|
Log-Analyse und Auswertung: [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2014, 15:49 | #1 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Hallo, ich kann den Echtzeitscanner von meinem Avira Antivir nicht aktivieren. Ich kann auch nicht den Updateplan von Windows einstellen, sowie den Windows Defender aktivieren bzw. starten. zunächst defogger_disalbe: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:12 on 23/08/2014 (Acer Aspire 5742G) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014 Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 23-08-2014 16:14:28 Running from C:\Users\Acer Aspire 5742G\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\Run: [Google Update] => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-05] (Google Inc.) HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\MountPoints2: {927a4797-2b52-11e2-9cf5-1c75080cd246} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273608118105l04c4z1i5v48522526 SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05] CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05] CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05] CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05] CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05] CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit? S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.) S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed] R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed] S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed] R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed] S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed] R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 16:14 - 2014-08-23 16:14 - 00026218 _____ () C:\Users\Acer Aspire 5742G\Downloads\FRST.txt 2014-08-23 16:13 - 2014-08-23 16:14 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Downloads\FRST64.exe 2014-08-23 16:12 - 2014-08-23 16:12 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat 2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:18 - 2014-08-23 16:14 - 00000000 ____D () C:\FRST 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 15:55 - 2014-08-23 14:17 - 00001680 _____ () C:\Windows\setupact.log 2014-08-01 15:55 - 2014-08-05 16:03 - 00452086 _____ () C:\Windows\PFRO.log 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 15:53 - 2014-08-05 15:05 - 00000000 ____D () C:\AdwCleaner 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:38 - 2014-08-01 15:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 16:14 - 2014-08-23 16:14 - 00026218 _____ () C:\Users\Acer Aspire 5742G\Downloads\FRST.txt 2014-08-23 16:14 - 2014-08-23 16:13 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Downloads\FRST64.exe 2014-08-23 16:14 - 2014-08-01 16:18 - 00000000 ____D () C:\FRST 2014-08-23 16:12 - 2014-08-23 16:12 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log 2014-08-23 16:10 - 2012-09-25 20:47 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-08-23 16:08 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-23 16:07 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-23 16:07 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-23 15:38 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job 2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-23 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-23 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-23 14:18 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-08-23 14:17 - 2014-08-01 15:55 - 00001680 _____ () C:\Windows\setupact.log 2014-08-23 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-22 07:26 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-05 16:03 - 2014-08-01 15:55 - 00452086 _____ () C:\Windows\PFRO.log 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira 2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++ 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt 2014-08-05 15:05 - 2014-08-01 15:53 - 00000000 ____D () C:\AdwCleaner 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump 2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:39 - 2014-08-01 15:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-07-07 14:51 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-23 16:38:13 Windows 6.1.7601 Service Pack 1 x64 Running: 0m45n9xs.exe ---- Services - GMER 2.1 ---- Service System32\Drivers\508286c0aae35d85.sys (*** hidden *** ) [BOOT] 508286c0aae35d85 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ImagePath \SystemRoot\System32\Drivers\508286c0aae35d85.sys Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85 Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 2 Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Sa?, ?Aug ?23 ?14, 02:19:51????????????H?????????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime 0x7F 0x2C 0xFB 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime 0xFC 0x83 0xCA 0x96 ... Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@de-DE 2085 Reg HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Reg HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_C0^4EA9F56D234B0A8BC22D458D6788508F@Timestamp 0xA2 0xDC 0x2B 0x26 ... Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft-ISATAP-Adapter 2?4?5?6? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameResourceId 1801 Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameIndex 13 Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@Name Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206} Reg HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex 30 Reg HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex 30 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId 2115 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 420399421 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyBytes 0x10 0x1A 0xE2 0x5C ... Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberElapsedTime 20227 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberIoTime 8825 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberInitTime 1091 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyTime 1116 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesWritten 146610 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesProcessed 345848 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberDumpCount 10033 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberFileRuns 3 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberReadTime 9194 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberResumeAppTime 9913 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCompressTime 10156 Reg HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID f864c9c1-924f-49f6-9832-294636d Reg HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{91d9a5d6-ef5d-4f07-aeee-b9b445d6603a} Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ImagePath \SystemRoot\System32\Drivers\508286c0aae35d85.sys Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Tag 1 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@InterfaceName Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206} Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@ReusableType 1 Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanServer_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanServer_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanServer_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Tcpip_{AD365836-7E Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanWorkstation_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanWorkstation_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanWorkstation_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Tcpip_{4E0F26E Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"NetBT" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"NetBT" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"NetBT" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"NetBT" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBIOS_NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBIOS_NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBIOS_NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBIOS_NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime ?Fr?, ?Aug ?22 ?14, 07:29:19????????????N?????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch 16997 Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch 12965 Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters@DhcpNameServer 192.168.0.1 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseObtainedTime 1408796235 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T1 1408799835 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T2 1408802535 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseTerminatesTime 1408803435 Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind \Device\{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export \Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6Iaid 587202560 Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6State 0 ---- EOF - GMER 2.1 ---- Freundliche Grüße |
23.08.2014, 15:57 | #2 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] hi,
