| |
| |||||||
Log-Analyse und Auswertung: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.05.2014, 06:42
| #1 |
| |  Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Hallo liebe Trojanerjäger! Seit ein paar Tagen habe ich bemerkt, dass ich den Antivir Echtzeitscanner nicht mehr aktivieren kann. Ich habe daraufhin mehrfach versucht durch einen Virencheck mit Antivir das Problem zu lösen - dies hat aber nie funktioniert. Antivir hat dabei aber den Trojaner 'TR/Rootkit.Gen' in der Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys' gefunden. Da das Vernichten mit Antivir nicht funktionert hat hier nun mein Hilfegesuch an euer Trojaner-Board. Ich habe die in der Anleitung beschriebenen Programme runtergeladen und die logs erstellt - da ich keine Erfahrung mit so etwas habe, bitte ich schon mal um Entschuldigung falls ich etwas falsch poste. Anitvir-Ereignisse: Code:
ATTFilter Exportierte Ereignisse:
5/11/2014 7:24 PM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
5/9/2014 4:46 PM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
5/9/2014 4:23 PM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
4/26/2014 10:38 AM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\54df0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\54df0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\54df0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
4/12/2014 3:21 PM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\System32\drivers\553ab0.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5629aa9a.qua'
verschoben!
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\553ab0\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\553ab0\ImagePath> wurde
erfolgreich repariert.
4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
4/12/2014 1:18 PM [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\System32\drivers\2179518.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '547bb2f3.qua'
verschoben!
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2179518\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\2179518\ImagePath> wurde
erfolgreich repariert.
4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\2179518.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\2179518.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
4/12/2014 1:15 PM [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\drivers\2179518.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:06 on 12/05/2014 (maria)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read f8065e8752673505.sys
Unable to read usb8023.sys
Unable to read usbaapl.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read winusb.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by maria (administrator) on MARIA-PC on 12-05-2014 06:09:06
Running from C:\Users\maria\Downloads
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
() C:\Users\maria\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Facebook Update] => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-25] (Facebook Inc.)
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {91927732-5e3a-11e3-9e9c-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {9192774b-5e3a-11e3-9e9c-e89a8f74b2d1} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {98f4175f-a0f5-11e3-85f4-78929c166542} - D:\iLinker.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 203.144.207.49 203.144.207.29
FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
========================== Services (Whitelisted) =================
Locked "f8065e8752673505" service could not be unlocked. <===== ATTENTION
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 syshost32; C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe [74752 2014-04-12] ()
==================== Drivers (Whitelisted) ====================
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] ()
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] ()
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] ()
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [422976 2009-07-14] ()
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [297552 2009-07-14] ()
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [146512 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] ()
S3 aic78xx; C:\Windows\system32\drivers\djsvs.sys [70720 2009-07-14] ()
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] ()
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] ()
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [52736 2009-07-14] ()
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] ()
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [159312 2009-07-14] ()
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] ()
S3 arc; C:\Windows\system32\drivers\arc.sys [76368 2009-07-14] ()
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [86608 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] ()
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] ()
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-14] ()
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] ()
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [35328 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] ()
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] ()
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-14] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] ()
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] ()
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] ()
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [14080 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] ()
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [19024 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [22096 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] ()
R0 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] ()
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-14] ()
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [453712 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] ()
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] ()
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] ()
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] ()
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] ()
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [57936 2009-07-14] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] ()
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] ()
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] ()
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] ()
S3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [24064 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] ()
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] ()
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [76544 2012-04-23] ()
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] ()
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] ()
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [354840 2010-11-06] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] ()
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4807168 2010-10-24] ()
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [3396136 2011-02-11] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] ()
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] ()
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2013-09-25] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2013-09-25] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [95824 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89168 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [54864 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96848 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] ()
S3 megasas; C:\Windows\system32\drivers\megasas.sys [30800 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [235584 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] ()
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] ()
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] ()
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] ()
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] ()
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] ()
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] ()
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] ()
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] ()
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] ()
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] ()
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] ()
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [18944 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] ()
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] ()
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] ()
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [327784 2010-12-28] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] ()
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] ()
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [583848 2013-06-26] ()
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [197800 2013-06-26] ()
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [24232 2013-06-26] ()
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [20136 2013-06-26] ()
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] ()
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [1314736 2010-10-08] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2013-09-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2013-09-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49664 2012-08-23] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27136 2012-08-23] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] ()
S3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [8192 2009-07-14] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-03] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-27] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] ()
R3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] ()
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] ()
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] ()
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R0 Wd; C:\Windows\System32\drivers\wd.sys [19024 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] ()
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 f8065e8752673505; C:\Windows\System32\Drivers\f8065e8752673505.sys [56192 2014-04-13] () <===== ATTENTION Necurs Rootkit?
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-12 06:09 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-12 06:08 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-12 03:51 - 00000728 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:23 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 13:23 - 2014-03-13 07:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 13:23 - 2014-03-13 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 13:23 - 2014-03-13 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-12 13:20 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-12 13:20 - 2014-02-04 04:07 - 00234432 _____ () C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00149440 _____ () C:\Windows\system32\Drivers\storport.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00027072 _____ () C:\Windows\system32\Drivers\Diskdump.sys
2014-04-12 13:20 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-12 13:20 - 2014-01-24 04:18 - 01212352 _____ () C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}
==================== One Month Modified Files and Folders =======
2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:09 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-12 06:08 - 2014-05-12 06:07 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 06:06 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-12 05:44 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 03:57 - 2010-11-20 23:01 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 03:51 - 2014-05-09 03:16 - 00000728 _____ () C:\Windows\setupact.log
2014-05-12 03:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 18:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 16:55 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 14:13 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 15:50 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 15:50 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 13:52 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-28 04:25 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-04-23 16:52 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-23 11:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-15 16:32 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria\AppData\Local\Adobe
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:31 - 2013-10-08 10:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}
Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-20 23:29] - [2010-11-20 23:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
LastRegBack: 2014-05-10 15:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by maria at 2014-05-12 06:10:19
Running from C:\Users\maria\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Crystal Eye Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIS 3G Pocket WiFi (HKLM\...\AIS 3G Pocket WiFi) (Version: 1.10.00.935 - Huawei Technologies Co.,Ltd)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{3361e961-9e49-487c-b1ac-9255348ccbaf}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.4 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.78 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3103 - Acer Incorporated)
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1A8C92B9-0F4A-445E-BCAE-81FA6A4C244C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {21285472-D062-443E-834C-2A9BFA41327C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {27CC9854-7F37-4B06-A5D3-4C321B5C3D0A} - System32\Tasks\{E25BCF6D-96DA-4E5B-9A93-93F21CEC7EB6} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {5D915CB3-09DE-4019-B28C-AEEA64D924EF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: {7F748F8C-C3A5-459C-B9E7-A766D3AA8B02} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2462786714-4158980062-2870690922-1000
Task: {A27BA80E-46D6-455D-8DB1-9484D5A39EDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1310DC9-4822-454C-ABBD-0DD0233167B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-30 15:12 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2013-10-08 10:23 - 2013-10-08 10:09 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-11 17:22 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-29 11:30 - 2014-03-29 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-05-10 22:58 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-10 14:15 - 2014-05-10 14:15 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
System errors:
=============
Error: (05/12/2014 05:37:05 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/12/2014 05:37:01 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (05/12/2014 03:53:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
ssmdrv
Error: (05/12/2014 03:51:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The avgntflt service failed to start due to the following error:
%%31
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:
%%1069
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Network List Service service failed to start due to the following error:
%%1069
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1069
Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-12 06:57:10
Windows 6.1.7601 Service Pack 1
Running: Gmer-19357.exe
---- Services - GMER 2.1 ----
Service System32\Drivers\f8065e8752673505.sys (*** hidden *** ) [BOOT] f8065e8752673505 <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ImagePath \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ImagePath \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@DisplayName syshost.exe
---- EOF - GMER 2.1 ----
Vielen Dank auf jeden Fall schon mal! Viele Grüße David |
|
12.05.2014, 06:53
| #2 |
| /// the machine /// TB-Ausbilder    | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' hi,
__________________Scan mit Combofix
__________________ |
|
12.05.2014, 14:02
| #3 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' so, hier das combofix logfile:
__________________Code:
ATTFilter ComboFix 14-05-10.01 - maria 05/12/2014 8:14.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2036.849 [GMT 2:00]
Running from: c:\users\maria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\drivers\f8065e8752673505.sys . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Legacy_f8065e8752673505
-------\Service_f8065e8752673505
.
.
((((((((((((((((((((((((( Files Created from 2014-04-12 to 2014-05-12 )))))))))))))))))))))))))))))))
.
.
2014-05-12 06:28 . 2014-05-12 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-12 04:22 . 2014-05-12 04:22 0 ----a-w- c:\windows\system32\sho6098.tmp
2014-05-12 04:15 . 2014-05-12 04:15 104960 ----a-w- C:\kwloypod.sys
2014-05-12 04:08 . 2014-05-12 04:11 -------- d-----w- C:\FRST
2014-05-11 15:22 . 2014-05-11 15:22 -------- d-----w- c:\programdata\Package Cache
2014-05-10 16:27 . 2014-05-10 16:27 0 ----a-w- c:\windows\system32\shoDAE.tmp
2014-05-06 16:30 . 2014-05-06 16:30 0 ----a-w- c:\windows\system32\sho7AE0.tmp
2014-05-06 11:35 . 2014-05-06 11:35 -------- d-----w- c:\users\maria\AppData\Local\Skype
2014-05-06 11:35 . 2014-05-06 11:35 -------- d-----w- c:\program files\Common Files\Skype
2014-04-30 13:30 . 2014-05-01 03:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-04-13 11:01 . 2014-05-12 06:31 56192 ----a-w- c:\windows\system32\drivers\f8065e8752673505.sys
2014-04-12 11:20 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-12 11:20 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-12 11:20 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-12 11:20 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-12 11:20 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 13:50 . 2012-04-15 08:46 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-30 13:50 . 2011-11-16 19:41 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 11:41 . 2014-04-03 11:41 0 ----a-w- c:\windows\system32\shoA083.tmp
2014-03-09 16:34 . 2014-03-09 16:34 0 ----a-w- c:\windows\system32\sho39D4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-18 1017424]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-10 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-18 440400]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 739944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CFCATCHME
*NewlyCreated* - WS2IFSL
*Deregistered* - CFcatchme
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:50]
.
