.18 - ) ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - ) BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnAware Free 3.3.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP) Convert AVI to MP4 1.3 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com) ConvertXtoDVD 4.0.9.322 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - ) Cosmas II Client v3.11 (HKLM-x32\...\Cosmas II Client) (Version: - ) Creative Media Lite (HKLM-x32\...\Creative Media Lite) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd) Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation) DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.) ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.) Eee Docking (HKLM\...\{85EA6D4E-04CC-48b0-B526-EA9E2FEF56FA}) (Version: 3.9.3 - ASUSTek Computer Inc.) Eee Manager (HKLM-x32\...\{795274EF-3EDA-4427-9D4C-446C9137BB6D}) (Version: 2.13.01 - ASUSTeK) Eee Memo (HKLM-x32\...\{CF5451E4-DA6F-44AE-88D4-BCEC1508C17E}) (Version: 1.19.4 - ASUSTEK) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen) FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project) Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version: - FreeAudioVideoSoftTech, Inc.) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free Mp3 Wma Converter V 2.1 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.1.0.0 - Koyote Soft) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Game Park Console (HKLM-x32\...\{3B9B1FCD-AD30-4076-B027-8C01C8E84284}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.2.0.4 - Genesys Logic) GIMP 2.6.12 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - ) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) ImTOO iPad Converter (HKLM-x32\...\ImTOO iPad Video Converter) (Version: 5.1.39.0305 - ImTOO) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt)) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden K-Lite Codec Pack (64-bit) v4.6.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.6.0 - ) K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Media Player Classic - Home Cinema v1.5.1.2903 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.1.2903 - MPC-HC Team) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation) Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (HKLM\...\{965DF723-5688-359E-84D2-417CAFE644B5}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM-x32\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MusicBridge (HKLM-x32\...\{549622DF-3674-459C-81F3-38124A45FA0E}) (Version: 2.0.1 - JimbobSoft) muvee autoProducer 4.0 (HKLM-x32\...\{4013D7AC-AC71-4A81-AD57-5E6E46408492}) (Version: 4.01.000 - muvee Technologies) muvee autoProducer Express (HKLM-x32\...\{738F7CB6-953D-4606-81A3-79C940674C05}) (Version: 1.00.000 - muvee Technologies) muvee Reveal Runtime (HKLM-x32\...\{2BC34558-96D5-4CC2-AC67-F30DE28E7826}) (Version: 10.5.0.23245 - muvee Technologies Pte Ltd) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5888 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) OOBERegBackup (HKLM-x32\...\OOBERegBackup_is1) (Version: - ASUSTeK Computer Inc.) OpenVPN 2.3.2-I001 (HKLM\...\OpenVPN) (Version: 2.3.2-I001 - ) PDF Blender (HKLM-x32\...\PDF Blender) (Version: - ) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge) Photomatix Pro version 4.0.2 (HKLM\...\PhotomatixPro4.0x64_is1) (Version: 4.0.2 - HDRsoft Sarl) Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink) Rdio (HKCU\...\978ebae4705a27c4) (Version: 1.12.0.0 - Rdio) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6161 - Realtek Semiconductor Corp.) Recovery Toolbox for PDF 1.2 (HKLM-x32\...\Recovery Toolbox for PDF_is1) (Version: - Recovery Toolbox, Inc.) Recuva (HKLM\...\Recuva) (Version: 1.41 - Piriform) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) SaveByClick (HKLM\...\{8F79EFE5-8D3D-4478-A693-C51F549ACD13}) (Version: 1.0 - SaveByClick) <==== ATTENTION Shop'NCook Menu Version 4.0.14 (HKLM-x32\...\{7B2A623E-AF79-4C51-9843-62C0C5D45F74}_is1) (Version: 4.0.14 - Rufenacht Innovative) simfy (HKLM-x32\...\Simfy) (Version: 1.6.2 - simfy GmbH) simfy (x32 Version: 1.6.2 - simfy GmbH) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com) Stata 12 (HKLM-x32\...\{5006A0E8-B9B0-48DF-981A-41D005B3E937}) (Version: 12.0 - StataCorp LP) SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Tune Sweeper (HKLM-x32\...\{DA4FD430-5084-4839-943B-CEDA5A64FFAB}) (Version: 1.037 - Wide Angle Software) UltraEdit 16.10 (HKLM-x32\...\{6E157E09-AA2E-4090-8EC6-6B9F5FFFB287}) (Version: 16.10.35 - IDM Computer Solutions, Inc.) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN) VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - ) vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION VshareComplete (HKLM-x32\...\{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1) (Version: - VshareComplete) <==== ATTENTION WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Toolbar (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) XMedia Recode 3.0.9.0 (HKLM-x32\...\XMedia Recode) (Version: 3.0.9.0 - Sebastian Dörfler) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ==================== Restore Points ========================= 13-03-2014 21:30:35 Windows Update 16-03-2014 07:29:41 Installed Java 7 Update 51 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2012-12-26 12:00 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0C80EC88-FB07-4F44-9E15-D23DBC03D24E} - System32\Tasks\ASUS\AsMessageController => C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe [2009-12-22] (ASUSTeK Computer Inc.) Task: {0C9A75B5-C0F6-4AD8-8864-CE69A819CE94} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation) Task: {13D4716A-2DDE-45CE-BCBE-EC28F955463D} - System32\Tasks\ASUS\EeeManagerSuiteHelper => C:\Program Files (x86)\ASUS\Eee Manager\AsEMRunHelper.exe [2010-05-07] (ASUSTeK Computer Inc.) Task: {523285FC-32C6-4419-A0B0-9160CB2833B7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {5ADF3004-C5B2-448D-918B-C093DA2C026A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {7849BD2E-7194-4203-A12B-B2FA32F659EA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {A77851AD-89D3-42F4-BE99-1AF6A59EA303} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.) Task: {B1D6BFFD-B00A-4CB6-ADBE-88BC8D17620F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.) Task: {BD57FF74-8A88-4378-BD71-D2B076E1F7EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {CB2A12D4-3618-4D95-96CE-5B7DF0160D69} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-29] (ASUSTeK Computer Inc.) Task: {D4E3A64C-05BE-43B4-B443-15CFD389BC29} - System32\Tasks\{CD05356B-2034-4AE7-A2E5-0C9B679971D1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {E7F761F2-E87C-4FF5-A461-7D36511E622A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F75887A8-7924-4CE1-AB77-C9DED2E90062} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-23 10:27 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll 2010-08-02 19:20 - 2010-08-02 19:20 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll 2010-08-02 19:20 - 2010-08-02 19:20 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll 2011-06-01 06:20 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2010-06-22 15:10 - 2010-06-22 15:10 - 00115200 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-12-28 16:36 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\AsMultiLang.dll 2010-08-02 19:03 - 2008-10-29 04:52 - 00176128 _____ () C:\Program Files (x86)\ASUS\Eee Manager\ImageMgr.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\MultiLang\AsMultiLang.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\MessageParser\AsMultiLang.dll 2010-08-02 19:03 - 2009-09-16 02:17 - 00098304 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsKeyboardHooker.dll 2010-08-02 19:03 - 2008-11-04 12:23 - 00077824 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsRemoteControlHooker.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-02-15 16:29 - 2014-02-15 16:29 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-28 16:36 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:C64BF02A ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Eee Docking => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: UMonit => C:\Windows\SysWOW64\UMonit.exe MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\ASUS\Eee Cam\YouCamTray.exe" /s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2014 07:31:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10031 Error: (03/12/2014 07:31:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10031 Error: (03/12/2014 07:31:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2014 07:00:57 AM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (03/02/2014 07:00:01 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (03/02/2014 03:11:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (03/02/2014 03:09:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/02/2014 03:08:59 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/02/2014 03:08:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/01/2014 09:53:52 AM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 934 Startzeit: 01cf352b94be13d6 Endzeit: 50 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: fab7b163-a11e-11e3-97cc-9659c2fe3c5d System errors: ============= Error: (03/16/2014 11:02:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/16/2014 11:02:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/16/2014 11:02:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/16/2014 11:02:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/16/2014 11:02:54 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (03/16/2014 11:02:54 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (03/16/2014 11:02:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/16/2014 11:02:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/16/2014 11:02:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/16/2014 11:02:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Microsoft Office Sessions: ========================= Error: (10/27/2012 07:42:13 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 878 seconds with 840 seconds of active time. This session ended with a crash. Error: (08/19/2011 01:56:28 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4970 seconds with 840 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-12-26 12:00:17.763 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.701 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.638 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.576 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 11:32:54.547 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 11:32:54.485 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 08:47:44.200 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-26 08:39:50.325 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-26 08:30:23.833 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-25 19:44:52.117 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8119.05 MB Available physical RAM: 5955.77 MB Total Pagefile: 16236.28 MB Available Pagefile: 14011.59 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:80 GB) (Free:15.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:603.6 GB) (Free:146.16 GB) NTFS Drive g: () (Removable) (Total:14.83 GB) (Free:11.57 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1B97BFC8) Partition 1: (Not Active) - (Size=15 GB) - (Type=1B) Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=604 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=39 MB) - (Type=EF) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
16.03.2014, 11:19 | #4 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung TDSSKiller.3.0.0.25_16.03.2014_11.16.01_log Code:
ATTFilter 11:16:01.0724 0x0438 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02 11:16:06.0882 0x0438 ============================================================ 11:16:06.0882 0x0438 Current date / time: 2014/03/16 11:16:06.0882 11:16:06.0882 0x0438 SystemInfo: 11:16:06.0882 0x0438 11:16:06.0882 0x0438 OS Version: 6.1.7601 ServicePack: 1.0 11:16:06.0882 0x0438 Product type: Workstation 11:16:06.0882 0x0438 ComputerName: MOSES 11:16:06.0882 0x0438 UserName: Alex 11:16:06.0882 0x0438 Windows directory: C:\Windows 11:16:06.0882 0x0438 System windows directory: C:\Windows 11:16:06.0882 0x0438 Running under WOW64 11:16:06.0882 0x0438 Processor architecture: Intel x64 11:16:06.0882 0x0438 Number of processors: 4 11:16:06.0882 0x0438 Page size: 0x1000 11:16:06.0882 0x0438 Boot type: Normal boot 11:16:06.0882 0x0438 ============================================================ 11:16:09.0029 0x0438 KLMD registered as C:\Windows\system32\drivers\20923641.sys 11:16:09.0191 0x0438 System UUID: {0DC9C0B5-B45E-BED1-F2D8-AEC0B39B7FC6} 11:16:09.0650 0x0438 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:16:09.0657 0x0438 Drive \Device\Harddisk1\DR1 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:16:09.0660 0x0438 ============================================================ 11:16:09.0660 0x0438 \Device\Harddisk0\DR0: 11:16:09.0661 0x0438 MBR partitions: 11:16:09.0661 0x0438 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0xA000000 11:16:09.0661 0x0438 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBE00800, BlocksNum 0x4B731800 11:16:09.0661 0x0438 \Device\Harddisk1\DR1: 11:16:09.0661 0x0438 MBR partitions: 11:16:09.0661 0x0438 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00 11:16:09.0661 0x0438 ============================================================ 11:16:09.0686 0x0438 C: <-> \Device\Harddisk0\DR0\Partition1 11:16:09.0732 0x0438 D: <-> \Device\Harddisk0\DR0\Partition2 11:16:09.0732 0x0438 ============================================================ 11:16:09.0732 0x0438 Initialize success 11:16:09.0732 0x0438 ============================================================ 11:16:38.0822 0x0f54 ============================================================ 11:16:38.0822 0x0f54 Scan started 11:16:38.0822 0x0f54 Mode: Manual; SigCheck; TDLFS; 11:16:38.0823 0x0f54 ============================================================ 11:16:38.0823 0x0f54 KSN ping started 11:16:52.0519 0x0f54 KSN ping finished: true 11:16:53.0011 0x0f54 ================ Scan system memory ======================== 11:16:53.0011 0x0f54 System memory - ok 11:16:53.0012 0x0f54 ================ Scan services ============================= 11:16:53.0145 0x0f54 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:16:53.0215 0x0f54 1394ohci - ok 11:16:53.0242 0x0f54 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:16:53.0259 0x0f54 ACPI - ok 11:16:53.0286 0x0f54 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:16:53.0320 0x0f54 AcpiPmi - ok 11:16:53.0433 0x0f54 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:16:53.0457 0x0f54 AdobeARMservice - ok 11:16:53.0578 0x0f54 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:16:53.0607 0x0f54 AdobeFlashPlayerUpdateSvc - ok 11:16:53.0668 0x0f54 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 11:16:53.0694 0x0f54 adp94xx - ok 11:16:53.0714 0x0f54 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 11:16:53.0731 0x0f54 adpahci - ok 11:16:53.0744 0x0f54 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 11:16:53.0757 0x0f54 adpu320 - ok 11:16:53.0785 0x0f54 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:16:53.0921 0x0f54 AeLookupSvc - ok 11:16:53.0969 0x0f54 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys 11:16:54.0008 0x0f54 AFD - ok 11:16:54.0043 0x0f54 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 11:16:54.0054 0x0f54 agp440 - ok 11:16:54.0070 0x0f54 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 11:16:54.0100 0x0f54 ALG - ok 11:16:54.0121 0x0f54 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 11:16:54.0132 0x0f54 aliide - ok 11:16:54.0166 0x0f54 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 11:16:54.0178 0x0f54 amdide - ok 11:16:54.0188 0x0f54 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 11:16:54.0242 0x0f54 AmdK8 - ok 11:16:54.0260 0x0f54 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 11:16:54.0299 0x0f54 AmdPPM - ok 11:16:54.0338 0x0f54 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:16:54.0356 0x0f54 amdsata - ok 11:16:54.0376 0x0f54 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 11:16:54.0397 0x0f54 amdsbs - ok 11:16:54.0423 0x0f54 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:16:54.0435 0x0f54 amdxata - ok 11:16:54.0495 0x0f54 [ E71711D37C48AC40FD3E2866A5ABBA51, C85DB75741B17A0A84B045DC461B5A6C5EA2A34BCD661107D355CE8DF4A29E03 ] anvsnddrv C:\Windows\system32\drivers\anvsnddrv.sys 11:16:54.0520 0x0f54 anvsnddrv - ok 11:16:54.0551 0x0f54 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 11:16:54.0614 0x0f54 AppID - ok 11:16:54.0629 0x0f54 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:16:54.0679 0x0f54 AppIDSvc - ok 11:16:54.0698 0x0f54 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 11:16:54.0736 0x0f54 Appinfo - ok 11:16:54.0813 0x0f54 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:16:54.0832 0x0f54 Apple Mobile Device - ok 11:16:54.0900 0x0f54 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 11:16:54.0947 0x0f54 arc - ok 11:16:54.0993 0x0f54 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 11:16:55.0018 0x0f54 arcsas - ok 11:16:55.0065 0x0f54 [ EDAA17CE771C696655B6585F7CAD2100, 31F4C6A367AE384E97516CB24F9FCCAA4AA12AEF410CB0D06665EB8C3BBDC3EF ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys 11:16:55.0084 0x0f54 ASInsHelp - ok 11:16:55.0124 0x0f54 [ F6BDA026E4157DC4E321CA391E9D9BC6, D38774B8F812816DA43A0C52EEC566BBC44F57A6614BC84F1417C4227286B594 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 11:16:55.0137 0x0f54 AsIO - ok 11:16:55.0220 0x0f54 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 11:16:55.0249 0x0f54 aspnet_state - ok 11:16:55.0269 0x0f54 [ 26D66E32E78D3059715B3A17BC679CD9, 5039CB81CE0829C5F3DED16A4005FEB10141C6C9B473CC319E81BAF6D1DA33E3 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys 11:16:55.0278 0x0f54 AsUpIO - ok 11:16:55.0296 0x0f54 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:16:55.0342 0x0f54 AsyncMac - ok 11:16:55.0374 0x0f54 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 11:16:55.0383 0x0f54 atapi - ok 11:16:55.0448 0x0f54 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:16:55.0511 0x0f54 AudioEndpointBuilder - ok 11:16:55.0530 0x0f54 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:16:55.0574 0x0f54 AudioSrv - ok 11:16:55.0606 0x0f54 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:16:55.0638 0x0f54 AxInstSV - ok 11:16:55.0669 0x0f54 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 11:16:55.0697 0x0f54 b06bdrv - ok 11:16:55.0730 0x0f54 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 11:16:55.0761 0x0f54 b57nd60a - ok 11:16:55.0788 0x0f54 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 11:16:55.0817 0x0f54 BDESVC - ok 11:16:55.0831 0x0f54 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 11:16:55.0882 0x0f54 Beep - ok 11:16:55.0953 0x0f54 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 11:16:55.0996 0x0f54 BFE - ok 11:16:56.0197 0x0f54 [ F14F048B4D05FBCE536250EA74BF9FDC, 63E25E916209B6AF7AAC98B665E0128842F1EFDDEF95D50095514A9FDDC522A9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys 11:16:56.0235 0x0f54 BHDrvx64 - ok 11:16:56.0265 0x0f54 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll 11:16:56.0320 0x0f54 BITS - ok 11:16:56.0348 0x0f54 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:16:56.0368 0x0f54 blbdrive - ok 11:16:56.0459 0x0f54 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:16:56.0482 0x0f54 Bonjour Service - ok 11:16:56.0518 0x0f54 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:16:56.0555 0x0f54 bowser - ok 11:16:56.0565 0x0f54 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:16:56.0613 0x0f54 BrFiltLo - ok 11:16:56.0624 0x0f54 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:16:56.0643 0x0f54 BrFiltUp - ok 11:16:56.0671 0x0f54 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 11:16:56.0715 0x0f54 BridgeMP - ok 11:16:56.0750 0x0f54 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 11:16:56.0763 0x0f54 Browser - ok 11:16:56.0783 0x0f54 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:16:56.0809 0x0f54 Brserid - ok 11:16:56.0825 0x0f54 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:16:56.0851 0x0f54 BrSerWdm - ok 11:16:56.0860 0x0f54 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:16:56.0886 0x0f54 BrUsbMdm - ok 11:16:56.0898 0x0f54 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:16:56.0909 0x0f54 BrUsbSer - ok 11:16:56.0924 0x0f54 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 11:16:56.0938 0x0f54 BTHMODEM - ok 11:16:56.0975 0x0f54 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 11:16:57.0026 0x0f54 bthserv - ok 11:16:57.0029 0x0f54 catchme - ok 11:16:57.0098 0x0f54 [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys 11:16:57.0121 0x0f54 ccSet_NIS - ok 11:16:57.0138 0x0f54 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:16:57.0173 0x0f54 cdfs - ok 11:16:57.0217 0x0f54 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:16:57.0254 0x0f54 cdrom - ok 11:16:57.0291 0x0f54 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 11:16:57.0340 0x0f54 CertPropSvc - ok 11:16:57.0356 0x0f54 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 11:16:57.0370 0x0f54 circlass - ok 11:16:57.0387 0x0f54 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 11:16:57.0404 0x0f54 CLFS - ok 11:16:57.0449 0x0f54 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:16:57.0472 0x0f54 clr_optimization_v2.0.50727_32 - ok 11:16:57.0505 0x0f54 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:16:57.0515 0x0f54 clr_optimization_v2.0.50727_64 - ok 11:16:57.0564 0x0f54 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:16:57.0577 0x0f54 clr_optimization_v4.0.30319_32 - ok 11:16:57.0594 0x0f54 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:16:57.0608 0x0f54 clr_optimization_v4.0.30319_64 - ok 11:16:57.0624 0x0f54 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:16:57.0647 0x0f54 CmBatt - ok 11:16:57.0667 0x0f54 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:16:57.0677 0x0f54 cmdide - ok 11:16:57.0713 0x0f54 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 11:16:57.0739 0x0f54 CNG - ok 11:16:57.0749 0x0f54 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 11:16:57.0759 0x0f54 Compbatt - ok 11:16:57.0782 0x0f54 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 11:16:57.0809 0x0f54 CompositeBus - ok 11:16:57.0813 0x0f54 COMSysApp - ok 11:16:57.0827 0x0f54 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 11:16:57.0837 0x0f54 crcdisk - ok 11:16:57.0884 0x0f54 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:16:57.0905 0x0f54 CryptSvc - ok 11:16:57.0998 0x0f54 [ A5BEA0E5C297F5F3835638A87E512FBA, D9C31AE8661CD8AC87E5F28AFE4126C62B5D4AEB96610C9A2F49CEB288AF673A ] CTDevice_Srv C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe 11:16:58.0016 0x0f54 CTDevice_Srv - detected UnsignedFile.Multi.Generic ( 1 ) 11:16:58.0079 0x0f54 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning 11:17:00.0876 0x0f54 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 11:17:00.0948 0x0f54 DcomLaunch - ok 11:17:00.0968 0x0f54 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 11:17:01.0007 0x0f54 defragsvc - ok 11:17:01.0013 0x0f54 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:17:01.0059 0x0f54 DfsC - ok 11:17:01.0102 0x0f54 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 11:17:01.0140 0x0f54 Dhcp - ok 11:17:01.0163 0x0f54 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 11:17:01.0198 0x0f54 discache - ok 11:17:01.0226 0x0f54 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 11:17:01.0236 0x0f54 Disk - ok 11:17:01.0278 0x0f54 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:17:01.0307 0x0f54 Dnscache - ok 11:17:01.0334 0x0f54 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 11:17:01.0373 0x0f54 dot3svc - ok 11:17:01.0402 0x0f54 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 11:17:01.0436 0x0f54 DPS - ok 11:17:01.0462 0x0f54 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:17:01.0479 0x0f54 drmkaud - ok 11:17:01.0514 0x0f54 [ FB9BEF3401EE5ECC2603311B9C64F44A, 33F8B6C9593677A360F580554D4F95B9F580C4E28F8187FBB27D96AFBFA8C7C1 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 11:17:01.0527 0x0f54 dtsoftbus01 - ok 11:17:01.0570 0x0f54 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:17:01.0599 0x0f54 DXGKrnl - ok 11:17:01.0630 0x0f54 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 11:17:01.0682 0x0f54 EapHost - ok 11:17:01.0776 0x0f54 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 11:17:01.0912 0x0f54 ebdrv - ok 11:17:02.0008 0x0f54 [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 11:17:02.0030 0x0f54 eeCtrl - ok 11:17:02.0064 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe 11:17:02.0081 0x0f54 EFS - ok 11:17:02.0167 0x0f54 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:17:02.0221 0x0f54 ehRecvr - ok 11:17:02.0235 0x0f54 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 11:17:02.0254 0x0f54 ehSched - ok 11:17:02.0279 0x0f54 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 11:17:02.0303 0x0f54 elxstor - ok 11:17:02.0363 0x0f54 [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 11:17:02.0389 0x0f54 EraserUtilRebootDrv - detected UnsignedFile.Multi.Generic ( 1 ) 11:17:02.0389 0x0f54 EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - warning 11:17:05.0182 0x0f54 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:17:05.0262 0x0f54 ErrDev - ok 11:17:05.0318 0x0f54 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 11:17:05.0367 0x0f54 EventSystem - ok 11:17:05.0383 0x0f54 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 11:17:05.0419 0x0f54 exfat - ok 11:17:05.0437 0x0f54 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:17:05.0485 0x0f54 fastfat - ok 11:17:05.0549 0x0f54 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 11:17:05.0596 0x0f54 Fax - ok 11:17:05.0617 0x0f54 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 11:17:05.0627 0x0f54 fdc - ok 11:17:05.0642 0x0f54 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 11:17:05.0691 0x0f54 fdPHost - ok 11:17:05.0713 0x0f54 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 11:17:05.0744 0x0f54 FDResPub - ok 11:17:05.0758 0x0f54 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:17:05.0768 0x0f54 FileInfo - ok 11:17:05.0783 0x0f54 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:17:05.0825 0x0f54 Filetrace - ok 11:17:05.0835 0x0f54 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 11:17:05.0855 0x0f54 flpydisk - ok 11:17:05.0876 0x0f54 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:17:05.0891 0x0f54 FltMgr - ok 11:17:05.0947 0x0f54 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 11:17:05.0998 0x0f54 FontCache - ok 11:17:06.0036 0x0f54 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:17:06.0057 0x0f54 FontCache3.0.0.0 - ok 11:17:06.0073 0x0f54 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:17:06.0086 0x0f54 FsDepends - ok 11:17:06.0117 0x0f54 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:17:06.0126 0x0f54 Fs_Rec - ok 11:17:06.0173 0x0f54 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:17:06.0190 0x0f54 fvevol - ok 11:17:06.0209 0x0f54 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 11:17:06.0220 0x0f54 gagp30kx - ok 11:17:06.0237 0x0f54 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:17:06.0245 0x0f54 GEARAspiWDM - ok 11:17:06.0287 0x0f54 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 11:17:06.0352 0x0f54 gpsvc - ok 11:17:06.0418 0x0f54 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:17:06.0441 0x0f54 gupdate - ok 11:17:06.0456 0x0f54 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:17:06.0467 0x0f54 gupdatem - ok 11:17:06.0482 0x0f54 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:17:06.0504 0x0f54 hcw85cir - ok 11:17:06.0544 0x0f54 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:17:06.0580 0x0f54 HdAudAddService - ok 11:17:06.0612 0x0f54 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 11:17:06.0638 0x0f54 HDAudBus - ok 11:17:06.0666 0x0f54 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 11:17:06.0676 0x0f54 HECIx64 - ok 11:17:06.0688 0x0f54 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 11:17:06.0712 0x0f54 HidBatt - ok 11:17:06.0725 0x0f54 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 11:17:06.0752 0x0f54 HidBth - ok 11:17:06.0766 0x0f54 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 11:17:06.0791 0x0f54 HidIr - ok 11:17:06.0810 0x0f54 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 11:17:06.0864 0x0f54 hidserv - ok 11:17:06.0893 0x0f54 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 11:17:06.0903 0x0f54 HidUsb - ok 11:17:06.0928 0x0f54 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:17:06.0969 0x0f54 hkmsvc - ok 11:17:07.0013 0x0f54 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:17:07.0037 0x0f54 HomeGroupListener - ok 11:17:07.0067 0x0f54 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:17:07.0096 0x0f54 HomeGroupProvider - ok 11:17:07.0115 0x0f54 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:17:07.0126 0x0f54 HpSAMD - ok 11:17:07.0175 0x0f54 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:17:07.0230 0x0f54 HTTP - ok 11:17:07.0250 0x0f54 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:17:07.0259 0x0f54 hwpolicy - ok 11:17:07.0298 0x0f54 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 11:17:07.0326 0x0f54 i8042prt - ok 11:17:07.0357 0x0f54 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:17:07.0386 0x0f54 iaStorV - ok 11:17:07.0444 0x0f54 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:17:07.0472 0x0f54 idsvc - ok 11:17:07.0566 0x0f54 [ DAAA22256BCA5E6EB74CD379F3092AAA, B2F8990EE059F201A9EA7C05B56A3FA7EE99EA148240F2997DF2B0DFB2FC9071 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140314.001\IDSvia64.sys 11:17:07.0599 0x0f54 IDSVia64 - ok 11:17:07.0619 0x0f54 IEEtwCollectorService - ok 11:17:07.0797 0x0f54 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 11:17:08.0028 0x0f54 igfx - ok 11:17:08.0046 0x0f54 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 11:17:08.0056 0x0f54 iirsp - ok 11:17:08.0097 0x0f54 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 11:17:08.0138 0x0f54 IKEEXT - ok 11:17:08.0246 0x0f54 [ 8097BF5CD62144969C28F964D2F40114, 95C317D037CE99E1F73143B509D1D6343950A7FA2D7F9099112909628259D485 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 11:17:08.0302 0x0f54 IntcAzAudAddService - ok 11:17:08.0334 0x0f54 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 11:17:08.0343 0x0f54 intelide - ok 11:17:08.0363 0x0f54 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:17:08.0385 0x0f54 intelppm - ok 11:17:08.0411 0x0f54 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:17:08.0456 0x0f54 IPBusEnum - ok 11:17:08.0493 0x0f54 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:17:08.0533 0x0f54 IpFilterDriver - ok 11:17:08.0565 0x0f54 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:17:08.0587 0x0f54 iphlpsvc - ok 11:17:08.0617 0x0f54 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:17:08.0629 0x0f54 IPMIDRV - ok 11:17:08.0644 0x0f54 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:17:08.0678 0x0f54 IPNAT - ok 11:17:08.0760 0x0f54 [ 6660920D05A32DF2DC1260CEF0B6D172, 2C4361B59CD9F41519FDF14EC69F2E37E1B0635ACA476E4BEF2152C925E35F9F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:17:08.0798 0x0f54 iPod Service - ok 11:17:08.0819 0x0f54 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:17:08.0856 0x0f54 IRENUM - ok 11:17:08.0872 0x0f54 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:17:08.0882 0x0f54 isapnp - ok 11:17:08.0904 0x0f54 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:17:08.0920 0x0f54 iScsiPrt - ok 11:17:08.0937 0x0f54 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:17:08.0947 0x0f54 kbdclass - ok 11:17:08.0959 0x0f54 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:17:08.0976 0x0f54 kbdhid - ok 11:17:08.0998 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe 11:17:09.0008 0x0f54 KeyIso - ok 11:17:09.0045 0x0f54 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:17:09.0057 0x0f54 KSecDD - ok 11:17:09.0068 0x0f54 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:17:09.0080 0x0f54 KSecPkg - ok 11:17:09.0087 0x0f54 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:17:09.0130 0x0f54 ksthunk - ok 11:17:09.0159 0x0f54 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 11:17:09.0200 0x0f54 KtmRm - ok 11:17:09.0233 0x0f54 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 11:17:09.0297 0x0f54 LanmanServer - ok 11:17:09.0326 0x0f54 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:17:09.0359 0x0f54 LanmanWorkstation - ok 11:17:09.0397 0x0f54 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:17:09.0456 0x0f54 lltdio - ok 11:17:09.0480 0x0f54 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:17:09.0528 0x0f54 lltdsvc - ok 11:17:09.0544 0x0f54 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:17:09.0594 0x0f54 lmhosts - ok 11:17:09.0650 0x0f54 [ D0E7FF91B52FE9FD2F9522B91F27CB09, 6123B81EA394E81C2CD4D1BA0562E87CB0A1E18FD32B214A82E4E18300879CCD ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11:17:09.0674 0x0f54 LMS - ok 11:17:09.0708 0x0f54 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 11:17:09.0729 0x0f54 LSI_FC - ok 11:17:09.0748 0x0f54 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 11:17:09.0769 0x0f54 LSI_SAS - ok 11:17:09.0784 0x0f54 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:17:09.0803 0x0f54 LSI_SAS2 - ok 11:17:09.0821 0x0f54 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:17:09.0833 0x0f54 LSI_SCSI - ok 11:17:09.0858 0x0f54 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 11:17:09.0900 0x0f54 luafv - ok 11:17:09.0920 0x0f54 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:17:09.0933 0x0f54 Mcx2Svc - ok 11:17:09.0945 0x0f54 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 11:17:09.0955 0x0f54 megasas - ok 11:17:09.0975 0x0f54 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 11:17:09.0991 0x0f54 MegaSR - ok 11:17:10.0043 0x0f54 [ 033B947AF4A997820E86FCB070B1F450, 2F54F9D1E8374187B2F206E7CF22A907C735C71F38445A94BDC84E83081D3A88 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 11:17:10.0064 0x0f54 Microsoft Office Groove Audit Service - ok 11:17:10.0079 0x0f54 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 11:17:10.0121 0x0f54 MMCSS - ok 11:17:10.0135 0x0f54 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 11:17:10.0177 0x0f54 Modem - ok 11:17:10.0199 0x0f54 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:17:10.0231 0x0f54 monitor - ok 11:17:10.0269 0x0f54 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:17:10.0292 0x0f54 mouclass - ok 11:17:10.0330 0x0f54 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:17:10.0420 0x0f54 mouhid - ok 11:17:10.0456 0x0f54 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:17:10.0479 0x0f54 mountmgr - ok 11:17:10.0566 0x0f54 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:17:10.0592 0x0f54 MozillaMaintenance - ok 11:17:10.0607 0x0f54 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 11:17:10.0621 0x0f54 mpio - ok 11:17:10.0638 0x0f54 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:17:10.0671 0x0f54 mpsdrv - ok 11:17:10.0720 0x0f54 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:17:10.0780 0x0f54 MpsSvc - ok 11:17:10.0827 0x0f54 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:17:10.0846 0x0f54 MRxDAV - ok 11:17:10.0873 0x0f54 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:17:10.0898 0x0f54 mrxsmb - ok 11:17:10.0926 0x0f54 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:17:10.0960 0x0f54 mrxsmb10 - ok 11:17:10.0990 0x0f54 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:17:11.0017 0x0f54 mrxsmb20 - ok 11:17:11.0053 0x0f54 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 11:17:11.0066 0x0f54 msahci - ok 11:17:11.0110 0x0f54 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:17:11.0135 0x0f54 msdsm - ok 11:17:11.0154 0x0f54 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 11:17:11.0183 0x0f54 MSDTC - ok 11:17:11.0205 0x0f54 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:17:11.0246 0x0f54 Msfs - ok 11:17:11.0260 0x0f54 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:17:11.0305 0x0f54 mshidkmdf - ok 11:17:11.0313 0x0f54 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:17:11.0322 0x0f54 msisadrv - ok 11:17:11.0351 0x0f54 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:17:11.0394 0x0f54 MSiSCSI - ok 11:17:11.0398 0x0f54 msiserver - ok 11:17:11.0424 0x0f54 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:17:11.0479 0x0f54 MSKSSRV - ok 11:17:11.0491 0x0f54 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:17:11.0531 0x0f54 MSPCLOCK - ok 11:17:11.0543 0x0f54 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:17:11.0583 0x0f54 MSPQM - ok 11:17:11.0616 0x0f54 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:17:11.0634 0x0f54 MsRPC - ok 11:17:11.0647 0x0f54 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 11:17:11.0657 0x0f54 mssmbios - ok 11:17:11.0675 0x0f54 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:17:11.0707 0x0f54 MSTEE - ok 11:17:11.0722 0x0f54 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 11:17:11.0744 0x0f54 MTConfig - ok 11:17:11.0788 0x0f54 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 11:17:11.0795 0x0f54 MTsensor - ok 11:17:11.0833 0x0f54 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 11:17:11.0843 0x0f54 Mup - ok 11:17:11.0882 0x0f54 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 11:17:11.0935 0x0f54 napagent - ok 11:17:11.0976 0x0f54 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:17:11.0999 0x0f54 NativeWifiP - ok 11:17:12.0066 0x0f54 [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\ENG64.SYS 11:17:12.0088 0x0f54 NAVENG - ok 11:17:12.0181 0x0f54 [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140315.009\EX64.SYS 11:17:12.0230 0x0f54 