__________________addition.txt fehlt noch.
__________________ |
23.08.2014, 16:44 | #3 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014 Ran by Acer Aspire 5742G at 2014-08-23 17:41:12 Running from C:\Users\Acer Aspire 5742G\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll 2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: DevoloNetworkService => 2 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: nlsvc => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Virtual Router => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\ Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\ Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator System errors: ============= Error: (08/23/2014 05:39:04 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:38:44 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/23/2014 05:36:28 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:31:18 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:26:08 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:26:08 PM) (Source: BROWSER) (EventID: 8009) (User: ) Description: Der Suchdienst konnte sich nicht selbst zur Funktion als Hauptsuchdienst heraufstufen. Der Computer, der zurzeit die Funktion als Hauptsuchdienst erfüllt, ist NILS****. Error: (08/23/2014 05:20:58 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:15:48 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:10:38 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 05:05:28 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-27 10:32:05.772 Description: N/A Date: 2014-07-27 10:32:05.554 Description: N/A ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 35% Total physical RAM: 3958.71 MB Available physical RAM: 2545.93 MB Total Pagefile: 7915.6 MB Available Pagefile: 6202.33 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:185.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
23.08.2014, 20:16 | #4 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] So, habe gerade gesehen, dass man alles auf dem Desktop machen muss... Habe ich wie ihr vermutlich seht nicht bei allen Programmen gemacht. Hier folgt der Logfile auf dem Desktop: defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:07 on 23/08/2014 (Acer Aspire 5742G) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014 Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 23-08-2014 21:09:13 Running from C:\Users\Acer Aspire 5742G\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\Run: [Google Update] => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-05] (Google Inc.) HKU\S-1-5-21-3263861943-4074465539-867821772-1000\...\MountPoints2: {927a4797-2b52-11e2-9cf5-1c75080cd246} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273608118105l04c4z1i5v48522526 SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05] CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05] CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05] CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05] CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23] CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05] CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] () [File not signed] U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit? R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] () [File not signed] S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] () [File not signed] S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed] S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed] S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] () [File not signed] S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] () [File not signed] R2 aksdf; C:\Windows\system32\drivers\aksdf.sys [78208 2011-11-22] () [File not signed] R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [139592 2011-11-22] () [File not signed] S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] () [File not signed] S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] () [File not signed] S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed] R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6856192 2010-05-27] () [File not signed] R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [264192 2010-05-27] () [File not signed] S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed] S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-11] () [File not signed] S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed] R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] () [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] () [File not signed] S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed] S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed] S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed] R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed] R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2229608 2010-05-11] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] () [File not signed] R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] () [File not signed] S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed] S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed] U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed] R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed] R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [File not signed] S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed] S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed] S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed] S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed] S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed] S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed] S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed] S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed] R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] () [File not signed] S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed] R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed] S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed] R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed] R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] () [File not signed] S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] () [File not