2014-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 203.144.207.49 203.144.207.29
FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\programdata\DatacardService\HWDeviceService.exe
c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-12 08:38:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-12 06:38
.
Pre-Run: 30,740,840,448 bytes free
Post-Run: 30,186,090,496 bytes free
.
- - End Of File - - 29FF6260237B9AB680BE569DAC529BFE
ich weiss nicht ob jetzt schon alles behoben ist, den Antivir Echtzeit-Scanner konnte ich jetzt aber inzwischen schon wieder aktivieren! Das wollte ich nur schon mal kurz mitteilen. Vielen Dank, Chefrocker |
|
13.05.2014, 11:33
| #4 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.05.2014, 13:29
| #5 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Hier das tdsskiller-log: Code:
ATTFilter 14:22:48.0773 0x1190 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
14:22:54.0564 0x1190 ============================================================
14:22:54.0564 0x1190 Current date / time: 2014/05/13 14:22:54.0564
14:22:54.0564 0x1190 SystemInfo:
14:22:54.0564 0x1190
14:22:54.0564 0x1190 OS Version: 6.1.7601 ServicePack: 1.0
14:22:54.0564 0x1190 Product type: Workstation
14:22:54.0564 0x1190 ComputerName: MARIA-PC
14:22:54.0564 0x1190 UserName: maria
14:22:54.0564 0x1190 Windows directory: C:\Windows
14:22:54.0564 0x1190 System windows directory: C:\Windows
14:22:54.0564 0x1190 Processor architecture: Intel x86
14:22:54.0564 0x1190 Number of processors: 4
14:22:54.0564 0x1190 Page size: 0x1000
14:22:54.0564 0x1190 Boot type: Normal boot
14:22:54.0564 0x1190 ============================================================
14:22:56.0774 0x1190 KLMD registered as C:\Windows\system32\drivers\13747834.sys
14:22:57.0364 0x1190 System UUID: {71916D61-0DC0-5591-D358-D86A229C72C7}
14:22:58.0615 0x1190 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:22:58.0615 0x1190 ============================================================
14:22:58.0615 0x1190 \Device\Harddisk0\DR0:
14:22:58.0615 0x1190 MBR partitions:
14:22:58.0615 0x1190 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:22:58.0615 0x1190 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
14:22:58.0625 0x1190 ============================================================
14:22:58.0655 0x1190 C: <-> \Device\Harddisk0\DR0\Partition2
14:22:58.0655 0x1190 ============================================================
14:22:58.0655 0x1190 Initialize success
14:22:58.0655 0x1190 ============================================================
14:24:35.0683 0x17a8 ============================================================
14:24:35.0684 0x17a8 Scan started
14:24:35.0684 0x17a8 Mode: Manual; SigCheck; TDLFS;
14:24:35.0684 0x17a8 ============================================================
14:24:35.0684 0x17a8 KSN ping started
14:24:38.0754 0x17a8 KSN ping finished: true
14:24:40.0938 0x17a8 ================ Scan system memory ========================
14:24:40.0938 0x17a8 System memory - ok
14:24:40.0938 0x17a8 ================ Scan services =============================
14:24:41.0546 0x17a8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:24:41.0843 0x17a8 1394ohci - ok
14:24:41.0921 0x17a8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:24:42.0014 0x17a8 ACPI - ok
14:24:42.0077 0x17a8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:24:42.0264 0x17a8 AcpiPmi - ok
14:24:42.0467 0x17a8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:42.0513 0x17a8 AdobeARMservice - ok
14:24:42.0669 0x17a8 [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:42.0747 0x17a8 AdobeFlashPlayerUpdateSvc - ok
14:24:42.0857 0x17a8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:24:42.0966 0x17a8 adp94xx - ok
14:24:43.0091 0x17a8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:24:43.0231 0x17a8 adpahci - ok
14:24:43.0356 0x17a8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:24:43.0418 0x17a8 adpu320 - ok
14:24:43.0449 0x17a8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:24:43.0839 0x17a8 AeLookupSvc - ok
14:24:43.0933 0x17a8 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
14:24:44.0136 0x17a8 AFD - ok
14:24:44.0183 0x17a8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:24:44.0261 0x17a8 agp440 - ok
14:24:44.0354 0x17a8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:24:44.0417 0x17a8 aic78xx - ok
14:24:44.0666 0x17a8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
14:24:44.0807 0x17a8 ALG - ok
14:24:44.0885 0x17a8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
14:24:44.0931 0x17a8 aliide - ok
14:24:45.0009 0x17a8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:24:45.0087 0x17a8 amdagp - ok
14:24:45.0150 0x17a8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
14:24:45.0197 0x17a8 amdide - ok
14:24:45.0275 0x17a8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:24:45.0368 0x17a8 AmdK8 - ok
14:24:45.0399 0x17a8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:24:45.0493 0x17a8 AmdPPM - ok
14:24:45.0571 0x17a8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:24:45.0633 0x17a8 amdsata - ok
14:24:45.0727 0x17a8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:24:45.0789 0x17a8 amdsbs - ok
14:24:45.0821 0x17a8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:24:45.0883 0x17a8 amdxata - ok
14:24:46.0023 0x17a8 [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:24:46.0179 0x17a8 AntiVirSchedulerService - ok
14:24:46.0304 0x17a8 [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:24:46.0382 0x17a8 AntiVirService - ok
14:24:46.0538 0x17a8 [ 3D15C6EDBF84D792ACEBD2289546DBAF, 8E9199028CF4599CE362836CAD4DEC1E033F10335377280A4268E14D0201B1EB ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:24:46.0663 0x17a8 AntiVirWebService - ok
14:24:46.0725 0x17a8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
14:24:46.0835 0x17a8 AppID - ok
14:24:46.0897 0x17a8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:24:47.0053 0x17a8 AppIDSvc - ok
14:24:47.0193 0x17a8 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
14:24:47.0287 0x17a8 Appinfo - ok
14:24:47.0365 0x17a8 [ D8E18021F91AD79CA8491CB5A5DA22D4, F44B5855BE8EF2D5FFED41E6E586071B0A90A8271FF79DF25F11C99C0B5481FF ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:24:47.0412 0x17a8 Apple Mobile Device - ok
14:24:47.0505 0x17a8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
14:24:47.0568 0x17a8 arc - ok
14:24:47.0599 0x17a8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:24:47.0661 0x17a8 arcsas - ok
14:24:47.0911 0x17a8 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:24:48.0005 0x17a8 aspnet_state - ok
14:24:48.0067 0x17a8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:48.0285 0x17a8 AsyncMac - ok
14:24:48.0363 0x17a8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
14:24:48.0426 0x17a8 atapi - ok
14:24:48.0519 0x17a8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:24:48.0660 0x17a8 AudioEndpointBuilder - ok
14:24:48.0691 0x17a8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:24:48.0800 0x17a8 Audiosrv - ok
14:24:48.0925 0x17a8 [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:24:49.0003 0x17a8 avgntflt - ok
14:24:49.0065 0x17a8 [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:24:49.0143 0x17a8 avipbb - ok
14:24:49.0315 0x17a8 [ A5CD26F34F4D6E4DFB6B2D400572AB52, 312C66FE881C10A39CF059EF0F3927B6793BD7A88153FC346AA327E9A592DE57 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
14:24:49.0393 0x17a8 Avira.OE.ServiceHost - ok
14:24:49.0518 0x17a8 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:24:49.0580 0x17a8 avkmgr - ok
14:24:49.0674 0x17a8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:24:49.0830 0x17a8 AxInstSV - ok
14:24:49.0923 0x17a8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:24:50.0095 0x17a8 b06bdrv - ok
14:24:50.0189 0x17a8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:24:50.0282 0x17a8 b57nd60x - ok
14:24:50.0360 0x17a8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
14:24:50.0469 0x17a8 BDESVC - ok
14:24:50.0547 0x17a8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
14:24:50.0657 0x17a8 Beep - ok
14:24:50.0750 0x17a8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
14:24:50.0906 0x17a8 BFE - ok
14:24:51.0000 0x17a8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
14:24:51.0156 0x17a8 BITS - ok
14:24:51.0187 0x17a8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:24:51.0281 0x17a8 blbdrive - ok
14:24:51.0343 0x17a8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:24:51.0405 0x17a8 bowser - ok
14:24:51.0437 0x17a8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:24:51.0530 0x17a8 BrFiltLo - ok
14:24:51.0561 0x17a8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:24:51.0639 0x17a8 BrFiltUp - ok
14:24:51.0733 0x17a8 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:24:51.0827 0x17a8 BridgeMP - ok
14:24:51.0905 0x17a8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
14:24:52.0014 0x17a8 Browser - ok
14:24:52.0076 0x17a8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:24:52.0232 0x17a8 Brserid - ok
14:24:52.0263 0x17a8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:52.0357 0x17a8 BrSerWdm - ok
14:24:52.0404 0x17a8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:52.0466 0x17a8 BrUsbMdm - ok
14:24:52.0497 0x17a8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:52.0591 0x17a8 BrUsbSer - ok
14:24:52.0622 0x17a8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:24:52.0716 0x17a8 BTHMODEM - ok
14:24:52.0778 0x17a8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
14:24:52.0934 0x17a8 bthserv - ok
14:24:53.0309 0x17a8 [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
14:24:53.0543 0x17a8 c2cautoupdatesvc - ok
14:24:53.0792 0x17a8 [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
14:24:54.0042 0x17a8 c2cpnrsvc - ok
14:24:54.0291 0x17a8 catchme - ok
14:24:54.0385 0x17a8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:24:54.0494 0x17a8 cdfs - ok
14:24:54.0572 0x17a8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:24:54.0666 0x17a8 cdrom - ok
14:24:54.0728 0x17a8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
14:24:54.0837 0x17a8 CertPropSvc - ok
14:24:54.0853 0x17a8 CFcatchme - ok
14:24:54.0900 0x17a8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
14:24:54.0962 0x17a8 circlass - ok
14:24:55.0009 0x17a8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
14:24:55.0071 0x17a8 CLFS - ok