NAVEX15 - ok 11:17:12.0299 0x0f54 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 11:17:12.0333 0x0f54 NDIS - ok 11:17:12.0354 0x0f54 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:17:12.0397 0x0f54 NdisCap - ok 11:17:12.0407 0x0f54 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:17:12.0438 0x0f54 NdisTapi - ok 11:17:12.0467 0x0f54 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:17:12.0498 0x0f54 Ndisuio - ok 11:17:12.0531 0x0f54 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:17:12.0576 0x0f54 NdisWan - ok 11:17:12.0603 0x0f54 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:17:12.0635 0x0f54 NDProxy - ok 11:17:12.0664 0x0f54 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:17:12.0697 0x0f54 NetBIOS - ok 11:17:12.0731 0x0f54 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:17:12.0780 0x0f54 NetBT - ok 11:17:12.0802 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe 11:17:12.0812 0x0f54 Netlogon - ok 11:17:12.0847 0x0f54 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 11:17:12.0903 0x0f54 Netman - ok 11:17:12.0927 0x0f54 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:12.0943 0x0f54 NetMsmqActivator - ok 11:17:12.0952 0x0f54 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:12.0967 0x0f54 NetPipeActivator - ok 11:17:12.0994 0x0f54 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 11:17:13.0046 0x0f54 netprofm - ok 11:17:13.0113 0x0f54 [ 7FF84A064E602F69B14BFC3769CCD2B9, CFD9392275D9A540C0AC473278F60C6C75D28F48D5BFBEA107D683838356F0F1 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 11:17:13.0137 0x0f54 netr28x - ok 11:17:13.0143 0x0f54 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:13.0156 0x0f54 NetTcpActivator - ok 11:17:13.0161 0x0f54 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:13.0174 0x0f54 NetTcpPortSharing - ok 11:17:13.0187 0x0f54 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 11:17:13.0197 0x0f54 nfrd960 - ok 11:17:13.0337 0x0f54 [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe 11:17:13.0358 0x0f54 NIS - ok 11:17:13.0395 0x0f54 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:17:13.0420 0x0f54 NlaSvc - ok 11:17:13.0469 0x0f54 [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys 11:17:13.0500 0x0f54 nmwcdnsux64 - ok 11:17:13.0522 0x0f54 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:17:13.0554 0x0f54 Npfs - ok 11:17:13.0568 0x0f54 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 11:17:13.0613 0x0f54 nsi - ok 11:17:13.0626 0x0f54 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:17:13.0670 0x0f54 nsiproxy - ok 11:17:13.0746 0x0f54 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:17:13.0806 0x0f54 Ntfs - ok 11:17:13.0814 0x0f54 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 11:17:13.0852 0x0f54 Null - ok 11:17:13.0878 0x0f54 [ E20ABD5B229760158F753CA90B97E090, 9970A8ECFA13647B4F2032CB3C21C48458B5ED137254E3FB9C9B93E4A0EBD709 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 11:17:13.0888 0x0f54 NVHDA - ok 11:17:14.0247 0x0f54 [ F49E331AF681027CE8C79F67CB748D7D, E9368136A394FA19A82E97A73BE322D4119D7599E195A9851CA26F34283DDE27 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:17:14.0511 0x0f54 nvlddmkm - ok 11:17:14.0564 0x0f54 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:17:14.0586 0x0f54 nvraid - ok 11:17:14.0613 0x0f54 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:17:14.0629 0x0f54 nvstor - ok 11:17:14.0678 0x0f54 [ 5CD545815B4434B2A89DB4392D70A5A2, 4D6A6304553437ECA7AA7470A03A578F5EB62D4838B234DEC0790416E5708C89 ] nvsvc C:\Windows\system32\nvvsvc.exe 11:17:14.0701 0x0f54 nvsvc - ok 11:17:14.0733 0x0f54 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:17:14.0752 0x0f54 nv_agp - ok 11:17:14.0814 0x0f54 [ E54AA592A65F317390EEE386A8821692, 7997F8C07802F6C49F06620B35C4C382ADD5419EA8BE02CD7AF0F2EF42A93E53 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:17:14.0842 0x0f54 odserv - ok 11:17:14.0858 0x0f54 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:17:14.0882 0x0f54 ohci1394 - ok 11:17:14.0964 0x0f54 [ 6510137694AD9F269A37BA5A560A3DFE, B8FF45F384826C4E78C7B3DFA9CD7B002E0DC5A6681DCA37ACEBB9B88626DA63 ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe 11:17:14.0982 0x0f54 OpenVPNService - ok 11:17:15.0023 0x0f54 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:17:15.0041 0x0f54 ose - ok 11:17:15.0072 0x0f54 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:17:15.0103 0x0f54 p2pimsvc - ok 11:17:15.0129 0x0f54 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 11:17:15.0162 0x0f54 p2psvc - ok 11:17:15.0189 0x0f54 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 11:17:15.0210 0x0f54 Parport - ok 11:17:15.0235 0x0f54 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:17:15.0246 0x0f54 partmgr - ok 11:17:15.0257 0x0f54 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 11:17:15.0288 0x0f54 PcaSvc - ok 11:17:15.0308 0x0f54 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 11:17:15.0321 0x0f54 pci - ok 11:17:15.0340 0x0f54 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 11:17:15.0350 0x0f54 pciide - ok 11:17:15.0370 0x0f54 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 11:17:15.0384 0x0f54 pcmcia - ok 11:17:15.0417 0x0f54 [ AF7CE12C4F3DC8CB2B07685C916BBCFE, 1AF47113778D411BF3CF82ACF428676908121B1F3252133A5F98E188ED1E9C6C ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys 11:17:15.0455 0x0f54 pcouffin - ok 11:17:15.0470 0x0f54 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 11:17:15.0489 0x0f54 pcw - ok 11:17:15.0515 0x0f54 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:17:15.0577 0x0f54 PEAUTH - ok 11:17:15.0639 0x0f54 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 11:17:15.0664 0x0f54 PerfHost - ok 11:17:15.0733 0x0f54 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 11:17:15.0838 0x0f54 pla - ok 11:17:15.0886 0x0f54 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:17:15.0925 0x0f54 PlugPlay - ok 11:17:15.0932 0x0f54 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:17:15.0954 0x0f54 PNRPAutoReg - ok 11:17:15.0980 0x0f54 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:17:15.0997 0x0f54 PNRPsvc - ok 11:17:16.0020 0x0f54 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:17:16.0067 0x0f54 PolicyAgent - ok 11:17:16.0091 0x0f54 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 11:17:16.0133 0x0f54 Power - ok 11:17:16.0162 0x0f54 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:17:16.0195 0x0f54 PptpMiniport - ok 11:17:16.0214 0x0f54 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 11:17:16.0225 0x0f54 Processor - ok 11:17:16.0259 0x0f54 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 11:17:16.0284 0x0f54 ProfSvc - ok 11:17:16.0307 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe 11:17:16.0317 0x0f54 ProtectedStorage - ok 11:17:16.0357 0x0f54 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:17:16.0404 0x0f54 Psched - ok 11:17:16.0453 0x0f54 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 11:17:16.0511 0x0f54 ql2300 - ok 11:17:16.0535 0x0f54 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 11:17:16.0549 0x0f54 ql40xx - ok 11:17:16.0588 0x0f54 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 11:17:16.0609 0x0f54 QWAVE - ok 11:17:16.0622 0x0f54 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:17:16.0648 0x0f54 QWAVEdrv - ok 11:17:16.0661 0x0f54 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:17:16.0697 0x0f54 RasAcd - ok 11:17:16.0721 0x0f54 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:17:16.0765 0x0f54 RasAgileVpn - ok 11:17:16.0775 0x0f54 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 11:17:16.0821 0x0f54 RasAuto - ok 11:17:16.0850 0x0f54 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:17:16.0883 0x0f54 Rasl2tp - ok 11:17:16.0912 0x0f54 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 11:17:16.0957 0x0f54 RasMan - ok 11:17:16.0977 0x0f54 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:17:17.0010 0x0f54 RasPppoe - ok 11:17:17.0019 0x0f54 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:17:17.0062 0x0f54 RasSstp - ok 11:17:17.0091 0x0f54 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:17:17.0132 0x0f54 rdbss - ok 11:17:17.0143 0x0f54 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 11:17:17.0156 0x0f54 rdpbus - ok 11:17:17.0171 0x0f54 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:17:17.0201 0x0f54 RDPCDD - ok 11:17:17.0238 0x0f54 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:17:17.0272 0x0f54 RDPENCDD - ok 11:17:17.0290 0x0f54 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:17:17.0334 0x0f54 RDPREFMP - ok 11:17:17.0365 0x0f54 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:17:17.0381 0x0f54 RDPWD - ok 11:17:17.0411 0x0f54 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:17:17.0425 0x0f54 rdyboost - ok 11:17:17.0436 0x0f54 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:17:17.0476 0x0f54 RemoteAccess - ok 11:17:17.0489 0x0f54 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:17:17.0524 0x0f54 RemoteRegistry - ok 11:17:17.0549 0x0f54 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:17:17.0582 0x0f54 RpcEptMapper - ok 11:17:17.0608 0x0f54 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 11:17:17.0620 0x0f54 RpcLocator - ok 11:17:17.0656 0x0f54 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 11:17:17.0697 0x0f54 RpcSs - ok 11:17:17.0707 0x0f54 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:17:17.0740 0x0f54 rspndr - ok 11:17:17.0774 0x0f54 [ 4B42BC58294E83A6A92EC8B88C14C4A3, 80885CFF021F7BC85647224863A83D444EA7848CBB4F06DFDFADE58F47307D21 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 11:17:17.0788 0x0f54 RTL8167 - ok 11:17:17.0797 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe 11:17:17.0807 0x0f54 SamSs - ok 11:17:17.0840 0x0f54 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:17:17.0851 0x0f54 sbp2port - ok 11:17:17.0864 0x0f54 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:17:17.0901 0x0f54 SCardSvr - ok 11:17:17.0926 0x0f54 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:17:17.0983 0x0f54 scfilter - ok 11:17:18.0034 0x0f54 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 11:17:18.0092 0x0f54 Schedule - ok 11:17:18.0129 0x0f54 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 11:17:18.0182 0x0f54 SCPolicySvc - ok 11:17:18.0202 0x0f54 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:17:18.0223 0x0f54 SDRSVC - ok 11:17:18.0289 0x0f54 [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 11:17:18.0309 0x0f54 SeaPort - ok 11:17:18.0340 0x0f54 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:17:18.0412 0x0f54 secdrv - ok 11:17:18.0435 0x0f54 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 11:17:18.0500 0x0f54 seclogon - ok 11:17:18.0522 0x0f54 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 11:17:18.0572 0x0f54 SENS - ok 11:17:18.0585 0x0f54 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:17:18.0604 0x0f54 SensrSvc - ok 11:17:18.0618 0x0f54 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 11:17:18.0629 0x0f54 Serenum - ok 11:17:18.0650 0x0f54 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 11:17:18.0663 0x0f54 Serial - ok 11:17:18.0693 0x0f54 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 11:17:18.0704 0x0f54 sermouse - ok 11:17:18.0747 0x0f54 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 11:17:18.0780 0x0f54 SessionEnv - ok 11:17:18.0806 0x0f54 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:17:18.0828 0x0f54 sffdisk - ok 11:17:18.0846 0x0f54 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:17:18.0874 0x0f54 sffp_mmc - ok 11:17:18.0879 0x0f54 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:17:18.0901 0x0f54 sffp_sd - ok 11:17:18.0916 0x0f54 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 11:17:18.0926 0x0f54 sfloppy - ok 11:17:18.0954 0x0f54 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:17:18.0998 0x0f54 SharedAccess - ok 11:17:19.0040 0x0f54 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:17:19.0079 0x0f54 ShellHWDetection - ok 11:17:19.0092 0x0f54 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:17:19.0102 0x0f54 SiSRaid2 - ok 11:17:19.0114 0x0f54 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 11:17:19.0126 0x0f54 SiSRaid4 - ok 11:17:19.0158 0x0f54 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 11:17:19.0172 0x0f54 SkypeUpdate - ok 11:17:19.0195 0x0f54 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:17:19.0240 0x0f54 Smb - ok 11:17:19.0269 0x0f54 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:17:19.0283 0x0f54 SNMPTRAP - ok 11:17:19.0296 0x0f54 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 11:17:19.0305 0x0f54 spldr - ok 11:17:19.0347 0x0f54 