signed] R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed] R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed] S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] () [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed] S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed] R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [135560 2010-04-13] () [File not signed] S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed] R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed] S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [File not signed] S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed] R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed] S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed] R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [File not signed] R3 HECIx64; C:\Windows\system32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed] S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [File not signed] R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed] R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-04-13] () [File not signed] S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2399848 2010-06-22] () [File not signed] S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [File not signed] R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed] R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-15] () [File not signed] R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed] S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [File not signed] R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed] S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed] S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] () [File not signed] R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed] S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [File not signed] S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed] R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed] S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed] R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed] S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 21:09 - 2014-08-23 21:09 - 00380416 _____ () C:\Users\Acer Aspire 5742G\Downloads\cy8crmy5.exe 2014-08-23 21:08 - 2014-08-23 21:09 - 00036698 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-23 21:07 - 2014-08-23 21:07 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-23 21:07 - 2014-08-23 21:07 - 00050477 _____ () C:\Users\Acer Aspire 5742G\Desktop\Defogger.exe 2014-08-23 21:07 - 2014-08-23 21:07 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat 2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:18 - 2014-08-23 21:09 - 00000000 ____D () C:\FRST 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 15:55 - 2014-08-23 20:58 - 00003248 _____ () C:\Windows\setupact.log 2014-08-01 15:55 - 2014-08-05 16:03 - 00452086 _____ () C:\Windows\PFRO.log 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 15:53 - 2014-08-05 15:05 - 00000000 ____D () C:\AdwCleaner 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:38 - 2014-08-01 15:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 21:09 - 2014-08-23 21:09 - 00380416 _____ () C:\Users\Acer Aspire 5742G\Downloads\cy8crmy5.exe 2014-08-23 21:09 - 2014-08-23 21:08 - 00036698 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-23 21:09 - 2014-08-01 16:18 - 00000000 ____D () C:\FRST 2014-08-23 21:07 - 2014-08-23 21:07 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-23 21:07 - 2014-08-23 21:07 - 00050477 _____ () C:\Users\Acer Aspire 5742G\Desktop\Defogger.exe 2014-08-23 21:07 - 2014-08-23 21:07 - 00000496 _____ () C:\Users\Acer Aspire 5742G\Desktop\defogger_disable.log 2014-08-23 21:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-23 21:06 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-23 20:59 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-08-23 20:58 - 2014-08-01 15:55 - 00003248 _____ () C:\Windows\setupact.log 2014-08-23 20:58 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-23 20:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-23 20:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job 2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job 2014-08-23 19:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-23 19:45 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk 2014-08-23 16:55 - 2012-09-25 20:47 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-05 16:03 - 2014-08-01 15:55 - 00452086 _____ () C:\Windows\PFRO.log 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira 2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++ 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 15:23 - 2014-08-05 15:23 - 00001180 _____ () C:\malware_scan.txt 2014-08-05 15:05 - 2014-08-01 15:53 - 00000000 ____D () C:\AdwCleaner 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump 2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:39 - 2014-08-01 15:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-07-07 14:51 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014 Ran by Acer Aspire 5742G at 2014-08-23 21:09:34 Running from C:\Users\Acer Aspire 5742G\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll 2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: DevoloNetworkService => 2 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: nlsvc => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Virtual Router => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2014 05:59:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000223e0 ID des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\ Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\ Error: (08/12/2014 06:12:06 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (08/05/2014 04:09:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{00f61b2f-c7f3-11e0-ae73-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator System errors: ============= Error: (08/23/2014 08:59:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error: (08/23/2014 08:58:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error: (08/23/2014 08:58:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\pclepci.