14:24:55.0165 0x17a8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:55.0212 0x17a8 clr_optimization_v2.0.50727_32 - ok
14:24:55.0368 0x17a8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:55.0649 0x17a8 clr_optimization_v4.0.30319_32 - ok
14:24:55.0680 0x17a8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:24:55.0742 0x17a8 CmBatt - ok
14:24:55.0789 0x17a8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:24:55.0836 0x17a8 cmdide - ok
14:24:55.0898 0x17a8 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
14:24:56.0007 0x17a8 CNG - ok
14:24:56.0070 0x17a8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:24:56.0117 0x17a8 Compbatt - ok
14:24:56.0163 0x17a8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:24:56.0288 0x17a8 CompositeBus - ok
14:24:56.0304 0x17a8 COMSysApp - ok
14:24:56.0351 0x17a8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:24:56.0413 0x17a8 crcdisk - ok
14:24:56.0507 0x17a8 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:24:56.0616 0x17a8 CryptSvc - ok
14:24:56.0819 0x17a8 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:24:56.0943 0x17a8 cvhsvc - ok
14:24:57.0006 0x17a8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
14:24:57.0131 0x17a8 DcomLaunch - ok
14:24:57.0177 0x17a8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
14:24:57.0333 0x17a8 defragsvc - ok
14:24:57.0396 0x17a8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:24:57.0552 0x17a8 DfsC - ok
14:24:57.0755 0x17a8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:24:57.0864 0x17a8 Dhcp - ok
14:24:57.0942 0x17a8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
14:24:58.0082 0x17a8 discache - ok
14:24:58.0160 0x17a8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
14:24:58.0223 0x17a8 Disk - ok
14:24:58.0379 0x17a8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:24:58.0488 0x17a8 Dnscache - ok
14:24:58.0613 0x17a8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
14:24:58.0800 0x17a8 dot3svc - ok
14:24:58.0862 0x17a8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
14:24:58.0956 0x17a8 DPS - ok
14:24:59.0034 0x17a8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:24:59.0143 0x17a8 drmkaud - ok
14:24:59.0283 0x17a8 [ 4AB2A58816CC6BE771F1D8C768B804C5, 8D4D33D68D13A7EB0114959DAE841411961C18C6EDF8E1559649903D20BD3D50 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
14:24:59.0361 0x17a8 DsiWMIService - ok
14:24:59.0486 0x17a8 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:24:59.0642 0x17a8 DXGKrnl - ok
14:24:59.0799 0x17a8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
14:24:59.0908 0x17a8 EapHost - ok
14:25:00.0298 0x17a8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:25:00.0736 0x17a8 ebdrv - ok
14:25:00.0799 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
14:25:00.0892 0x17a8 EFS - ok
14:25:01.0048 0x17a8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:25:01.0189 0x17a8 elxstor - ok
14:25:01.0345 0x17a8 [ 884EFD5C5586AF9233B76132EDE51905, 86D96A41C896D0E9C50BAAEF9E400BA8C7FC57B4C742B1170B2A1965799C35F3 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:25:01.0485 0x17a8 ePowerSvc - ok
14:25:01.0501 0x17a8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:25:01.0579 0x17a8 ErrDev - ok
14:25:01.0672 0x17a8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
14:25:01.0797 0x17a8 EventSystem - ok
14:25:01.0891 0x17a8 [ 61A973F60E94A551BA7B15F3460444FB, FC2FB69978D99D75673AFE9F08176F3139DCBAEDE4D339BD09DA29CD3EC01005 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
14:25:02.0047 0x17a8 ew_usbenumfilter - ok
14:25:02.0109 0x17a8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
14:25:02.0249 0x17a8 exfat - ok
14:25:02.0281 0x17a8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:25:02.0405 0x17a8 fastfat - ok
14:25:02.0530 0x17a8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
14:25:02.0655 0x17a8 Fax - ok
14:25:02.0686 0x17a8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
14:25:02.0764 0x17a8 fdc - ok
14:25:02.0811 0x17a8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
14:25:02.0951 0x17a8 fdPHost - ok
14:25:03.0061 0x17a8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
14:25:03.0170 0x17a8 FDResPub - ok
14:25:03.0217 0x17a8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:25:03.0279 0x17a8 FileInfo - ok
14:25:03.0310 0x17a8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:25:03.0482 0x17a8 Filetrace - ok
14:25:03.0513 0x17a8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:25:03.0622 0x17a8 flpydisk - ok
14:25:03.0685 0x17a8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:25:03.0763 0x17a8 FltMgr - ok
14:25:03.0872 0x17a8 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
14:25:04.0075 0x17a8 FontCache - ok
14:25:04.0215 0x17a8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:25:04.0262 0x17a8 FontCache3.0.0.0 - ok
14:25:04.0324 0x17a8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:25:04.0418 0x17a8 FsDepends - ok
14:25:04.0496 0x17a8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:25:04.0574 0x17a8 Fs_Rec - ok
14:25:04.0636 0x17a8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:25:04.0730 0x17a8 fvevol - ok
14:25:04.0792 0x17a8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:25:04.0855 0x17a8 gagp30kx - ok
14:25:04.0933 0x17a8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
14:25:05.0120 0x17a8 gpsvc - ok
14:25:05.0260 0x17a8 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:25:05.0338 0x17a8 gusvc - ok
14:25:05.0447 0x17a8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:25:05.0572 0x17a8 hcw85cir - ok
14:25:05.0650 0x17a8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:25:05.0759 0x17a8 HdAudAddService - ok
14:25:05.0791 0x17a8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:25:05.0869 0x17a8 HDAudBus - ok
14:25:05.0947 0x17a8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:25:06.0040 0x17a8 HidBatt - ok
14:25:06.0071 0x17a8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:25:06.0181 0x17a8 HidBth - ok
14:25:06.0227 0x17a8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
14:25:06.0305 0x17a8 HidIr - ok
14:25:06.0383 0x17a8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
14:25:06.0493 0x17a8 hidserv - ok
14:25:06.0633 0x17a8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:25:06.0742 0x17a8 HidUsb - ok
14:25:06.0836 0x17a8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
14:25:06.0929 0x17a8 hkmsvc - ok
14:25:07.0007 0x17a8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:25:07.0148 0x17a8 HomeGroupListener - ok
14:25:07.0226 0x17a8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:25:07.0304 0x17a8 HomeGroupProvider - ok
14:25:07.0397 0x17a8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:25:07.0491 0x17a8 HpSAMD - ok
14:25:07.0631 0x17a8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:25:07.0834 0x17a8 HTTP - ok
14:25:07.0975 0x17a8 [ B73B6816BE98F6CAE539EB458626C411, B706F31DDF2052B34A187EFF5820D2AD5180DE003FC0353A39E86FC0F1904F3C ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
14:25:08.0115 0x17a8 huawei_cdcacm - ok
14:25:08.0193 0x17a8 [ BAEE880B51DF1A39D38F363523CD7E17, A97E94431C86AF99F125BA6326DBAA972031E5F5094891EF028705218084A879 ] huawei_cdcecm C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
14:25:08.0333 0x17a8 huawei_cdcecm - ok
14:25:08.0396 0x17a8 [ 12CA899F967E6B6F14E080705DF68932, 8C524F5AA0499A3BB0749D45B59F3F03A73004A9583396CA3470DF1C0F1E3281 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:25:08.0521 0x17a8 huawei_enumerator - ok
14:25:08.0677 0x17a8 [ AB58FF5B1A2B23C751E29975081E8015, A3A58EA423A3BFBF5BCD8D87AA6939EC02D641C259C38D6DB728BD2EF52D5567 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
14:25:08.0833 0x17a8 huawei_ext_ctrl - ok
14:25:09.0004 0x17a8 [ 5EF3427AE503B5C03A48F7C9FF458B69, C75D6E860AA9A1EA0351388B137FE39CE47E96471841BDCA96FF63C87CE99132 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
14:25:09.0051 0x17a8 HWDeviceService.exe - ok
14:25:09.0082 0x17a8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:25:09.0129 0x17a8 hwpolicy - ok
14:25:09.0207 0x17a8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:25:09.0316 0x17a8 i8042prt - ok
14:25:09.0394 0x17a8 [ F4037A3FEDB92DD97C95F320766EA5C9, 3872166AA17E9C19D9F5BBCBC6CA202F6D5CCB1F9E04ED2AA0D43F642B9C85FD ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:25:09.0441 0x17a8 iaStor - ok
14:25:09.0566 0x17a8 [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:25:09.0597 0x17a8 IAStorDataMgrSvc - ok
14:25:09.0737 0x17a8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:25:09.0831 0x17a8 iaStorV - ok
14:25:10.0112 0x17a8 [ 0DFFBA5AE3D2E1C076BD8E6F52C4FDFB, 327D366A8A1D7E4202404300DA9DE00010BA985C26DADA7D48E1F77B7A58168E ] IconMan_R C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:25:10.0408 0x17a8 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
14:25:10.0595 0x17a8 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
14:25:13.0871 0x17a8 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:25:14.0246 0x17a8 idsvc - ok
14:25:14.0371 0x17a8 IEEtwCollectorService - ok
14:25:14.0823 0x17a8 [ BA41E1BBA410212CE6D30E0DAC47972B, C1D8E5C95EADD9E2083275C1DA633F0B773B65EABEBC0F52224FF1156CBBE8C1 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:25:15.0431 0x17a8 igfx - ok
14:25:15.0525 0x17a8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:25:15.0572 0x17a8 iirsp - ok
14:25:15.0681 0x17a8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
14:25:15.0806 0x17a8 IKEEXT - ok
14:25:16.0227 0x17a8 [ FEAAE1C549D14B9759B88C569F33CD4E, 8A49A2D76CA60081E75A07A4F2679DC7B8ABD0A52BF058A9B50B35172775A25E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:25:16.0648 0x17a8 IntcAzAudAddService - ok
14:25:16.0679 0x17a8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
14:25:16.0742 0x17a8 intelide - ok
14:25:16.0804 0x17a8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:25:16.0882 0x17a8 intelppm - ok
14:25:16.0946 0x17a8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:25:17.0039 0x17a8 IPBusEnum - ok
14:25:17.0086 0x17a8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:25:17.0211 0x17a8 IpFilterDriver - ok
14:25:17.0320 0x17a8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:25:17.0460 0x17a8 iphlpsvc - ok
14:25:17.0492 0x17a8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:25:17.0554 0x17a8 IPMIDRV - ok