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 11:17:19.0382 0x0f54 Spooler - ok 11:17:19.0497 0x0f54 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 11:17:19.0638 0x0f54 sppsvc - ok 11:17:19.0655 0x0f54 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:17:19.0697 0x0f54 sppuinotify - ok 11:17:19.0798 0x0f54 [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS 11:17:19.0822 0x0f54 SRTSP - ok 11:17:19.0854 0x0f54 [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS 11:17:19.0862 0x0f54 SRTSPX - ok 11:17:19.0905 0x0f54 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 11:17:19.0941 0x0f54 srv - ok 11:17:19.0973 0x0f54 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:17:20.0006 0x0f54 srv2 - ok 11:17:20.0026 0x0f54 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:17:20.0046 0x0f54 srvnet - ok 11:17:20.0074 0x0f54 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:17:20.0115 0x0f54 SSDPSRV - ok 11:17:20.0123 0x0f54 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:17:20.0159 0x0f54 SstpSvc - ok 11:17:20.0174 0x0f54 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 11:17:20.0184 0x0f54 stexstor - ok 11:17:20.0240 0x0f54 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 11:17:20.0283 0x0f54 stisvc - ok 11:17:20.0310 0x0f54 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 11:17:20.0319 0x0f54 swenum - ok 11:17:20.0349 0x0f54 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 11:17:20.0407 0x0f54 swprv - ok 11:17:20.0451 0x0f54 [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS 11:17:20.0469 0x0f54 SymDS - ok 11:17:20.0579 0x0f54 [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS 11:17:20.0623 0x0f54 SymEFA - ok 11:17:20.0655 0x0f54 [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 11:17:20.0666 0x0f54 SymEvent - ok 11:17:20.0698 0x0f54 [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS 11:17:20.0710 0x0f54 SymIRON - ok 11:17:20.0754 0x0f54 [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS 11:17:20.0769 0x0f54 SymNetS - ok 11:17:20.0858 0x0f54 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 11:17:20.0919 0x0f54 SysMain - ok 11:17:20.0940 0x0f54 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:17:20.0974 0x0f54 TabletInputService - ok 11:17:21.0016 0x0f54 [ D0B07EED9DDEC5C69521C689B7BF455F, A9F1C76FBF833E25A8470116A9BB7F7121A86138B31B54C098F1E22C11109044 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 11:17:21.0046 0x0f54 tap0901 - detected UnsignedFile.Multi.Generic ( 1 ) 11:17:21.0046 0x0f54 tap0901 ( UnsignedFile.Multi.Generic ) - warning 11:17:23.0863 0x0f54 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 11:17:23.0925 0x0f54 TapiSrv - ok 11:17:23.0941 0x0f54 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 11:17:24.0019 0x0f54 TBS - ok 11:17:24.0097 0x0f54 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:17:24.0159 0x0f54 Tcpip - ok 11:17:24.0253 0x0f54 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:17:24.0299 0x0f54 TCPIP6 - ok 11:17:24.0331 0x0f54 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:17:24.0362 0x0f54 tcpipreg - ok 11:17:24.0409 0x0f54 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:17:24.0440 0x0f54 TDPIPE - ok 11:17:24.0455 0x0f54 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:17:24.0487 0x0f54 TDTCP - ok 11:17:24.0518 0x0f54 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:17:24.0580 0x0f54 tdx - ok 11:17:24.0596 0x0f54 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 11:17:24.0611 0x0f54 TermDD - ok 11:17:24.0643 0x0f54 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll 11:17:24.0689 0x0f54 TermService - ok 11:17:24.0705 0x0f54 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 11:17:24.0721 0x0f54 Themes - ok 11:17:24.0752 0x0f54 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 11:17:24.0783 0x0f54 THREADORDER - ok 11:17:24.0799 0x0f54 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 11:17:24.0830 0x0f54 TrkWks - ok 11:17:24.0892 0x0f54 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 11:17:24.0923 0x0f54 truecrypt - ok 11:17:24.0955 0x0f54 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:17:25.0001 0x0f54 TrustedInstaller - ok 11:17:25.0033 0x0f54 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:17:25.0048 0x0f54 tssecsrv - ok 11:17:25.0095 0x0f54 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:17:25.0126 0x0f54 TsUsbFlt - ok 11:17:25.0157 0x0f54 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:17:25.0204 0x0f54 tunnel - ok 11:17:25.0235 0x0f54 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 11:17:25.0282 0x0f54 uagp35 - ok 11:17:25.0391 0x0f54 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:17:25.0469 0x0f54 udfs - ok 11:17:25.0469 0x0f54 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:17:25.0485 0x0f54 UI0Detect - ok 11:17:25.0501 0x0f54 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:17:25.0516 0x0f54 uliagpkx - ok 11:17:25.0532 0x0f54 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys 11:17:25.0563 0x0f54 umbus - ok 11:17:25.0579 0x0f54 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 11:17:25.0610 0x0f54 UmPass - ok 11:17:25.0735 0x0f54 [ A7377410BC0D28C5A72135A4BE1A1068, D051CD79B9CD66EA6345A6DB5FAA89EC7355B615A36775A4693EF818CA816E2F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 11:17:25.0813 0x0f54 UNS - ok 11:17:25.0828 0x0f54 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 11:17:25.0891 0x0f54 upnphost - ok 11:17:25.0906 0x0f54 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 11:17:25.0937 0x0f54 USBAAPL64 - ok 11:17:25.0969 0x0f54 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:17:25.0984 0x0f54 usbccgp - ok 11:17:26.0031 0x0f54 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:17:26.0047 0x0f54 usbcir - ok 11:17:26.0078 0x0f54 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 11:17:26.0093 0x0f54 usbehci - ok 11:17:26.0125 0x0f54 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:17:26.0140 0x0f54 usbhub - ok 11:17:26.0156 0x0f54 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:17:26.0171 0x0f54 usbohci - ok 11:17:26.0203 0x0f54 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:17:26.0218 0x0f54 usbprint - ok 11:17:26.0234 0x0f54 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:17:26.0249 0x0f54 USBSTOR - ok 11:17:26.0265 0x0f54 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:17:26.0281 0x0f54 usbuhci - ok 11:17:26.0343 0x0f54 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 11:17:26.0374 0x0f54 usbvideo - ok 11:17:26.0390 0x0f54 [ 88CE07826F25B851E824ED2E57106323, 40F367539B50C4FEA783FE887FFE73D20F27DF66735F3D7AE195F0D0013BF243 ] USTOR2K C:\Windows\system32\DRIVERS\ustor2k.sys 11:17:26.0437 0x0f54 USTOR2K - ok 11:17:26.0452 0x0f54 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 11:17:26.0499 0x0f54 UxSms - ok 11:17:26.0515 0x0f54 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe 11:17:26.0530 0x0f54 VaultSvc - ok 11:17:26.0546 0x0f54 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:17:26.0546 0x0f54 vdrvroot - ok 11:17:26.0593 0x0f54 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 11:17:26.0639 0x0f54 vds - ok 11:17:26.0655 0x0f54 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:17:26.0671 0x0f54 vga - ok 11:17:26.0702 0x0f54 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 11:17:26.0749 0x0f54 VgaSave - ok 11:17:26.0780 0x0f54 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:17:26.0795 0x0f54 vhdmp - ok 11:17:26.0811 0x0f54 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 11:17:26.0827 0x0f54 viaide - ok 11:17:26.0842 0x0f54 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:17:26.0842 0x0f54 volmgr - ok 11:17:26.0905 0x0f54 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:17:26.0920 0x0f54 volmgrx - ok 11:17:26.0967 0x0f54 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:17:26.0983 0x0f54 volsnap - ok 11:17:26.0998 0x0f54 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 11:17:27.0014 0x0f54 vsmraid - ok 11:17:27.0061 0x0f54 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 11:17:27.0170 0x0f54 VSS - ok 11:17:27.0201 0x0f54 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 11:17:27.0217 0x0f54 vwifibus - ok 11:17:27.0248 0x0f54 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 11:17:27.0279 0x0f54 vwififlt - ok 11:17:27.0295 0x0f54 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 11:17:27.0326 0x0f54 vwifimp - ok 11:17:27.0357 0x0f54 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 11:17:27.0388 0x0f54 W32Time - ok 11:17:27.0404 0x0f54 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 11:17:27.0419 0x0f54 WacomPen - ok 11:17:27.0451 0x0f54 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:17:27.0482 0x0f54 WANARP - ok 11:17:27.0497 0x0f54 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:17:27.0529 0x0f54 Wanarpv6 - ok 11:17:27.0591 0x0f54 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 11:17:27.0653 0x0f54 wbengine - ok 11:17:27.0669 0x0f54 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:17:27.0700 0x0f54 WbioSrvc - ok 11:17:27.0731 0x0f54 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:17:27.0763 0x0f54 wcncsvc - ok 11:17:27.0778 0x0f54 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:17:27.0794 0x0f54 WcsPlugInService - ok 11:17:27.0809 0x0f54 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 11:17:27.0825 0x0f54 Wd - ok 11:17:27.0872 0x0f54 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:17:27.0903 0x0f54 Wdf01000 - ok 11:17:27.0934 0x0f54 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:17:27.0997 0x0f54 WdiServiceHost - ok 11:17:28.0012 0x0f54 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:17:28.0028 0x0f54 WdiSystemHost - ok 11:17:28.0075 0x0f54 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 11:17:28.0090 0x0f54 WebClient - ok 11:17:28.0106 0x0f54 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:17:28.0153 0x0f54 Wecsvc - ok 11:17:28.0168 0x0f54 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:17:28.0215 0x0f54 wercplsupport - ok 11:17:28.0246 0x0f54 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 11:17:28.0277 0x0f54 WerSvc - ok 11:17:28.0293 0x0f54 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:17:28.0324 0x0f54 WfpLwf - ok 11:17:28.0324 0x0f54 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:17:28.0340 0x0f54 WIMMount - ok 11:17:28.0355 0x0f54 WinDefend - ok 11:17:28.0355 0x0f54 WinHttpAutoProxySvc - ok 11:17:28.0402 0x0f54 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:17:28.0433 0x0f54 Winmgmt - ok 11:17:28.0527 0x0f54 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 11:17:28.0636 0x0f54 WinRM - ok 11:17:28.0667 0x0f54 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 11:17:28.0683 0x0f54 WinUsb - ok 11:17:28.0714 0x0f54 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 11:17:28.0761 0x0f54 Wlansvc - ok 11:17:28.0792 0x0f54 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 11:17:28.0792 0x0f54 WmiAcpi - ok 11:17:28.0808 0x0f54 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:17:28.0839 0x0f54 wmiApSrv - ok 11:17:28.0855 0x0f54 WMPNetworkSvc - ok 11:17:28.0870 0x0f54 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:17:28.0886 0x0f54 WPCSvc - ok 11:17:28.0917 0x0f54 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:17:28.0933 0x0f54 WPDBusEnum - ok 11:17:28.0948 0x0f54 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:17:28.0995 0x0f54 ws2ifsl - ok 11:17:29.0011 0x0f54 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 11:17:29.0026 0x0f54 wscsvc - ok 11:17:29.0042 0x0f54 WSearch - ok 11:17:29.0120 0x0f54 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll 11:17:29.0198 0x0f54 wuauserv - ok 11:17:29.0229 0x0f54 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:17:29.0260 0x0f54 WudfPf - ok 11:17:29.0276 0x0f54 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:17:29.0291 0x0f54 WUDFRd - ok 11:17:29.0307 0x0f54 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:17:29.0323 0x0f54 wudfsvc - ok 11:17:29.0369 0x0f54 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 11:17:29.0385 0x0f54 WwanSvc - ok 11:17:29.0401 0x0f54 ================ Scan global =============================== 11:17:29.0432 0x0f54 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 11:17:29.0463 0x0f54 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 11:17:29.0494 0x0f54 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 11:17:29.0525 0x0f54 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 11:17:29.0572 0x0f54 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 11:17:29.0588 0x0f54 [ Global ] - ok 11:17:29.0588 0x0f54 ================ Scan MBR ================================== 11:17:29.0588 0x0f54 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:17:29.0900 0x0f54 \Device\Harddisk0\DR0 - ok 11:17:29.0900 0x0f54 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 11:17:30.0009 0x0f54 \Device\Harddisk1\DR1 - ok 11:17:30.0009 0x0f54 ================ Scan VBR ================================== 11:17:30.0025 0x0f54 [ 37DD530C19824EB97200D392133D6EA5 ] \Device\Harddisk0\DR0\Partition1 11:17:30.0025 0x0f54 \Device\Harddisk0\DR0\Partition1 - ok 11:17:30.0025 0x0f54 [ 86A1FE9FC69149908DB76DB53828E76D ] \Device\Harddisk0\DR0\Partition2 11:17:30.0025 0x0f54 \Device\Harddisk0\DR0\Partition2 - ok 11:17:30.0040 0x0f54 [ C480D5026D148D6906DCFD750EC48A2B ] \Device\Harddisk1\DR1\Partition1 11:17:30.0040 0x0f54 \Device\Harddisk1\DR1\Partition1 - ok 11:17:30.0056 0x0f54 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x51000 ( enabled : updated ) 11:17:30.0056 0x0f54 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x51010 ( enabled ) 11:17:32.0833 0x0f54 ============================================================ 11:17:32.0833 0x0f54 Scan finished 11:17:32.0833 0x0f54 ============================================================ 11:17:32.0833 0x1568 Detected object count: 3 11:17:32.0833 0x1568 Actual detected object count: 3 11:17:41.0959 0x1568 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user 11:17:41.0959 0x1568 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:17:41.0959 0x1568 EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - skipped by user 11:17:41.0959 0x1568 EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:17:41.0959 0x1568 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user 11:17:41.0959 0x1568 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:17:53.0705 0x1454 Deinitialize success Code:
ATTFilter 11:15:48.0570 4676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:15:49.0928 4676 Perform update action was selected 11:15:49.0933 1976 Deinitialize success Code:
ATTFilter 11:15:34.0563 5376 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:15:37.0218 5376 Perform update action was selected 11:15:37.0220 5792 Deinitialize success |
16.03.2014, 11:23 | #5 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Sieht eigentlich alles ganz OK aus. Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
16.03.2014, 11:43 | #6 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Lieber Daniel, hier der FSS.txt Danke Max Code:
ATTFilter Farbar Service Scanner Version: 25-02-2014 Ran by Alex (administrator) on 16-03-2014 at 11:42:04 Running from "D:\Download" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
16.03.2014, 21:17 | #7 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Also ich finde da nichts was mich jetzt irgendwie aufschreien lassen würde. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
19.03.2014, 06:47 | #8 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Lieber Daniel, sorry für die leicht verpätete Rückmeldung. Hier die Logs, wie von Dir skizziert Viele Grüße und wie immer Danke Max AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 16:20:57 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Alex - MOSES # Gestartet von : C:\Users\Alex\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ClickIT Ordner Gelöscht : C:\ProgramData\SaveByclick Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick Ordner Gelöscht : C:\Windows\System32\ARFC Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\SaveByclick Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\login\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Andy\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vok34p3v.default\Extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\5102497f928b4@5102497f928ef.com Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\de-DE@dictionaries.addons.mozilla.org Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zoteroWinWordIntegration@zotero.org Ordner Gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh Datei Gelöscht : C:\Windows\System32\dmwu.exe Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\searchplugins\safesearch.xml Datei Gelöscht : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vok34p3v.default\searchplugins\safesearch.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKCU\Software\f558dd9e23be846 Schlüssel Gelöscht : HKLM\SOFTWARE\f558dd9e23be846 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gtk_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gtk_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ordrumbox_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ordrumbox_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54DF9152-A1C9-25FF-CAFE-1F9FB5F3B5C1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\StartSearch Schlüssel Gelöscht : HKCU\Software\vShare.tv Schlüssel Gelöscht : HKCU\Software\wnlt Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\SP Global Schlüssel Gelöscht : HKLM\Software\SProtector Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\wnlt Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\prefs.js ] Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false); Zeile gelöscht : user_pref("extensions.5102497f92962.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...] Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); Zeile gelöscht : user_pref("vshare.install.date", "1356509323"); Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0"); Zeile gelöscht : user_pref("vshare.install.fresh", "false"); Zeile gelöscht : user_pref("vshare.install.guid", "{efa92ce8-05a7-413d-a9c9-ea1bd7d221a4}"); Zeile gelöscht : user_pref("vshare.install.newtab", false); [ Datei : C:\Users\login\AppData\Roaming\Mozilla\Firefox\Profiles\1d08t0uc.default\prefs.js ] [ Datei : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vok34p3v.default\prefs.js ] Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v [ Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11708 octets] - [18/03/2014 16:18:52] AdwCleaner[S0].txt - [10484 octets] - [18/03/2014 16:20:57] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10545 octets] ########## [/CODE] Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Alex :: MOSES [administrator] 18.03.2014 16:25:54 mbam-log-2014-03-18 (16-25-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 321608 Time elapsed: 7 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1041212b5280424288932f33b73077b7 # engine=17495 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-18 03:50:47 # local_time=2014-03-18 04:50:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3591 16777213 100 91 2688131 157783231 0 0 # compatibility_mode=5893 16776574 66 85 21529858 146787697 0 0 # scanned=30827 # found=3 # cleaned=0 # scan_time=453 sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SaveByclick\5102497f92a47.dll.vir" sh=C02CD9AD656667DAD9BEFC6135A48D61D096A109 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh\1\5102497f927fb1.64614085.js.vir" sh=8449F3471E1793BFEC5DF8B56D1556D1948CE9F0 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\5102497f928b4@5102497f928ef.com\content\bg.js.vir" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1041212b5280424288932f33b73077b7 # engine=17495 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-18 10:19:43 # local_time=2014-03-18 11:19:43 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3591 16777213 100 91 2707867 157806567 0 0 # compatibility_mode=5893 16776574 66 85 21553194 146811033 0 0 # scanned=582083 # found=3 # cleaned=0 # scan_time=23298 sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SaveByclick\5102497f92a47.dll.vir" sh=C02CD9AD656667DAD9BEFC6135A48D61D096A109 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh\1\5102497f927fb1.64614085.js.vir" sh=8449F3471E1793BFEC5DF8B56D1556D1948CE9F0 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\5102497f928b4@5102497f928ef.com\content\bg.js.vir" |
19.03.2014, 15:55 | #9 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Kein Problem. Lösche bitte dir vorhandene FRST.exe Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Gehe sicher, dass ein Haken bei additions.txt gesetzt ist und poste diese ebenfalls.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
19.03.2014, 19:47 | #10 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Hallo Dende, hier die logs Viele Grüße Max FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Alex (administrator) on MOSES on 19-03-2014 19:44:27 Running from C:\Users\Alex\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EeeManager.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\EMOSDControl.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\EMMessageParser.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Farbar) C:\Users\Alex\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2010-07-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-22] (Realtek Semiconductor) HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [OOBESetup] - C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-11-12] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [AsShellApplication] - C:\Program Files (x86)\ASUS\Eee Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [NCInstallQueue] - rundll32 netman.dll,ProcessQueue [360448 2009-07-14] (Microsoft Corporation) HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2 HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [CTZDetec.exe] - C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [368640 2008-04-24] (Creative Technology Ltd.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3158290526-3171002894-2857290960-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\login\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\login\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\schtasks.lnk ShortcutTarget: schtasks.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fm4.orf.at/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCACA911FDE26CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF Homepage: hxxp://fm4.orf.at/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Hide My Ass Proxy Extension - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\extension@hidemyass.com.xpi [2011-09-10] FF Extension: Stealthy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\stealthyextension@gmail.com.xpi [2011-09-10] FF Extension: TrackMeNot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2011-06-01] FF Extension: Zotero - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-03-10] FF Extension: NoScript - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-01] FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-01] FF Extension: BetterPrivacy - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-07-01] FF Extension: vshare Add-On - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\520xr6pu.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-13] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2013-12-28] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [] Chrome: ======= CHR Extension: (No Name) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\malimhenbijpbhhahdbcfjehicncoknh [2013-01-25] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-01-31] ==================== Services (Whitelisted) ================= R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project) ==================== Drivers (Whitelisted) ==================== R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140318.