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/23/2014 08:25:31 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/23/2014 08:20:27 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/23/2014 07:20:27 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/23/2014 07:02:47 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/23/2014 06:49:38 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 06:44:28 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (08/23/2014 06:39:17 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106 registriert werden. Der Computer mit IP-Adresse 192.168.0.10 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-27 10:32:05.772 Description: N/A Date: 2014-07-27 10:32:05.554 Description: N/A ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 35% Total physical RAM: 3958.71 MB Available physical RAM: 2542.44 MB Total Pagefile: 7915.6 MB Available Pagefile: 6223.95 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:184.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-23 16:38:13 Windows 6.1.7601 Service Pack 1 x64 Running: 0m45n9xs.exe ---- Services - GMER 2.1 ---- Service System32\Drivers\508286c0aae35d85.sys (*** hidden *** ) [BOOT] 508286c0aae35d85 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ImagePath \SystemRoot\System32\Drivers\508286c0aae35d85.sys Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\services\508286c0aae35d85 Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 2 Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Sa?, ?Aug ?23 ?14, 02:19:51????????????H?????????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime 0x7F 0x2C 0xFB 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime 0xFC 0x83 0xCA 0x96 ... Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@de-DE 2085 Reg HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Reg HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_C0^4EA9F56D234B0A8BC22D458D6788508F@Timestamp 0xA2 0xDC 0x2B 0x26 ... Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft-ISATAP-Adapter 2?4?5?6? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameResourceId 1801 Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@DefaultNameIndex 13 Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{46D5E7FE-927C-490D-9452-B551BB59E206}\Connection@Name Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206} Reg HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex 30 Reg HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex 30 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId 2115 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 420399421 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyBytes 0x10 0x1A 0xE2 0x5C ... Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberElapsedTime 20227 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberIoTime 8825 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberInitTime 1091 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCopyTime 1116 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesWritten 146610 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberPagesProcessed 345848 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberDumpCount 10033 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberFileRuns 3 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberReadTime 9194 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberResumeAppTime 9913 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Power@HiberCompressTime 10156 Reg HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID f864c9c1-924f-49f6-9832-294636d Reg HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{91d9a5d6-ef5d-4f07-aeee-b9b445d6603a} Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ImagePath \SystemRoot\System32\Drivers\508286c0aae35d85.sys Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@Tag 1 Reg HKLM\SYSTEM\ControlSet002\services\508286c0aae35d85@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@InterfaceName Reusable ISATAP Interface {46D5E7FE-927C-490D-9452-B551BB59E206} Reg HKLM\SYSTEM\ControlSet002\services\iphlpsvc\Parameters\Isatap\{46D5E7FE-927C-490D-9452-B551BB59E206}@ReusableType 1 Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanServer_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanServer_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanServer_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanServer_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanServer_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanServer_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanServer_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanServer_Tcpip_{AD365836-7E Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\T Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Smb" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Smb" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Smb" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Smb" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Smb" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Smb" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Smb" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Smb" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpi Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\LanmanWorkstation_Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\LanmanWorkstation_Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\LanmanWorkstation_Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\LanmanWorkstation_Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\LanmanWorkstation_Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\LanmanWorkstation_Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\LanmanWorkstation_Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\LanmanWorkstation_Tcpip_{4E0F26E Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"NetBT" "Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"NetBT" "Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"NetBT" "Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"NetBT" "Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"NetBT" "Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"NetBT" "Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"NetBT" "Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"NetBT" "Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBIOS_NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBIOS_NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBIOS_NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBIOS_NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBIOS_NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBIOS_NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBIOS_NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBIOS_NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\NetBT_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\NetBT_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\NetBT_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\NetBT_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\NetBT_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\NetBT_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\NetBT_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\NetBT_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime ?Fr?, ?Aug ?22 ?14, 07:29:19????????????N?????