14:25:17.0585 0x17a8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:25:17.0694 0x17a8 IPNAT - ok
14:25:17.0788 0x17a8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:25:17.0866 0x17a8 IRENUM - ok
14:25:17.0913 0x17a8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:25:17.0978 0x17a8 isapnp - ok
14:25:18.0103 0x17a8 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:25:18.0181 0x17a8 iScsiPrt - ok
14:25:18.0228 0x17a8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:25:18.0290 0x17a8 kbdclass - ok
14:25:18.0415 0x17a8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:25:18.0524 0x17a8 kbdhid - ok
14:25:18.0555 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
14:25:18.0602 0x17a8 KeyIso - ok
14:25:18.0618 0x17a8 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:25:18.0680 0x17a8 KSecDD - ok
14:25:18.0711 0x17a8 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:25:18.0774 0x17a8 KSecPkg - ok
14:25:18.0836 0x17a8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:25:18.0992 0x17a8 KtmRm - ok
14:25:19.0148 0x17a8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:25:19.0273 0x17a8 LanmanServer - ok
14:25:19.0398 0x17a8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:25:19.0476 0x17a8 LanmanWorkstation - ok
14:25:19.0554 0x17a8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:25:19.0679 0x17a8 lltdio - ok
14:25:19.0757 0x17a8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:25:19.0866 0x17a8 lltdsvc - ok
14:25:19.0897 0x17a8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:25:20.0006 0x17a8 lmhosts - ok
14:25:20.0084 0x17a8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:25:20.0162 0x17a8 LSI_FC - ok
14:25:20.0193 0x17a8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:25:20.0256 0x17a8 LSI_SAS - ok
14:25:20.0381 0x17a8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:25:20.0427 0x17a8 LSI_SAS2 - ok
14:25:20.0490 0x17a8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:25:20.0552 0x17a8 LSI_SCSI - ok
14:25:20.0630 0x17a8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
14:25:20.0755 0x17a8 luafv - ok
14:25:20.0817 0x17a8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
14:25:20.0864 0x17a8 megasas - ok
14:25:20.0942 0x17a8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:25:21.0005 0x17a8 MegaSR - ok
14:25:21.0051 0x17a8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
14:25:21.0161 0x17a8 MMCSS - ok
14:25:21.0207 0x17a8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
14:25:21.0317 0x17a8 Modem - ok
14:25:21.0379 0x17a8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:25:21.0441 0x17a8 monitor - ok
14:25:21.0535 0x17a8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:25:21.0582 0x17a8 mouclass - ok
14:25:21.0644 0x17a8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:25:21.0707 0x17a8 mouhid - ok
14:25:21.0738 0x17a8 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:25:21.0785 0x17a8 mountmgr - ok
14:25:21.0909 0x17a8 [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:25:21.0987 0x17a8 MozillaMaintenance - ok
14:25:22.0034 0x17a8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
14:25:22.0112 0x17a8 mpio - ok
14:25:22.0175 0x17a8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:25:22.0299 0x17a8 mpsdrv - ok
14:25:22.0362 0x17a8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:25:22.0565 0x17a8 MpsSvc - ok
14:25:22.0643 0x17a8 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:25:22.0814 0x17a8 MRxDAV - ok
14:25:22.0908 0x17a8 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:25:23.0001 0x17a8 mrxsmb - ok
14:25:23.0033 0x17a8 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:25:23.0126 0x17a8 mrxsmb10 - ok
14:25:23.0189 0x17a8 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:25:23.0267 0x17a8 mrxsmb20 - ok
14:25:23.0313 0x17a8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
14:25:23.0360 0x17a8 msahci - ok
14:25:23.0407 0x17a8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:25:23.0469 0x17a8 msdsm - ok
14:25:23.0501 0x17a8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
14:25:23.0594 0x17a8 MSDTC - ok
14:25:23.0657 0x17a8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:25:23.0750 0x17a8 Msfs - ok
14:25:23.0813 0x17a8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:25:23.0906 0x17a8 mshidkmdf - ok
14:25:23.0937 0x17a8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:25:23.0984 0x17a8 msisadrv - ok
14:25:24.0047 0x17a8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:25:24.0171 0x17a8 MSiSCSI - ok
14:25:24.0171 0x17a8 msiserver - ok
14:25:24.0234 0x17a8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:25:24.0327 0x17a8 MSKSSRV - ok
14:25:24.0390 0x17a8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:25:24.0499 0x17a8 MSPCLOCK - ok
14:25:24.0499 0x17a8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:25:24.0608 0x17a8 MSPQM - ok
14:25:24.0639 0x17a8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:25:24.0702 0x17a8 MsRPC - ok
14:25:24.0749 0x17a8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:25:24.0780 0x17a8 mssmbios - ok
14:25:24.0842 0x17a8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:25:24.0936 0x17a8 MSTEE - ok
14:25:24.0967 0x17a8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:25:25.0076 0x17a8 MTConfig - ok
14:25:25.0107 0x17a8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
14:25:25.0154 0x17a8 Mup - ok
14:25:25.0201 0x17a8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
14:25:25.0326 0x17a8 napagent - ok
14:25:25.0435 0x17a8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:25:25.0544 0x17a8 NativeWifiP - ok
14:25:25.0700 0x17a8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:25:25.0825 0x17a8 NDIS - ok
14:25:25.0887 0x17a8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:25:26.0043 0x17a8 NdisCap - ok
14:25:26.0090 0x17a8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:25:26.0199 0x17a8 NdisTapi - ok
14:25:26.0262 0x17a8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:25:26.0387 0x17a8 Ndisuio - ok
14:25:26.0433 0x17a8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:25:26.0558 0x17a8 NdisWan - ok
14:25:26.0605 0x17a8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:25:26.0699 0x17a8 NDProxy - ok
14:25:26.0808 0x17a8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:25:26.0933 0x17a8 NetBIOS - ok
14:25:26.0964 0x17a8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:25:27.0073 0x17a8 NetBT - ok
14:25:27.0089 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
14:25:27.0135 0x17a8 Netlogon - ok
14:25:27.0182 0x17a8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
14:25:27.0291 0x17a8 Netman - ok
14:25:27.0354 0x17a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0494 0x17a8 NetMsmqActivator - ok
14:25:27.0619 0x17a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0666 0x17a8 NetPipeActivator - ok
14:25:27.0728 0x17a8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
14:25:27.0869 0x17a8 netprofm - ok
14:25:27.0931 0x17a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0978 0x17a8 NetTcpActivator - ok
14:25:27.0993 0x17a8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:28.0040 0x17a8 NetTcpPortSharing - ok
14:25:29.0163 0x17a8 [ 5C531E96643A74CE8BD9AB16B6C7EAD7, 0C9173199EFBF305407F711B9546795AC41044EE6979B35BC50AF851F0EAC513 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
14:25:29.0975 0x17a8 NETwNs32 - ok
14:25:30.0053 0x17a8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:25:30.0115 0x17a8 nfrd960 - ok
14:25:30.0193 0x17a8 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:25:30.0302 0x17a8 NlaSvc - ok
14:25:30.0333 0x17a8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:25:30.0489 0x17a8 Npfs - ok
14:25:30.0521 0x17a8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
14:25:30.0645 0x17a8 nsi - ok
14:25:30.0661 0x17a8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:25:30.0755 0x17a8 nsiproxy - ok
14:25:30.0895 0x17a8 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:25:31.0051 0x17a8 Ntfs - ok
14:25:31.0082 0x17a8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
14:25:31.0223 0x17a8 Null - ok
14:25:31.0269 0x17a8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:25:31.0347 0x17a8 nvraid - ok
14:25:31.0425 0x17a8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:25:31.0488 0x17a8 nvstor - ok
14:25:31.0566 0x17a8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:25:31.0628 0x17a8 nv_agp - ok
14:25:31.0659 0x17a8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:25:31.0737 0x17a8 ohci1394 - ok
14:25:31.0815 0x17a8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:25:31.0878 0x17a8 ose - ok
14:25:32.0346 0x17a8 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:25:32.0954 0x17a8 osppsvc - ok
14:25:33.0110 0x17a8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:25:33.0235 0x17a8 p2pimsvc - ok
14:25:33.0360 0x17a8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
14:25:33.0531 0x17a8 p2psvc - ok
14:25:33.0563 0x17a8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
14:25:33.0641 0x17a8 Parport - ok
14:25:33.0703 0x17a8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:25:33.0765 0x17a8 partmgr - ok
14:25:33.0843 0x17a8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:25:33.0937 0x17a8 Parvdm - ok
14:25:33.0984 0x17a8 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:25:34.0077 0x17a8 PcaSvc - ok
14:25:34.0109 0x17a8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
14:25:34.0171 0x17a8 pci - ok
14:25:34.0218 0x17a8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
14:25:34.0280 0x17a8 pciide - ok
14:25:34.0311 0x17a8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:25:34.0405 0x17a8 pcmcia - ok
14:25:34.0436 0x17a8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
14:25:34.0499 0x17a8 pcw - ok
14:25:34.0577 0x17a8 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:25:34.0733 0x17a8 PEAUTH - ok
14:25:34.0982 0x17a8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
14:25:35.0263 0x17a8 pla - ok
14:25:35.0357 0x17a8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:25:35.0481 0x17a8 PlugPlay - ok
14:25:35.0544 0x17a8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:25:35.0622 0x17a8 PNRPAutoReg - ok
14:25:35.0669 0x17a8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:25:35.0731 0x17a8 PNRPsvc - ok
14:25:35.0825 0x17a8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:25:35.0981 0x17a8 PolicyAgent - ok