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140318.017\ENG64.SYS [126040 2014-03-10] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140318.017\EX64.SYS [2099288 2014-03-10] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-19 19:42 - 2014-03-19 19:42 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64(1).exe 2014-03-18 21:00 - 2014-03-18 21:00 - 00002152 _____ () C:\{300D60F4-B291-40E3-8DDA-8B0B58D3745E} 2014-03-18 18:21 - 2014-03-18 18:21 - 00002464 _____ () C:\{5533F8DF-5863-4322-9AC1-8F77969FF312} 2014-03-18 16:23 - 2014-03-18 16:23 - 00010666 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt 2014-03-18 16:18 - 2014-03-18 16:21 - 00000000 ____D () C:\AdwCleaner 2014-03-18 16:18 - 2014-03-18 16:17 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe 2014-03-18 16:18 - 2014-03-18 16:17 - 01950720 _____ () C:\Users\Alex\Desktop\adwcleaner.exe 2014-03-16 11:12 - 2014-03-16 11:12 - 00041364 _____ () C:\Users\Alex\Desktop\Addition.txt 2014-03-16 09:38 - 2014-03-16 09:38 - 00009174 _____ () C:\Users\Alex\Desktop\Gmer.txt 2014-03-16 09:20 - 2014-03-19 19:44 - 00020156 _____ () C:\Users\Alex\Desktop\FRST.txt 2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log 2014-03-16 09:19 - 2014-03-16 08:42 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2014-03-16 09:19 - 2014-03-16 08:42 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe 2014-03-16 09:19 - 2014-03-16 08:42 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe 2014-03-16 09:04 - 2014-03-19 19:44 - 00000000 ____D () C:\FRST 2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable 2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-13 20:49 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 20:49 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 20:49 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 20:49 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 20:49 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 20:49 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 20:49 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 20:49 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 20:49 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 20:49 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 20:49 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 20:49 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 20:49 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 20:49 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 20:49 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 20:49 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 20:49 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 20:49 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 20:49 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 20:49 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 20:49 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 20:49 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 20:49 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 20:49 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 20:49 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 20:49 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 20:49 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 20:49 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 20:49 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 20:49 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 20:49 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 20:49 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 20:49 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 20:49 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 20:49 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 20:49 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 20:49 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 20:49 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 20:49 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 20:49 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 20:49 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 20:49 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 20:49 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 20:49 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 20:49 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 20:49 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 20:49 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 20:49 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-06 08:47 - 2014-03-06 08:46 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype 2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp ==================== One Month Modified Files and Folders ======= 2014-03-19 19:44 - 2014-03-16 09:20 - 00020156 _____ () C:\Users\Alex\Desktop\FRST.txt 2014-03-19 19:44 - 2014-03-16 09:04 - 00000000 ____D () C:\FRST 2014-03-19 19:43 - 2011-05-31 16:57 - 01170443 _____ () C:\Windows\WindowsUpdate.log 2014-03-19 19:42 - 2014-03-19 19:42 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64(1).exe 2014-03-19 19:41 - 2013-01-16 19:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype 2014-03-19 19:40 - 2012-01-17 17:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox 2014-03-19 19:39 - 2012-01-23 10:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\FreePDF_XP 2014-03-19 19:39 - 2011-08-14 14:17 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-19 19:39 - 2011-05-31 16:59 - 00000000 ____D () C:\Users\Alex 2014-03-19 19:39 - 2011-05-19 00:53 - 01294608 _____ () C:\Windows\PFRO.log 2014-03-19 19:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 19:39 - 2009-07-14 05:51 - 00177868 _____ () C:\Windows\setupact.log 2014-03-19 06:33 - 2011-08-14 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-19 06:14 - 2012-04-13 17:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-18 21:00 - 2014-03-18 21:00 - 00002152 _____ () C:\{300D60F4-B291-40E3-8DDA-8B0B58D3745E} 2014-03-18 18:21 - 2014-03-18 18:21 - 00002464 _____ () C:\{5533F8DF-5863-4322-9AC1-8F77969FF312} 2014-03-18 16:53 - 2009-08-29 02:51 - 00713958 _____ () C:\Windows\system32\perfh007.dat 2014-03-18 16:53 - 2009-08-29 02:51 - 00154074 _____ () C:\Windows\system32\perfc007.dat 2014-03-18 16:53 - 2009-07-14 06:13 - 01648656 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-18 16:29 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-18 16:29 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 16:23 - 2014-03-18 16:23 - 00010666 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt 2014-03-18 16:21 - 2014-03-18 16:18 - 00000000 ____D () C:\AdwCleaner 2014-03-18 16:20 - 2011-06-07 20:48 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\CheckPoint 2014-03-18 16:20 - 2011-06-06 03:33 - 00000000 ____D () C:\Users\login\AppData\Roaming\CheckPoint 2014-03-18 16:20 - 2011-05-31 18:44 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\CheckPoint 2014-03-18 16:17 - 2014-03-18 16:18 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe 2014-03-18 16:17 - 2014-03-18 16:18 - 01950720 _____ () C:\Users\Alex\Desktop\adwcleaner.exe 2014-03-16 19:01 - 2013-07-31 08:22 - 00002046 ____H () C:\Users\Alex\Documents\Default.rdp 2014-03-16 12:10 - 2012-02-17 09:26 - 00000000 ____D () C:\Users\Alex\AppData\Local\FE1A721D-403E-4008-A26F-F1182F15E75C.aplzod 2014-03-16 11:12 - 2014-03-16 11:12 - 00041364 _____ () C:\Users\Alex\Desktop\Addition.txt 2014-03-16 10:27 - 2011-06-02 09:41 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-03-16 09:38 - 2014-03-16 09:38 - 00009174 _____ () C:\Users\Alex\Desktop\Gmer.txt 2014-03-16 09:20 - 2014-03-16 09:20 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log 2014-03-16 09:04 - 2014-03-16 09:04 - 00000168 _____ () C:\Users\Alex\defogger_reenable 2014-03-16 08:43 - 2011-06-09 18:26 - 00000432 _____ () C:\Windows\BRWMARK.INI 2014-03-16 08:42 - 2014-03-16 09:19 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2014-03-16 08:42 - 2014-03-16 09:19 - 00380416 _____ () C:\Users\Alex\Desktop\xpcnmm1p.exe 2014-03-16 08:42 - 2014-03-16 09:19 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-16 08:30 - 2014-03-16 08:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-16 08:30 - 2013-10-17 12:59 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-15 16:33 - 2009-07-14 05:45 - 00425240 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 21:59 - 2012-10-23 10:51 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype 2014-03-13 20:43 - 2012-07-01 14:34 - 00000000 ____D () C:\Users\Andy\AppData\Local\FreePDF_XP 2014-03-12 19:14 - 2012-04-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 19:14 - 2012-04-13 17:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 19:14 - 2011-05-31 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-10 09:24 - 2012-03-10 10:16 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment 2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Sammelband BZV 2014-03-10 09:03 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Datenanalyse-Einführung_2013 2014-03-10 09:02 - 2013-12-07 08:54 - 00000000 ____D () C:\Users\Alex\Documents\Burmesisch 2014-03-06 08:46 - 2014-03-06 08:47 - 05426640 _____ () C:\Users\Alex\Desktop\Newold.tif 2014-03-02 15:15 - 2013-03-17 16:13 - 00000000 ____D () C:\Windows\rescache 2014-03-01 07:05 - 2014-03-13 20:49 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-13 20:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-13 20:49 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-13 20:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-13 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-13 20:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-13 20:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-13 20:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-13 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-13 20:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-13 20:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-13 20:49 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-13 20:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-13 20:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-13 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-13 20:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-13 20:49 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-13 20:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-13 20:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 20:49 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-13 20:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 20:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-13 20:49 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-13 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-13 20:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-13 20:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-13 20:49 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-13 20:49 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-13 20:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-13 20:49 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-13 20:49 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-13 20:49 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 20:49 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 20:49 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-13 20:49 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-13 20:49 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-13 20:49 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-13 20:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-13 20:49 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-28 09:18 - 2014-02-28 09:18 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype 2014-02-28 09:18 - 2011-07-21 16:39 - 00000000 ____D () C:\ProgramData\Skype 2014-02-26 12:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-25 20:20 - 2011-09-09 11:41 - 01622000 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-22 21:16 - 2014-02-22 21:16 - 00173454 _____ () C:\Users\Andy\Desktop\handschuh ferse.bmp 2014-02-21 14:28 - 2011-08-14 14:17 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-21 14:28 - 2011-08-14 14:17 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-21 13:20 - 2014-01-09 13:06 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps 2014-02-21 13:20 - 2013-01-27 09:13 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc 2014-02-17 20:14 - 2013-08-15 13:57 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 20:12 - 2011-09-09 09:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Alex\AppData\Roaming\CamLayout.ini C:\Users\Alex\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Alex\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Alex\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-03-18 23:47 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Alex at 2014-03-19 19:44:50 Running from C:\Users\Alex\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version: 5.16.1603 - ActiveState) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - ) Any Video Converter Ultimate 4.3.2 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation) Ashampoo Snap 3.50 (HKLM-x32\...\Ashampoo Snap 3_is1) (Version: 3.5.0 - ashampoo GmbH & Co. KG) ASUS Easy Update (HKLM-x32\...\{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}) (Version: 2.00.18 - ) ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - ) BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnAware Free 3.3.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP) Convert AVI to MP4 1.3 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com) ConvertXtoDVD 4.0.9.322 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - ) Cosmas II Client v3.11 (HKLM-x32\...\Cosmas II Client) (Version: - ) Creative Media Lite (HKLM-x32\...\Creative Media Lite) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd) Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation) DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.) ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.) Eee Docking (HKLM\...