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch 16997 Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch 12965 Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind \Device\Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route "Tcpip" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"?"Tcpip6" "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"Tcpip6" "{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"Tcpip6" "{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"Tcpip6" "{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"Tcpip6" "{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"Tcpip6" "{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"Tcpip6" "{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"Tcpip6" "{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export \Device\Smb_Tcpip_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}?\Device\Smb_Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Smb_Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Smb_Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Smb_Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Smb_Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Smb_Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Smb_Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Smb_Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters@DhcpNameServer 192.168.0.1 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseObtainedTime 1408796235 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T1 1408799835 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@T2 1408802535 Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}@LeaseTerminatesTime 1408803435 Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind \Device\{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route "{46D5E7FE-927C-490D-9452-B551BB59E206}"?"{4E0F26ED-B7CF-405A-9024-B01540A8222A}"?"{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}"?"{0572AB37-4B2E-4455-AFBA-95E8207780FF}"?"{C5979C8C-502F-4E66-B203-9A4A9799B39F}"?"{D4E62059-177F-4292-8D79-BC880D3DFDBE}"?"{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}"?"{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}"? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export \Device\Tcpip6_{46D5E7FE-927C-490D-9452-B551BB59E206}?\Device\Tcpip6_{4E0F26ED-B7CF-405A-9024-B01540A8222A}?\Device\Tcpip6_{AD365836-7EEF-4FD4-BB69-056CB5E8D5DC}?\Device\Tcpip6_{0572AB37-4B2E-4455-AFBA-95E8207780FF}?\Device\Tcpip6_{C5979C8C-502F-4E66-B203-9A4A9799B39F}?\Device\Tcpip6_{D4E62059-177F-4292-8D79-BC880D3DFDBE}?\Device\Tcpip6_{B01B4CA6-D971-45EA-84FA-6DCB6E15FC93}?\Device\Tcpip6_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6Iaid 587202560 Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Parameters\Interfaces\{46d5e7fe-927c-490d-9452-b551bb59e206}@Dhcpv6State 0 ---- EOF - GMER 2.1 ---- |
24.08.2014, 06:53 | #5 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2014, 08:19 | #6 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Hat alles ohne Probleme so wie in der Anleitung beschrieben geklappt... Combofix.txt Code:
ATTFilter ComboFix 14-08-24.01 - Acer Aspire 5742G 24.08.2014 9:03.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2543 [GMT 2:00] ausgeführt von:: c:\users\Acer Aspire 5742G\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-07-24 bis 2014-08-24 )))))))))))))))))))))))))))))) . . 2014-08-24 07:11 . 2014-08-24 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-05 14:02 . 2014-08-05 14:02 -------- d-----w- c:\users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 14:01 . 2014-07-23 11:29 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-08-05 14:01 . 2014-08-05 14:01 -------- d-----w- c:\program files (x86)\Avira 2014-08-05 12:57 . 2014-08-05 12:57 -------- d-----w- c:\program files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 12:55 . 2011-08-05 14:33 2768384 ----a-w- c:\windows\system32\athrx.sys 2014-08-05 12:54 . 2014-08-05 12:54 -------- d-----w- c:\programdata\Qualcomm Atheros 2014-08-01 14:18 . 2014-08-23 19:09 -------- d-----w- C:\FRST 2014-08-01 13:54 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-01 13:53 . 2014-08-05 13:05 -------- d-----w- C:\AdwCleaner 2014-08-01 13:41 . 2014-08-01 13:41 -------- d-----w- c:\programdata\Malwarebytes 2014-08-01 13:41 . 2014-08-01 13:41 -------- d-----w- c:\users\Acer Aspire 5742G\AppData\Local\Programs 2014-08-01 13:40 . 2014-08-01 13:40 -------- d-----w- c:\program files\CCleaner 2014-08-01 13:29 . 2014-07-11 01:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-25 13:13 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3981642D-2CB1-4A1D-A428-D970C6E052A7}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-01 13:33 . 2012-05-19 19:40 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-01 13:33 . 2011-09-07 13:25 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-10 13:52 . 2011-08-22 14:44 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-06-20 20:14 . 2014-07-09 11:19 266424 ----a-w- c:\windows\system32\iedkcs32.dll 2014-06-19 01:39 . 2014-07-09 11:19 23464448 ----a-w- c:\windows\system32\mshtml.dll 2014-06-19 01:06 . 2014-07-09 11:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-06-19 01:06 . 2014-07-09 11:19 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-06-19 00:48 . 2014-07-09 11:19 2768384 ----a-w- c:\windows\system32\iertutil.dll 2014-06-19 00:42 . 2014-07-09 11:19 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-06-19 00:42 . 2014-07-09 11:19 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-06-19 00:41 . 2014-07-09 11:19 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-06-19 00:41 . 2014-07-09 11:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-06-19 00:32 . 2014-07-09 11:19 51200 ----a-w- c:\windows\system32\jsproxy.dll 2014-06-19 00:31 . 