14:25:36.0090 0x17a8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
14:25:36.0183 0x17a8 Power - ok
14:25:36.0293 0x17a8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:25:36.0402 0x17a8 PptpMiniport - ok
14:25:36.0449 0x17a8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
14:25:36.0527 0x17a8 Processor - ok
14:25:36.0605 0x17a8 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:25:36.0698 0x17a8 ProfSvc - ok
14:25:36.0730 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:25:36.0761 0x17a8 ProtectedStorage - ok
14:25:36.0823 0x17a8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:25:36.0917 0x17a8 Psched - ok
14:25:37.0026 0x17a8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:25:37.0276 0x17a8 ql2300 - ok
14:25:37.0322 0x17a8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:25:37.0385 0x17a8 ql40xx - ok
14:25:37.0432 0x17a8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
14:25:37.0556 0x17a8 QWAVE - ok
14:25:37.0619 0x17a8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:25:37.0681 0x17a8 QWAVEdrv - ok
14:25:37.0697 0x17a8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:25:37.0822 0x17a8 RasAcd - ok
14:25:37.0915 0x17a8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:25:38.0009 0x17a8 RasAgileVpn - ok
14:25:38.0056 0x17a8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
14:25:38.0180 0x17a8 RasAuto - ok
14:25:38.0258 0x17a8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:25:38.0383 0x17a8 Rasl2tp - ok
14:25:38.0430 0x17a8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
14:25:38.0602 0x17a8 RasMan - ok
14:25:38.0680 0x17a8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:25:38.0789 0x17a8 RasPppoe - ok
14:25:38.0867 0x17a8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:25:38.0976 0x17a8 RasSstp - ok
14:25:39.0007 0x17a8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:25:39.0148 0x17a8 rdbss - ok
14:25:39.0194 0x17a8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:25:39.0257 0x17a8 rdpbus - ok
14:25:39.0272 0x17a8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:25:39.0382 0x17a8 RDPCDD - ok
14:25:39.0444 0x17a8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:25:39.0553 0x17a8 RDPENCDD - ok
14:25:39.0616 0x17a8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:25:39.0725 0x17a8 RDPREFMP - ok
14:25:39.0834 0x17a8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:25:39.0943 0x17a8 RdpVideoMiniport - ok
14:25:40.0021 0x17a8 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:25:40.0162 0x17a8 RDPWD - ok
14:25:40.0240 0x17a8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:25:40.0319 0x17a8 rdyboost - ok
14:25:40.0350 0x17a8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:25:40.0459 0x17a8 RemoteAccess - ok
14:25:40.0506 0x17a8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:25:40.0631 0x17a8 RemoteRegistry - ok
14:25:40.0709 0x17a8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:25:40.0818 0x17a8 RpcEptMapper - ok
14:25:40.0880 0x17a8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
14:25:40.0958 0x17a8 RpcLocator - ok
14:25:41.0021 0x17a8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
14:25:41.0130 0x17a8 RpcSs - ok
14:25:41.0239 0x17a8 [ 5AFF9074165F855B790D3A576B6B453B, 3BE8425E891B1B419769A8C0BDBF9200A96025573D45CCB02BCBBAC566875BBA ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
14:25:41.0286 0x17a8 RSPCIESTOR - ok
14:25:41.0364 0x17a8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:25:41.0489 0x17a8 rspndr - ok
14:25:41.0582 0x17a8 [ F83FEAF4C5A3A559A6CC98E112B62744, E679C71B37D913B9534EA7F96611157F782787FCC5798B1D05855624754E3FF2 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:25:41.0660 0x17a8 RTL8167 - ok
14:25:41.0691 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs C:\Windows\system32\lsass.exe
14:25:41.0723 0x17a8 SamSs - ok
14:25:41.0785 0x17a8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:25:41.0863 0x17a8 sbp2port - ok
14:25:41.0910 0x17a8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:25:42.0050 0x17a8 SCardSvr - ok
14:25:42.0081 0x17a8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:25:42.0191 0x17a8 scfilter - ok
14:25:42.0315 0x17a8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
14:25:42.0503 0x17a8 Schedule - ok
14:25:42.0549 0x17a8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:25:42.0612 0x17a8 SCPolicySvc - ok
14:25:42.0659 0x17a8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:25:42.0799 0x17a8 SDRSVC - ok
14:25:42.0861 0x17a8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:25:42.0986 0x17a8 secdrv - ok
14:25:43.0017 0x17a8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
14:25:43.0142 0x17a8 seclogon - ok
14:25:43.0173 0x17a8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
14:25:43.0298 0x17a8 SENS - ok
14:25:43.0329 0x17a8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:25:43.0392 0x17a8 Serenum - ok
14:25:43.0423 0x17a8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
14:25:43.0517 0x17a8 Serial - ok
14:25:43.0563 0x17a8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:25:43.0610 0x17a8 sermouse - ok
14:25:43.0688 0x17a8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
14:25:43.0797 0x17a8 SessionEnv - ok
14:25:43.0844 0x17a8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:25:43.0938 0x17a8 sffdisk - ok
14:25:43.0969 0x17a8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:25:44.0031 0x17a8 sffp_mmc - ok
14:25:44.0078 0x17a8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:25:44.0156 0x17a8 sffp_sd - ok
14:25:44.0187 0x17a8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:25:44.0265 0x17a8 sfloppy - ok
14:25:44.0375 0x17a8 [ EC5C79BD81F0C55DF53F4818D4F1C2C8, B9650F484CF918781CA3B02278F19E73FA3B619133F75C0C42FEB788A183E0CB ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:25:44.0468 0x17a8 Sftfs - ok
14:25:44.0593 0x17a8 [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
14:25:44.0687 0x17a8 sftlist - ok
14:25:44.0733 0x17a8 [ A224670FB892A205E4D99E06C0B85C7C, 3E2E401FF5E0E9EE4C2BE9F5C3144086F5AB015789C36D7263BBAB59FEEB74C7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:25:44.0811 0x17a8 Sftplay - ok
14:25:44.0827 0x17a8 [ 9D354D425FB55CDF0EDC7F67FBC5B04E, C3B68F8B5F34B73EF6588DCBB67BE7CB3E59918E7A58D90A83E3D8EBB6ECA291 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:25:44.0874 0x17a8 Sftredir - ok
14:25:44.0889 0x17a8 [ F369D6B89AA610174A4E90C8513B7C7A, 2AEFA10F57C0ED0466611957DED5425363608E88414DD7DCF74E182117B12F5A ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:25:44.0936 0x17a8 Sftvol - ok
14:25:45.0030 0x17a8 [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
14:25:45.0123 0x17a8 sftvsa - ok
14:25:45.0170 0x17a8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:25:45.0326 0x17a8 SharedAccess - ok
14:25:45.0389 0x17a8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:25:45.0513 0x17a8 ShellHWDetection - ok
14:25:45.0576 0x17a8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:25:45.0638 0x17a8 sisagp - ok
14:25:45.0685 0x17a8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:25:45.0732 0x17a8 SiSRaid2 - ok
14:25:45.0779 0x17a8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:25:45.0841 0x17a8 SiSRaid4 - ok
14:25:45.0935 0x17a8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:25:46.0122 0x17a8 SkypeUpdate - ok
14:25:46.0184 0x17a8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:25:46.0293 0x17a8 Smb - ok
14:25:46.0387 0x17a8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:25:46.0434 0x17a8 SNMPTRAP - ok
14:25:46.0481 0x17a8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
14:25:46.0527 0x17a8 spldr - ok
14:25:46.0605 0x17a8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
14:25:46.0746 0x17a8 Spooler - ok
14:25:46.0995 0x17a8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
14:25:47.0354 0x17a8 sppsvc - ok
14:25:47.0385 0x17a8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:25:47.0495 0x17a8 sppuinotify - ok
14:25:47.0573 0x17a8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:25:47.0713 0x17a8 srv - ok
14:25:47.0775 0x17a8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:25:47.0900 0x17a8 srv2 - ok
14:25:47.0931 0x17a8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:25:48.0025 0x17a8 srvnet - ok
14:25:48.0072 0x17a8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:25:48.0165 0x17a8 SSDPSRV - ok
14:25:48.0290 0x17a8 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:25:48.0337 0x17a8 ssmdrv - ok
14:25:48.0368 0x17a8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:25:48.0477 0x17a8 SstpSvc - ok
14:25:48.0509 0x17a8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:25:48.0555 0x17a8 stexstor - ok
14:25:48.0665 0x17a8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
14:25:48.0821 0x17a8 StiSvc - ok
14:25:48.0867 0x17a8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
14:25:48.0914 0x17a8 swenum - ok
14:25:48.0961 0x17a8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
14:25:49.0133 0x17a8 swprv - ok
14:25:49.0273 0x17a8 [ 31B6B2D25FCFF1B71AE225000D656CD0, D4096648E6AB6240DFD4667F704C1A8772C92ABAFA9213EE4653DA714D38485E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:25:49.0445 0x17a8 SynTP - ok
14:25:49.0554 0x17a8 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
14:25:49.0710 0x17a8 SysMain - ok
14:25:49.0741 0x17a8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:25:49.0850 0x17a8 TabletInputService - ok
14:25:49.0881 0x17a8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
14:25:50.0037 0x17a8 TapiSrv - ok
14:25:50.0084 0x17a8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
14:25:50.0178 0x17a8 TBS - ok
14:25:50.0303 0x17a8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:25:50.0490 0x17a8 Tcpip - ok
14:25:50.0615 0x17a8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:25:50.0739 0x17a8 TCPIP6 - ok
14:25:50.0817 0x17a8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:25:50.0880 0x17a8 tcpipreg - ok
14:25:50.0942 0x17a8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:25:51.0036 0x17a8 TDPIPE - ok
14:25:51.0083 0x17a8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:25:51.0145 0x17a8 TDTCP - ok
14:25:51.0176 0x17a8 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:25:51.0301 0x17a8 tdx - ok
14:25:51.0348 0x17a8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:25:51.0410 0x17a8 TermDD - ok
14:25:51.0473 0x17a8 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