\{85EA6D4E-04CC-48b0-B526-EA9E2FEF56FA}) (Version: 3.9.3 - ASUSTek Computer Inc.) Eee Manager (HKLM-x32\...\{795274EF-3EDA-4427-9D4C-446C9137BB6D}) (Version: 2.13.01 - ASUSTeK) Eee Memo (HKLM-x32\...\{CF5451E4-DA6F-44AE-88D4-BCEC1508C17E}) (Version: 1.19.4 - ASUSTEK) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen) FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project) Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version: - FreeAudioVideoSoftTech, Inc.) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free Mp3 Wma Converter V 2.1 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.1.0.0 - Koyote Soft) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Game Park Console (HKLM-x32\...\{3B9B1FCD-AD30-4076-B027-8C01C8E84284}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.2.0.4 - Genesys Logic) GIMP 2.6.12 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - ) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) ImTOO iPad Converter (HKLM-x32\...\ImTOO iPad Video Converter) (Version: 5.1.39.0305 - ImTOO) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt)) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden K-Lite Codec Pack (64-bit) v4.6.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.6.0 - ) K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Media Player Classic - Home Cinema v1.5.1.2903 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.1.2903 - MPC-HC Team) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation) Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (HKLM\...\{965DF723-5688-359E-84D2-417CAFE644B5}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM-x32\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MusicBridge (HKLM-x32\...\{549622DF-3674-459C-81F3-38124A45FA0E}) (Version: 2.0.1 - JimbobSoft) muvee autoProducer 4.0 (HKLM-x32\...\{4013D7AC-AC71-4A81-AD57-5E6E46408492}) (Version: 4.01.000 - muvee Technologies) muvee autoProducer Express (HKLM-x32\...\{738F7CB6-953D-4606-81A3-79C940674C05}) (Version: 1.00.000 - muvee Technologies) muvee Reveal Runtime (HKLM-x32\...\{2BC34558-96D5-4CC2-AC67-F30DE28E7826}) (Version: 10.5.0.23245 - muvee Technologies Pte Ltd) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5888 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) OOBERegBackup (HKLM-x32\...\OOBERegBackup_is1) (Version: - ASUSTeK Computer Inc.) OpenVPN 2.3.2-I001 (HKLM\...\OpenVPN) (Version: 2.3.2-I001 - ) PDF Blender (HKLM-x32\...\PDF Blender) (Version: - ) PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge) Photomatix Pro version 4.0.2 (HKLM\...\PhotomatixPro4.0x64_is1) (Version: 4.0.2 - HDRsoft Sarl) Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink) Rdio (HKCU\...\978ebae4705a27c4) (Version: 1.12.0.0 - Rdio) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6161 - Realtek Semiconductor Corp.) Recovery Toolbox for PDF 1.2 (HKLM-x32\...\Recovery Toolbox for PDF_is1) (Version: - Recovery Toolbox, Inc.) Recuva (HKLM\...\Recuva) (Version: 1.41 - Piriform) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) SaveByClick (HKLM\...\{8F79EFE5-8D3D-4478-A693-C51F549ACD13}) (Version: 1.0 - SaveByClick) <==== ATTENTION Shop'NCook Menu Version 4.0.14 (HKLM-x32\...\{7B2A623E-AF79-4C51-9843-62C0C5D45F74}_is1) (Version: 4.0.14 - Rufenacht Innovative) simfy (HKLM-x32\...\Simfy) (Version: 1.6.2 - simfy GmbH) simfy (x32 Version: 1.6.2 - simfy GmbH) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com) Stata 12 (HKLM-x32\...\{5006A0E8-B9B0-48DF-981A-41D005B3E937}) (Version: 12.0 - StataCorp LP) SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Tune Sweeper (HKLM-x32\...\{DA4FD430-5084-4839-943B-CEDA5A64FFAB}) (Version: 1.037 - Wide Angle Software) UltraEdit 16.10 (HKLM-x32\...\{6E157E09-AA2E-4090-8EC6-6B9F5FFFB287}) (Version: 16.10.35 - IDM Computer Solutions, Inc.) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN) VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - ) vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION VshareComplete (HKLM-x32\...\{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1) (Version: - VshareComplete) <==== ATTENTION WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Toolbar (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) XMedia Recode 3.0.9.0 (HKLM-x32\...\XMedia Recode) (Version: 3.0.9.0 - Sebastian Dörfler) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Restore Points ========================= 13-03-2014 21:30:35 Windows Update 16-03-2014 07:29:41 Installed Java 7 Update 51 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2012-12-26 12:00 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0C80EC88-FB07-4F44-9E15-D23DBC03D24E} - System32\Tasks\ASUS\AsMessageController => C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe [2009-12-22] (ASUSTeK Computer Inc.) Task: {0C9A75B5-C0F6-4AD8-8864-CE69A819CE94} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation) Task: {13D4716A-2DDE-45CE-BCBE-EC28F955463D} - System32\Tasks\ASUS\EeeManagerSuiteHelper => C:\Program Files (x86)\ASUS\Eee Manager\AsEMRunHelper.exe [2010-05-07] (ASUSTeK Computer Inc.) Task: {523285FC-32C6-4419-A0B0-9160CB2833B7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {5ADF3004-C5B2-448D-918B-C093DA2C026A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {7849BD2E-7194-4203-A12B-B2FA32F659EA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {A77851AD-89D3-42F4-BE99-1AF6A59EA303} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.) Task: {B1D6BFFD-B00A-4CB6-ADBE-88BC8D17620F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.) Task: {BD57FF74-8A88-4378-BD71-D2B076E1F7EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {CB2A12D4-3618-4D95-96CE-5B7DF0160D69} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-29] (ASUSTeK Computer Inc.) Task: {D4E3A64C-05BE-43B4-B443-15CFD389BC29} - System32\Tasks\{CD05356B-2034-4AE7-A2E5-0C9B679971D1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {E7F761F2-E87C-4FF5-A461-7D36511E622A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F75887A8-7924-4CE1-AB77-C9DED2E90062} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-23 10:27 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll 2010-08-02 19:20 - 2010-08-02 19:20 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll 2010-08-02 19:20 - 2010-08-02 19:20 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll 2011-06-01 06:20 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-12-28 16:36 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2010-08-02 19:03 - 2009-09-16 02:17 - 00098304 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsKeyboardHooker.dll 2010-08-02 19:03 - 2008-11-04 12:23 - 00077824 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsRemoteControlHooker.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\AsMultiLang.dll 2010-08-02 19:03 - 2008-10-29 04:52 - 00176128 _____ () C:\Program Files (x86)\ASUS\Eee Manager\ImageMgr.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\EMOSDControl\MultiLang\AsMultiLang.dll 2010-08-02 19:03 - 2007-11-01 01:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\Eee Manager\MessageParser\AsMultiLang.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-02-15 16:29 - 2014-02-15 16:29 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-12-28 16:36 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll 2007-08-28 22:14 - 2007-08-28 22:14 - 00759648 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:C64BF02A ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Eee Docking => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: UMonit => C:\Windows\SysWOW64\UMonit.exe MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\ASUS\Eee Cam\YouCamTray.exe" /s ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/19/2014 06:42:43 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/18/2014 11:49:19 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (03/18/2014 11:48:09 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/18/2014 11:48:02 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/18/2014 11:47:52 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/18/2014 05:33:33 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit: 01cf42bdd36edeb0 Endzeit: 100 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 09828b10-aebb-11e3-8985-dcf3b035855c Error: (03/18/2014 04:51:12 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/18/2014 04:51:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/18/2014 04:51:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/18/2014 04:41:16 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (03/19/2014 07:40:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/19/2014 07:40:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/19/2014 07:40:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/19/2014 07:40:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/19/2014 07:40:02 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (03/19/2014 07:40:02 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (03/19/2014 07:39:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/19/2014 07:39:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/19/2014 07:39:53 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (03/19/2014 07:39:28 PM) (Source: Microsoft-Windows-GroupPolicy) (User: Moses) Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden. Microsoft Office Sessions: ========================= Error: (10/27/2012 07:42:13 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 878 seconds with 840 seconds of active time. This session ended with a crash. Error: (08/19/2011 01:56:28 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4970 seconds with 840 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-12-26 12:00:17.763 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.701 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.638 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 12:00:17.576 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 11:32:54.547 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 11:32:54.485 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-26 08:47:44.200 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-26 08:39:50.325 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-26 08:30:23.833 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-25 19:44:52.117 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8119.05 MB Available physical RAM: 5454.24 MB Total Pagefile: 16236.28 MB Available Pagefile: 13605.84 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:80 GB) (Free:13.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:603.6 GB) (Free:155.17 GB) NTFS Drive g: () (Removable) (Total:14.83 GB) (Free:11.54 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1B97BFC8) Partition 1: (Not Active) - (Size=15 GB) - (Type=1B) Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=604 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=39 MB) - (Type=EF) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
19.03.2014, 20:41 | #11 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Hy Deinstalliere bitte SaveByClick vShare.tv plugin 1.3 VshareComplete Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.03.2014, 08:14 | #12 |
| Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Guten Morgen, besten dan, hier der Inhalt des Fixlog. Bei mir sind bisher keinerlei weiteren Probleme aufgetreten. VG Max Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Alex at 2014-03-20 08:09:34 Run:1 Running from C:\Users\Alex\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File ***************** C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1005\User => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1002\User => Moved successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3158290526-3171002894-2857290960-1000\User => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully. HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. The system needed a reboot. ==== End of Fixlog ==== |
21.03.2014, 11:27 | #13 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Hört sich gut an. Ich bin gerade nur mobil online und melde mich am Abend mit den letzten Instruktionen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
23.03.2014, 08:46 | #14 |
/// Selecta Jahrusso | Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung Sorry, mir kam doch so einiges dazwischen Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Windows 7 Premium 64: Microsoft Fixit Fehlermeldung [Code 8004FE2C] als Hinweis auf Infizierung |
.dll, administrator, adobe, bonjour, browser, combofix, explorer, fehlermeldung, fix it fixit 8004fe2c, flash player, focus, home, homepage, mozilla, ntdll.dll, problem, programm, proxy, realtek, registry, rootkit, rundll, security, svchost.exe, symantec, temp, windows, winlogon.exe |