2014-07-09 11:19 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-06-19 00:26 . 2014-07-09 11:19 598016 ----a-w- c:\windows\system32\ieui.dll 2014-06-19 00:24 . 2014-07-09 11:19 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-06-19 00:24 . 2014-07-09 11:19 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-06-19 00:23 . 2014-07-09 11:19 752640 ----a-w- c:\windows\system32\jscript9diag.dll 2014-06-19 00:14 . 2014-07-09 11:19 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-06-19 00:09 . 2014-07-09 11:19 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2014-06-18 23:59 . 2014-07-09 11:19 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 23:56 . 2014-07-09 11:19 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-06-18 23:53 . 2014-07-09 11:19 195584 ----a-w- c:\windows\system32\msrating.dll 2014-06-18 23:51 . 2014-07-09 11:19 5721088 ----a-w- c:\windows\system32\jscript9.dll 2014-06-18 23:50 . 2014-07-09 11:19 85504 ----a-w- c:\windows\system32\mshtmled.dll 2014-06-18 23:48 . 2014-07-09 11:19 292864 ----a-w- c:\windows\system32\dxtrans.dll 2014-06-18 23:39 . 2014-07-09 11:19 608768 ----a-w- c:\windows\system32\ie4uinit.exe 2014-06-18 23:38 . 2014-07-09 11:19 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-06-18 23:37 . 2014-07-09 11:19 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-06-18 23:36 . 2014-07-09 11:19 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35 . 2014-07-09 11:19 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-06-18 23:33 . 2014-07-09 11:19 631808 ----a-w- c:\windows\system32\msfeeds.dll 2014-06-18 23:27 . 2014-07-09 11:19 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-06-18 23:27 . 2014-07-09 11:19 2040832 ----a-w- c:\windows\system32\inetcpl.cpl 2014-06-18 23:23 . 2014-07-09 11:19 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-06-18 23:22 . 2014-07-09 11:19 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-06-18 23:06 . 2014-07-09 11:19 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58 . 2014-07-09 11:19 2266112 ----a-w- c:\windows\system32\wininet.dll 2014-06-18 22:52 . 2014-07-09 11:19 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-06-18 22:51 . 2014-07-09 11:19 13527040 ----a-w- c:\windows\system32\ieframe.dll 2014-06-18 22:46 . 2014-07-09 11:19 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45 . 2014-07-09 11:19 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-06-18 22:34 . 2014-07-09 11:19 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-06-18 22:15 . 2014-07-09 11:19 846336 ----a-w- c:\windows\system32\ieapfltr.dll 2014-06-18 22:13 . 2014-07-09 11:19 1791488 ----a-w- c:\windows\SysWow64\wininet.dll 2014-06-18 02:18 . 2014-07-09 11:21 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 11:21 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-06 10:10 . 2014-07-09 11:20 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 11:20 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 11:17 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 11:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 11:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-09 11:20 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 11:19 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 11:20 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 11:20 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 11:20 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 11:20 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 11:19 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 11:19 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 11:19 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 11:20 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 11:19 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 11:20 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 11:20 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 11:19 17408 ----a-w- c:\windows\SysWow64\credssp.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys . [7] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe [7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe [7] 2013-08-29 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe [7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe [7] 2013-08-02 . 5DA80B9D5EB7197AA99006C2DDD14E08 . 5554624 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe [7] 2013-08-02 . 63B563F1FC047AB3E21530DBBE773260 . 5550528 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe [7] 2013-07-09 . C19DCA1024135D5485E25AB1047F77BC . 5550528 . . [6.1.7601.18205] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_ca621acbcab9bc3b\ntoskrnl.exe [7] 2013-07-08 . 3431F8C9C9B18EE536453FC55B87DA3E . 5554624 . . [6.1.7601.22379] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_caa4094ae40c84f8\ntoskrnl.exe [7] 2013-03-19 . EF1D47835019186DB5E34C52571A6539 . 5497688 . . [6.1.7600.17273] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_c82e09f1cdcde6ea\ntoskrnl.exe [7] 2013-03-19 . A38A87E18A3417FEB138A5E2709D66BA . 5466472 . . [6.1.7600.21490] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_c89f07ece6fe6fb8\ntoskrnl.exe [7] 2013-03-19 . AC3232ED772403D38D64C18CD5A66FBD . 5550424 . . [6.1.7601.18113] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe [7] 2013-03-19 . 25F87CF0EAF38AD1D412E804AE00CE3B . 5553496 . . [6.1.7601.22280] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe [7] 2013-01-05 . 5DEF532B4661D612CD4E894CD3688E4C . 5500776 . . [6.1.7600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_c87dba8dcd9188af\ntoskrnl.exe [7] 2013-01-05 . 24607D189375475224138CE863A1A9D5 . 5467992 . . [6.1.7600.21417] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_c8fc8952e6b74191\ntoskrnl.exe [7] 2013-01-05 . 6B0D9CF92C08D42533C12FC1A0B5403F . 5553512 . . [6.1.7601.18044] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe [7] 2013-01-05 . A0F9F36C3F670053F9A2E9B9577CD1AB . 5554536 . . [6.1.7601.22210] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe [7] 2012-08-30 . CD632F72C798CA012FE429F66E1F1CAD . 5505904 . . [6.1.7600.17118] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_c873e905cd98c0d0\ntoskrnl.exe [7] 2012-08-30 . 502070A5B89F1E6DEC54817DEBF46425 . 5473136 . . [6.1.7600.21315] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_c8fa86d8e6b911bc\ntoskrnl.exe [7] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe [7] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe [7] 2012-05-04 . C4C870BD7F081C7AAC4DA553CD17E0F1 . 