14:25:51.0613 0x17a8 TermService - ok
14:25:51.0629 0x17a8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
14:25:51.0707 0x17a8 Themes - ok
14:25:51.0738 0x17a8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
14:25:51.0847 0x17a8 THREADORDER - ok
14:25:51.0909 0x17a8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
14:25:52.0034 0x17a8 TrkWks - ok
14:25:52.0112 0x17a8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:25:52.0237 0x17a8 TrustedInstaller - ok
14:25:52.0299 0x17a8 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:25:52.0409 0x17a8 tssecsrv - ok
14:25:52.0471 0x17a8 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:25:52.0596 0x17a8 TsUsbFlt - ok
14:25:52.0627 0x17a8 [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:25:52.0705 0x17a8 TsUsbGD - ok
14:25:52.0799 0x17a8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:25:52.0892 0x17a8 tunnel - ok
14:25:52.0955 0x17a8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:25:53.0017 0x17a8 uagp35 - ok
14:25:53.0064 0x17a8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:25:53.0204 0x17a8 udfs - ok
14:25:53.0251 0x17a8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:25:53.0345 0x17a8 UI0Detect - ok
14:25:53.0423 0x17a8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:25:53.0485 0x17a8 uliagpkx - ok
14:25:53.0547 0x17a8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:25:53.0657 0x17a8 umbus - ok
14:25:53.0719 0x17a8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:25:53.0813 0x17a8 UmPass - ok
14:25:53.0859 0x17a8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
14:25:54.0015 0x17a8 upnphost - ok
14:25:54.0093 0x17a8 [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:25:54.0234 0x17a8 USBAAPL - ok
14:25:54.0281 0x17a8 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:25:54.0421 0x17a8 usbccgp - ok
14:25:54.0452 0x17a8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:25:54.0530 0x17a8 usbcir - ok
14:25:54.0577 0x17a8 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:25:54.0639 0x17a8 usbehci - ok
14:25:54.0686 0x17a8 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:25:54.0795 0x17a8 usbhub - ok
14:25:54.0873 0x17a8 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:25:54.0983 0x17a8 usbohci - ok
14:25:55.0029 0x17a8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:25:55.0092 0x17a8 usbprint - ok
14:25:55.0123 0x17a8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:25:55.0232 0x17a8 USBSTOR - ok
14:25:55.0295 0x17a8 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:25:55.0373 0x17a8 usbuhci - ok
14:25:55.0482 0x17a8 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:25:55.0575 0x17a8 usbvideo - ok
14:25:55.0622 0x17a8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
14:25:55.0731 0x17a8 UxSms - ok
14:25:55.0747 0x17a8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc C:\Windows\system32\lsass.exe
14:25:55.0794 0x17a8 VaultSvc - ok
14:25:55.0872 0x17a8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:25:55.0919 0x17a8 vdrvroot - ok
14:25:55.0997 0x17a8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
14:25:56.0168 0x17a8 vds - ok
14:25:56.0231 0x17a8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:25:56.0309 0x17a8 vga - ok
14:25:56.0340 0x17a8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:25:56.0418 0x17a8 VgaSave - ok
14:25:56.0465 0x17a8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:25:56.0527 0x17a8 vhdmp - ok
14:25:56.0605 0x17a8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:25:56.0652 0x17a8 viaagp - ok
14:25:56.0667 0x17a8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:25:56.0761 0x17a8 ViaC7 - ok
14:25:56.0792 0x17a8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
14:25:56.0839 0x17a8 viaide - ok
14:25:56.0886 0x17a8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:25:56.0948 0x17a8 volmgr - ok
14:25:56.0995 0x17a8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:25:57.0089 0x17a8 volmgrx - ok
14:25:57.0151 0x17a8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:25:57.0229 0x17a8 volsnap - ok
14:25:57.0291 0x17a8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:25:57.0369 0x17a8 vsmraid - ok
14:25:57.0479 0x17a8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
14:25:57.0681 0x17a8 VSS - ok
14:25:57.0713 0x17a8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:25:57.0775 0x17a8 vwifibus - ok
14:25:57.0822 0x17a8 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:25:57.0931 0x17a8 vwififlt - ok
14:25:57.0993 0x17a8 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:25:58.0071 0x17a8 vwifimp - ok
14:25:58.0134 0x17a8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
14:25:58.0274 0x17a8 W32Time - ok
14:25:58.0305 0x17a8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:25:58.0368 0x17a8 WacomPen - ok
14:25:58.0430 0x17a8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:25:58.0524 0x17a8 WANARP - ok
14:25:58.0539 0x17a8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:25:58.0617 0x17a8 Wanarpv6 - ok
14:25:58.0758 0x17a8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
14:25:58.0992 0x17a8 wbengine - ok
14:25:59.0023 0x17a8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:25:59.0132 0x17a8 WbioSrvc - ok
14:25:59.0195 0x17a8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:25:59.0288 0x17a8 wcncsvc - ok
14:25:59.0304 0x17a8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:25:59.0397 0x17a8 WcsPlugInService - ok
14:25:59.0444 0x17a8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
14:25:59.0491 0x17a8 Wd - ok
14:25:59.0569 0x17a8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:25:59.0678 0x17a8 Wdf01000 - ok
14:25:59.0709 0x17a8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:25:59.0819 0x17a8 WdiServiceHost - ok
14:25:59.0819 0x17a8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:25:59.0881 0x17a8 WdiSystemHost - ok
14:25:59.0943 0x17a8 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
14:26:00.0053 0x17a8 WebClient - ok
14:26:00.0099 0x17a8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:26:00.0209 0x17a8 Wecsvc - ok
14:26:00.0255 0x17a8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:26:00.0333 0x17a8 wercplsupport - ok
14:26:00.0396 0x17a8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
14:26:00.0505 0x17a8 WerSvc - ok
14:26:00.0583 0x17a8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:26:00.0677 0x17a8 WfpLwf - ok
14:26:00.0708 0x17a8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:26:00.0770 0x17a8 WIMMount - ok
14:26:00.0864 0x17a8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:26:01.0067 0x17a8 WinDefend - ok
14:26:01.0129 0x17a8 WinHttpAutoProxySvc - ok
14:26:01.0254 0x17a8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:26:01.0394 0x17a8 Winmgmt - ok
14:26:01.0503 0x17a8 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
14:26:01.0691 0x17a8 WinRM - ok
14:26:01.0769 0x17a8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:26:01.0862 0x17a8 WinUsb - ok
14:26:01.0956 0x17a8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:26:02.0143 0x17a8 Wlansvc - ok
14:26:02.0299 0x17a8 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:26:02.0408 0x17a8 wlcrasvc - ok
14:26:02.0705 0x17a8 [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:26:02.0939 0x17a8 wlidsvc - ok
14:26:03.0032 0x17a8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:26:03.0095 0x17a8 WmiAcpi - ok
14:26:03.0157 0x17a8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:26:03.0251 0x17a8 wmiApSrv - ok
14:26:03.0422 0x17a8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:26:03.0578 0x17a8 WMPNetworkSvc - ok
14:26:03.0609 0x17a8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:26:03.0734 0x17a8 WPCSvc - ok
14:26:03.0750 0x17a8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:26:03.0875 0x17a8 WPDBusEnum - ok
14:26:03.0921 0x17a8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:26:04.0046 0x17a8 ws2ifsl - ok
14:26:04.0109 0x17a8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
14:26:04.0187 0x17a8 wscsvc - ok
14:26:04.0202 0x17a8 WSearch - ok
14:26:04.0436 0x17a8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
14:26:04.0639 0x17a8 wuauserv - ok
14:26:04.0686 0x17a8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:26:04.0764 0x17a8 WudfPf - ok
14:26:04.0826 0x17a8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:04.0904 0x17a8 WUDFRd - ok
14:26:04.0982 0x17a8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:26:05.0045 0x17a8 wudfsvc - ok
14:26:05.0107 0x17a8 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
14:26:05.0201 0x17a8 WwanSvc - ok
14:26:05.0279 0x17a8 ================ Scan global ===============================
14:26:05.0325 0x17a8 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:26:05.0388 0x17a8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:26:05.0419 0x17a8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:26:05.0466 0x17a8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:26:05.0513 0x17a8 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:26:05.0559 0x17a8 [ Global ] - ok
14:26:05.0559 0x17a8 ================ Scan MBR ==================================
14:26:05.0575 0x17a8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:26:06.0620 0x17a8 \Device\Harddisk0\DR0 - ok
14:26:06.0620 0x17a8 ================ Scan VBR ==================================
14:26:06.0651 0x17a8 [ DA0A3FBA67A5BE95BA6B0DDB3A39FADC ] \Device\Harddisk0\DR0\Partition1
14:26:06.0683 0x17a8 \Device\Harddisk0\DR0\Partition1 - ok
14:26:06.0714 0x17a8 [ AB193526AD8DC38D1CDF1A6CBA09D84C ] \Device\Harddisk0\DR0\Partition2
14:26:06.0729 0x17a8 \Device\Harddisk0\DR0\Partition2 - ok
14:26:06.0839 0x17a8 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x41000 ( enabled : updated )
14:26:06.0854 0x17a8 Win FW state via NFP2: enabled
14:26:09.0990 0x17a8 ============================================================
14:26:09.0990 0x17a8 Scan finished
14:26:09.0990 0x17a8 ============================================================
14:26:10.0021 0x17ac Detected object count: 1
14:26:10.0021 0x17ac Actual detected object count: 1
14:26:28.0148 0x17ac IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:28.0148 0x17ac IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.05.2014, 11:41
| #6 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Combofix löschen, neu laden, nochmal laufen lassen.