5473136 . . [6.1.7600.21207] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21207_none_c9075572e6af2b52\ntoskrnl.exe [7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe [7] 2012-05-04 . BD31B81BFA2E89680315AB15D0D58671 . 5505392 . . [6.1.7600.17017] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17017_none_c872e6d5cd99aa52\ntoskrnl.exe [7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe [7] 2012-04-02 . 9579F84C40B3BE205C9FD4CCDD99B6B7 . 5504880 . . [6.1.7600.16988] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_c8285f89cdd153fe\ntoskrnl.exe [7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe [7] 2012-03-31 . 5E6017E5814B3BC366A5A7A88538D0FC . 5473136 . . [6.1.7600.21179] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_c8bda4ace6e62470\ntoskrnl.exe [7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe [7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe [7] 2012-03-06 . F96AA8BE1890C99883A6C233F9FB59A7 . 5473136 . . [6.1.7600.21163] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_c8c272dce6e37075\ntoskrnl.exe [7] 2012-03-06 . 51F2FD7B6C7966AFE271611D786D35A3 . 5504880 . . [6.1.7600.16973] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_c82e2e03cdcdb95a\ntoskrnl.exe [7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe [7] 2011-11-19 . 999865426F641D575072064575E9CC37 . 5504880 . . [6.1.7600.16917] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_c8730eb3cd997710\ntoskrnl.exe [7] 2011-11-19 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe [7] 2011-11-19 . B183970D6E87A359E3EB7A72D489DEBF . 5473136 . . [6.1.7600.21094] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_c8a3017ce6fae078\ntoskrnl.exe [7] 2011-11-19 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe [7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe [7] 2011-06-23 . 12EC6D619756240886680523392EEF9C . 5474688 . . [6.1.7600.20994] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_c8a3295ae6faad36\ntoskrnl.exe [7] 2011-06-23 . EBECACD545E280FE7A0A2CBFC0AC29BD . 5507968 . . [6.1.7600.16841] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe [7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe [7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe [7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe [7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe [7] 2010-02-27 . 7B7253D90EF53BAFCDC96C888B1DB4F3 . 5485448 . . [6.1.7600.20655] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe [7] 2010-02-27 . FD787551F58F9686CEC6353F693EF571 . 5509008 . . [6.1.7600.16539] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe [7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe [7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\system32\ntoskrnl.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-23 751184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - 508286c0aae35d85 . Inhalt des "geplante Tasks" Ordners . 2014-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 13:33] . 2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 13:59] . 2014-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 13:59] . 2014-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job - c:\users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 12:14] . 2014-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job - c:\users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 12:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.de/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: t-online.de\email TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\508286c0aae35d85] "ImagePath"="\SystemRoot\System32\Drivers\508286c0aae35d85.sys" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-08-24 09:17:00 ComboFix-quarantined-files.txt 2014-08-24 07:17 . Vor Suchlauf: 11 Verzeichnis(se), 199.144.173.568 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 199.947.653.120 Bytes frei . - - End Of File - - 7FFF8D77C740FC596A04E7341F7CEFFE |
24.08.2014, 10:17 | #7 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2014, 12:41 | #8 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.08.2014 Suchlauf-Zeit: 13:09:09 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.24.02 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Acer Aspire 5742G Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313370 Verstrichene Zeit: 8 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 13:20:58 # Aktualisiert 20/08/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Acer Aspire 5742G - ACERASPIRE5742G # Gestartet von : C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v12.0 (de) [ Datei : C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R3].txt - [1280 octets] - [24/08/2014 13:20:11] AdwCleaner[S2].txt - [1197 octets] - [24/08/2014 13:20:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1257 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Acer Aspire 5742G on 24.08.2014 at 13:24:55,14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3263861943-4074465539-867821772-1000\Software\sweetim ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" ~~~ FireFox Emptied folder: C:\Users\Acer Aspire 5742G\AppData\Roaming\mozilla\firefox\profiles\702wv88f.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.08.2014 at 13:32:11,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01 Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 24-08-2014 13:34:22 Running from C:\Users\Acer Aspire 5742G\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05] CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05] CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05] CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05] CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23] CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05] CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit? U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [File not signed] S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed] R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed] S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [File not signed] R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [File not signed] R3 HECIx64; C:\Windows\system32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [File not signed] S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [File not