__________________ --> Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' |
|
14.05.2014, 13:19
| #7 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' neues combofix log: Code:
ATTFilter ComboFix 14-05-13.01 - maria 05/14/2014 13:46:27.2.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2036.1214 [GMT 2:00]
Running from: c:\users\maria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
c:\users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 11:59 . 2014-05-14 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 04:23 . 2014-05-13 04:23 0 ----a-w- c:\windows\system32\sho7753.tmp
2014-05-12 13:38 . 2014-05-12 13:38 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-12 13:11 . 2014-05-12 13:11 -------- d-----w- c:\windows\Migration
2014-05-12 12:59 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-12 12:59 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-12 04:22 . 2014-05-12 04:22 0 ----a-w- c:\windows\system32\sho6098.tmp
2014-05-12 04:15 . 2014-05-12 04:15 104960 ----a-w- C:\kwloypod.sys
2014-05-12 04:08 . 2014-05-12 04:11 -------- d-----w- C:\FRST
2014-05-11 15:22 . 2014-05-11 15:22 -------- d-----w- c:\programdata\Package Cache
2014-05-10 16:27 . 2014-05-10 16:27 0 ----a-w- c:\windows\system32\shoDAE.tmp
2014-05-06 16:30 . 2014-05-06 16:30 0 ----a-w- c:\windows\system32\sho7AE0.tmp
2014-05-06 11:35 . 2014-05-06 11:35 -------- d-----w- c:\users\maria\AppData\Local\Skype
2014-05-06 11:35 . 2014-05-06 11:35 -------- d-----w- c:\program files\Common Files\Skype
2014-04-30 13:30 . 2014-05-01 03:48 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 06:31 . 2014-04-13 11:01 56192 ----a-w- c:\windows\system32\drivers\f8065e8752673505.sys
2014-04-30 13:50 . 2012-04-15 08:46 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-30 13:50 . 2011-11-16 19:41 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 11:41 . 2014-04-03 11:41 0 ----a-w- c:\windows\system32\shoA083.tmp
2014-03-09 16:34 . 2014-03-09 16:34 0 ----a-w- c:\windows\system32\sho39D4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 CFcatchme;CFcatchme;c:\users\maria\AppData\Local\Temp\CFcatchme.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-04-23 70016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-12 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-18 1017424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-10 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-18 440400]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 739944]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-07 252520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:50]
.
2014-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
2014-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 203.144.207.49 203.144.207.29
FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-14 14:09:37 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-14 12:09
.
Pre-Run: 31,584,165,888 bytes free
Post-Run: 31,059,181,568 bytes free
.
- - End Of File - - C9B3CA8E6E2F8218F9CA54559B69F414
A36C5E4F47E84449FF07ED3517B43A31
|
|
15.05.2014, 09:45
| #8 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2014, 09:42
| #9 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' so, hier eine neue runde logs: mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 5/16/2014 Suchlauf-Zeit: 9:48:41 AM Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.16.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: maria Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 239109 Verstrichene Zeit: 26 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-2462786714-4158980062-2870690922-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [18ffb69c1962d3637217e9a0a75b7090], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) ADW cleaner Code:
ATTFilter # AdwCleaner v3.208 - Report created 16/05/2014 at 10:08:43
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : maria - MARIA-PC
# Running from : C:\Users\maria\Desktop\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ File : C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1360 octets] - [16/05/2014 10:06:02]
AdwCleaner[S0].txt - [1295 octets] - [16/05/2014 10:08:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1355 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by maria on Fri 05/16/2014 at 10:13:55.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\system32\sho1384.tmp
Successfully deleted: [File] C:\Windows\system32\sho39D4.tmp
Successfully deleted: [File] C:\Windows\system32\sho4F3C.tmp
Successfully deleted: [File] C:\Windows\system32\sho51A9.tmp
Successfully deleted: [File] C:\Windows\system32\sho6098.tmp
Successfully deleted: [File] C:\Windows\system32\sho6A19.tmp
Successfully deleted: [File] C:\Windows\system32\sho7664.tmp
Successfully deleted: [File] C:\Windows\system32\sho7753.tmp
Successfully deleted: [File] C:\Windows\system32\sho7AE0.tmp
Successfully deleted: [File] C:\Windows\system32\sho8086.tmp
Successfully deleted: [File] C:\Windows\system32\shoA083.tmp
Successfully deleted: [File] C:\Windows\system32\shoC839.tmp
Successfully deleted: [File] C:\Windows\system32\shoDAE.tmp
Successfully deleted: [File] C:\Windows\system32\shoE528.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{03054EAD-71D9-441A-80AB-F6600930C34A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0390F119-56B5-4DF7-9403-E6F4BD6DBD44}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{06E71217-4AAC-42B9-B3A8-5B53422278C9}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{07FC8E3F-D9E1-4F76-AA3A-C6C6C50BF47B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0C843876-8E72-433F-9663-D42F7FF39FB1}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0D4D9A08-F9ED-4D92-B688-3D2BA4E0F7BC}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{14F12C48-7D68-4A05-A03F-321F455DCE4A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{15271A03-294B-4039-9F43-E033D70110C8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{15CDFF98-1387-4FAD-8C91-E9FD27B28A10}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{1E2D2773-405F-4811-8B1B-65EDB48E800E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{1F9C88D4-5A7C-4D0A-B8BE-22306DA4F666}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{23C14A54-99E8-47B6-83F1-7D7B5685A3F8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2643C18D-75AC-491E-8496-D986324E0D7B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{272F3428-F96E-48AB-943F-C0566690B4C1}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2AE129C4-D77F-4912-B5BB-7D2958188D7E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2E51BFC6-088C-413C-A7EC-E25F17AD87BB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{314631AB-17C4-4D8A-847C-0499AEE84212}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{340F53EC-B07B-4986-80D6-DFFF0D95935C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{3E79F5E2-2DE7-4A17-9AA0-AEE35C0DE345}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{403850C3-5056-4BA4-99AB-DA218A806D31}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4196543B-9A1B-4C71-B78C-DAED1875F1EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{45D5AEE7-B988-47C2-B11A-78BC05F7B5ED}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4600C52A-5CCD-4F1F-9D7A-85A764B7617C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{463896A2-1E74-4D5B-B06F-BFC36A73C6E7}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{465509CA-331A-4493-BFF4-C0B7B4F42C1F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{48A0052B-82DF-4E0E-9ED3-049316F881B0}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4A765581-E777-409F-BB62-B33DCCC6E0C6}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4B8FDB58-278A-4D69-B12C-64B7A0A98695}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4CF4EC31-0F5B-4056-817E-F036201B33B8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4D3667F6-AD27-4884-94EA-3BF3C25C5F0B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4FF8ABC5-27A2-4C46-B580-C4F2C69E1E63}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{511D4DF2-B156-42E8-97A5-D28FC955CCB8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{51719A9E-1855-466A-AD67-B5A9709780BE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5519F21D-9BED-4AFF-B408-B68FEC163F5D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5D504EDD-704B-45BA-83F5-1F490D2EDD36}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5FA2FA85-26DF-45EF-9DA9-E876FB869E06}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{611883DA-19DF-46FF-8B04-D8D219C7B92A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{61C73515-F3FB-418C-9441-83CCA916152E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{63B3A099-89DF-41A4-A45A-6612AD10BACB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{659993B0-7676-4EDE-B4A8-EB76BFA176BA}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{66F588F6-2485-4595-9DC5-9569D8649301}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{673E6403-2DDD-430B-B3BE-EBFCBBF578B9}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{7024A00C-C92E-4E57-AE61-208F0D9E375B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{70FD5CA6-348D-4108-811F-AE88E9BFA243}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{71A4DE0A-2718-4C06-BC45-60E849F9195C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{72CAF5D2-EF62-43DC-BF31-C5B89AE46456}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{79E6DF9B-B019-4602-ACB6-405FDF381D7F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{7F3E0C9D-8412-4ACB-8AB8-AC0C3CF6B0F0}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{840D5642-9AE7-4616-AB53-A909E00AAA4D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{86C2CFF5-5DF2-4543-857F-15AFC48FA244}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8BB504BB-5505-477B-9FF4-294C7B0720D5}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8DD28B16-5701-43B6-A5AF-4E0A946326F8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8E8C2754-CA7D-417A-AADF-6BDE3748F260}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8E9539BF-1EC6-4E75-9B26-AA90991FE017}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{906FFF63-1736-41D0-9F27-A950A0CD395A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9073364C-B60E-4EB3-961A-DCF20F76A35B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{93D0A31B-85AA-4A82-A427-22110CB53AE8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{961FF0A9-3ED1-4B14-B7F5-6074FDA11F07}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{969ED885-C577-4032-A111-41DDEEC2CC73}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9BEF755D-758B-4B3A-B371-368A4C3E1D09}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9D006C6F-96D3-40CB-B31C-2857D582BAE8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A040472F-A9BC-4A39-A1F5-F5B5090DB75C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A2767EA3-92FB-43D8-ACAF-69240F9A5F18}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A41B4119-F300-44F6-9A05-923308A67673}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A8F44175-34DC-48FE-B1F3-8D3D20D7E1C3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B08910A5-739A-4269-9A6D-4BC3E60B6EAE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B0E75DE4-C278-4B71-8C8B-52E3FAA0E927}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B7195FBA-EF77-445E-8882-9E6FD395299A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B9360BEE-FCD2-41E4-92E1-11AE48D31D9D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{BBC25E07-B7E7-4F06-9017-61DFA45F02EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C1B44C1C-4566-416E-A165-34F317E55202}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C392F871-0238-4C3B-9885-278FA92EDC3F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C647797F-B5ED-4B7D-8BDF-9BDE78AE09FF}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C8722344-3764-4ED0-AB67-8C9527892D95}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C899A0A5-9244-4E89-BC86-6DB32F1424A8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{CF971A56-2E9F-4AAB-BF99-70E10EAB1A95}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{CFA34A8E-8467-4C2C-81C5-70B7A00BE5EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{D3414B33-87A0-467C-91B8-6DAC64474B96}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{D725A744-60A1-468F-A32C-9901F0E2042A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DBD97146-F9AC-4710-8D6F-1429DE866A90}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF19AF45-AA67-465D-BD72-49262D8B9EA3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF53C017-BB4A-43D9-A50E-F9528F8F7D28}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF558C47-902A-4A5B-8679-1FE22E6E86A3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E1223ADF-9AFE-4C47-A2D2-AEDA67FC98AE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E54A2A96-2A9C-47AA-AD96-B084B43359B6}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E692FBCA-248B-47D0-99CC-77E1E86FCD45}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F2F6A7FA-1525-4791-BD63-11A511B1C371}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F44847C7-A5D8-43D0-84B6-13D0CF099598}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F6015AC6-8EE9-4175-9C35-AEFF43A8A40E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F722EB61-764E-4948-87F6-20F6FCDC3544}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F8ACDD69-7963-4497-B300-90997956FCAA}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{FCD1B2DC-E14F-45A7-9081-EE7F2ACBFFB7}
~~~ FireFox
Emptied folder: C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\90yea2t9.default\minidumps [93 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/16/2014 at 10:19:39.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
neues FRST log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by maria (administrator) on MARIA-PC on 16-05-2014 10:34:39
Running from C:\Users\maria\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\maria\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\maria\AppData\Local\Temp\CFcatchme.sys [X]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-16 10:34 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:05 - 2014-05-16 10:08 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:11 - 2014-05-16 09:14 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-15 23:53 - 2014-05-16 09:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 23:53 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 23:53 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 14:20 - 2014-05-13 14:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 15:00 - 2014-05-12 15:08 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 14:59 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-12 14:59 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:29 - 2014-05-16 10:09 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:11 - 2014-05-14 14:09 - 00000000 ____D () C:\Qoobox
2014-05-12 08:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-12 08:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-12 08:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-12 08:10 - 2014-05-12 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 07:38 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:57 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:13 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:13 - 2014-05-12 06:11 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:10 - 2014-05-12 06:11 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:09 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-16 10:34 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-16 10:34 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-16 10:09 - 00210469 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-16 10:10 - 00001792 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
==================== One Month Modified Files and Folders =======
2014-05-16 10:34 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:34 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-16 10:34 - 2014-05-12 06:07 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-16 10:22 - 2014-05-11 17:22 - 00210469 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:18 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 10:18 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:10 - 2014-05-09 03:16 - 00001792 _____ () C:\Windows\setupact.log
2014-05-16 10:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 10:09 - 2014-05-12 08:29 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-16 10:08 - 2014-05-16 10:05 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:56 - 2014-05-15 23:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 09:50 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 09:44 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:44 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 09:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-16 09:14 - 2014-05-16 09:11 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-16 09:10 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-15 23:48 - 2012-06-30 12:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 14:09 - 2014-05-12 08:11 - 00000000 ____D () C:\Qoobox
2014-05-14 14:02 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 15:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-13 14:21 - 2014-05-13 14:20 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-13 10:59 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-13 04:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-12 15:55 - 2010-11-20 23:01 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 15:42 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:08 - 2014-05-12 15:00 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-12 08:35 - 2014-05-12 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 08:29 - 2009-07-14 04:03 - 39845888 _____ () C:\Windows\system32\config\software.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:28 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-05-12 07:38 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:11 - 2014-05-12 06:13 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:11 - 2014-05-12 06:13 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:10 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:09 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:07 - 2014-05-12 06:57 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 06:06 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-28 04:25 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters
Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe
C:\Users\maria\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 15:02
==================== End Of Log ============================
Vielen Dank! |
|
17.05.2014, 13:02
| #10 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.05.2014, 10:49
| #11 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' ESET Code:
ATTFilter # version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=261e083b6e517d408578c73d7e3a911e
# engine=18306
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-18 08:47:27
# local_time=2014-05-18 10:47:27 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 87258 171074152 79949 0
# compatibility_mode=5893 16776574 100 94 25205154 152034038 0 0
# scanned=122318
# found=2
# cleaned=0
# scan_time=5524
sh=A66E6C0417EF40FAFD1B5FCF2D3166765B8EF43F ft=1 fh=c675a25e62d443a3 vn="Variante von Win32/Kryptik.BZRH Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe.vir"
sh=E45F8B3EFB6DD25754CBDB0DE0CAA8D45FA47F9A ft=0 fh=0000000000000000 vn="Variante von Win32/Rootkit.Kryptik.YL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\drivers\_f8065e8752673505_.sys.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by maria (administrator) on MARIA-PC on 18-05-2014 11:32:46
Running from C:\Users\maria\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\maria\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\maria\AppData\Local\Temp\CFcatchme.sys [X]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 11:30 - 2014-05-18 11:30 - 00000906 _____ () C:\Users\maria\Desktop\checkup.txt
2014-05-18 11:29 - 2014-05-18 11:29 - 00855379 _____ () C:\Users\maria\Desktop\SecurityCheck.exe
2014-05-18 09:08 - 2014-05-18 09:08 - 02347384 _____ (ESET) C:\Users\maria\Desktop\esetsmartinstaller_deu.exe
2014-05-16 22:41 - 2014-05-16 22:41 - 00000000 _____ () C:\Windows\system32\sho413.tmp
2014-05-16 15:28 - 2014-05-16 15:28 - 00000000 ____D () C:\Users\maria\AppData\Local\webkit
2014-05-16 15:23 - 2014-05-16 18:30 - 00000000 ____D () C:\Users\maria\.gimp-2.8
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\AppData\Local\gegl-0.2
2014-05-16 12:19 - 2014-05-16 12:20 - 90396104 _____ (The GIMP Team ) C:\Users\maria\Downloads\gimp-2.8.10-setup.exe
2014-05-16 10:45 - 2014-05-16 10:45 - 00000000 ____D () C:\Users\maria\AppData\Local\{D5A0FC40-4B13-4F6E-8CD9-69B5E2CD50D3}
2014-05-16 10:34 - 2014-05-18 11:32 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:05 - 2014-05-16 10:08 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:11 - 2014-05-16 09:14 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-15 23:53 - 2014-05-16 09:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 23:53 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 23:53 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 14:20 - 2014-05-13 14:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 15:00 - 2014-05-12 15:08 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 14:59 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-12 14:59 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:29 - 2014-05-16 10:09 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:11 - 2014-05-14 14:09 - 00000000 ____D () C:\Qoobox
2014-05-12 08:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-12 08:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-12 08:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-12 08:10 - 2014-05-12 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 07:38 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:57 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:13 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:13 - 2014-05-12 06:11 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:10 - 2014-05-12 06:11 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:09 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-18 11:32 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-16 10:34 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-17 13:21 - 00247114 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-18 08:41 - 00001904 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
==================== One Month Modified Files and Folders =======
2014-05-18 11:33 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-18 11:32 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-18 11:30 - 2014-05-18 11:30 - 00000906 _____ () C:\Users\maria\Desktop\checkup.txt
2014-05-18 11:29 - 2014-05-18 11:29 - 00855379 _____ () C:\Users\maria\Desktop\SecurityCheck.exe
2014-05-18 10:44 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 09:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-18 09:08 - 2014-05-18 09:08 - 02347384 _____ (ESET) C:\Users\maria\Desktop\esetsmartinstaller_deu.exe
2014-05-18 08:50 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 08:50 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 08:41 - 2014-05-09 03:16 - 00001904 _____ () C:\Windows\setupact.log
2014-05-18 08:41 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 13:21 - 2014-05-11 17:22 - 00247114 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 22:41 - 2014-05-16 22:41 - 00000000 _____ () C:\Windows\system32\sho413.tmp
2014-05-16 21:38 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-05-16 18:30 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\.gimp-2.8
2014-05-16 15:28 - 2014-05-16 15:28 - 00000000 ____D () C:\Users\maria\AppData\Local\webkit
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\AppData\Local\gegl-0.2
2014-05-16 15:23 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-16 12:20 - 2014-05-16 12:19 - 90396104 _____ (The GIMP Team ) C:\Users\maria\Downloads\gimp-2.8.10-setup.exe
2014-05-16 10:45 - 2014-05-16 10:45 - 00000000 ____D () C:\Users\maria\AppData\Local\{D5A0FC40-4B13-4F6E-8CD9-69B5E2CD50D3}
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:34 - 2014-05-12 06:07 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:09 - 2014-05-12 08:29 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-16 10:08 - 2014-05-16 10:05 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:56 - 2014-05-15 23:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 09:44 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:44 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 09:14 - 2014-05-16 09:11 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-16 09:10 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-15 23:48 - 2012-06-30 12:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 14:09 - 2014-05-12 08:11 - 00000000 ____D () C:\Qoobox
2014-05-14 14:02 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 15:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-13 14:21 - 2014-05-13 14:20 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-13 10:59 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-13 04:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-12 15:55 - 2010-11-20 23:01 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 15:42 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:08 - 2014-05-12 15:00 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-12 08:35 - 2014-05-12 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 08:29 - 2009-07-14 04:03 - 39845888 _____ () C:\Windows\system32\config\software.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:28 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-05-12 07:38 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:11 - 2014-05-12 06:13 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:11 - 2014-05-12 06:13 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:10 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:09 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:07 - 2014-05-12 06:57 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters
Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe
C:\Users\maria\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 15:02
==================== End Of Log ============================
--- --- --- Hallo Schrauber, ich kann keine Probleme mehr erkennen. Antivir funktioniert auf jeden Fall wie es soll. Was die logs sagen weiss ich natuerlich nicht... Muss ich noch irgendwas tun? Vielen vielen Dank! |
|
19.05.2014, 08:27
| #12 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2014, 10:03
| #13 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by maria at 2014-05-19 10:58:46 Run:1
Running from C:\Users\maria\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
==== End of Fixlog ====
|
|
20.05.2014, 08:44
| #14 |
| /// the machine /// TB-Ausbilder | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' genau
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 11:03
| #15 |
| | Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' Hi Schrauber! Nachdem das Geraet jetzt schon eine Weile wieder problemlos laeuft wolllte ich dir dies kurz melden. Vielen vielen Dank fuer die Hilfe!! |
|
| Themen zu Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' |
| 0x8007042, antivir, antivirus, association, avira, browser, desktop, device driver, dxgkrnl, error, failed, firefox, flash player, homepage, launch, malware, monitor, mozilla, msiexec.exe, problem, realtek, registry, scan, security, software, svchost.exe, system, trojaner, tunnel, usb, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