signed] R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed] R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-04-13] () [File not signed] S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2399848 2010-06-22] () [File not signed] S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [File not signed] R3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed] R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-15] () [File not signed] R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed] S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [File not signed] R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed] S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed] S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] () [File not signed] R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed] S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [File not signed] S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed] R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed] S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed] R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed] S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed] R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 13:34 - 2014-08-24 13:34 - 00030793 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-24 13:34 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST 2014-08-24 13:33 - 2014-08-24 13:34 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-24 13:32 - 2014-08-24 13:32 - 00001039 _____ () C:\Users\Acer Aspire 5742G\Desktop\JRT.txt 2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe 2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-24 13:22 - 2014-08-24 13:22 - 00001341 _____ () C:\Users\Acer Aspire 5742G\Desktop\AdwCleaner[S2].txt 2014-08-24 13:19 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner 2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe 2014-08-24 13:18 - 2014-08-24 13:18 - 00001177 _____ () C:\Users\Acer Aspire 5742G\Desktop\MBAM_240814.txt 2014-08-24 13:05 - 2014-08-24 13:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-24 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-24 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt 2014-08-24 09:00 - 2014-08-24 09:17 - 00000000 ____D () C:\Qoobox 2014-08-24 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-24 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-24 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-24 08:59 - 2014-08-24 09:12 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat 2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 15:55 - 2014-08-24 13:21 - 00453258 _____ () C:\Windows\PFRO.log 2014-08-01 15:55 - 2014-08-24 13:21 - 00003640 _____ () C:\Windows\setupact.log 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 13:34 - 2014-08-24 13:34 - 00030793 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-24 13:34 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST 2014-08-24 13:34 - 2014-08-24 13:33 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-24 13:32 - 2014-08-24 13:32 - 00001039 _____ () C:\Users\Acer Aspire 5742G\Desktop\JRT.txt 2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe 2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-24 13:22 - 2014-08-24 13:22 - 00001341 _____ () C:\Users\Acer Aspire 5742G\Desktop\AdwCleaner[S2].txt 2014-08-24 13:22 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-08-24 13:22 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-24 13:21 - 2014-08-24 13:19 - 00000000 ____D () C:\AdwCleaner 2014-08-24 13:21 - 2014-08-01 15:55 - 00453258 _____ () C:\Windows\PFRO.log 2014-08-24 13:21 - 2014-08-01 15:55 - 00003640 _____ () C:\Windows\setupact.log 2014-08-24 13:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job 2014-08-24 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe 2014-08-24 13:18 - 2014-08-24 13:18 - 00001177 _____ () C:\Users\Acer Aspire 5742G\Desktop\MBAM_240814.txt 2014-08-24 13:06 - 2014-08-24 13:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-24 12:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-24 12:46 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt 2014-08-24 09:17 - 2014-08-24 09:00 - 00000000 ____D () C:\Qoobox 2014-08-24 09:12 - 2014-08-24 08:59 - 00000000 ____D () C:\Windows\erdnt 2014-08-24 09:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job 2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk 2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira 2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++ 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump 2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-07-07 14:51 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01 Ran by Acer Aspire 5742G at 2014-08-24 13:35:28 Running from C:\Users\Acer Aspire 5742G\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-08-24 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll 2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: DevoloNetworkService => 2 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: nlsvc => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Virtual Router => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-24 09:10:58.556 Description: N/A Date: 2014-08-24 09:10:58.369 Description: N/A Date: 2014-07-27 10:32:05.772 Description: N/A Date: 2014-07-27 10:32:05.554 Description: N/A ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 30% Total physical RAM: 3958.71 MB Available physical RAM: 2752.78 MB Total Pagefile: 7915.6 MB Available Pagefile: 6489.41 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:186.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
24.08.2014, 12:44 | #9 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender]ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2014, 14:37 | #10 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] ESET Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=94a72e024bbd6747a16741ef7970e57c # engine=19814 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-24 01:21:38 # local_time=2014-08-24 03:21:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 66209 2771552 0 0 # scanned=189695 # found=13 # cleaned=0 # scan_time=5318 sh=A58FE6880A76C1364B17A235951ABE9C95FC7299 ft=1 fh=1ab78df13745b7f5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir" sh=D987048C3FF42F81F39E3B15E57F32AF7AA0BD00 ft=1 fh=47df87911e710cf9 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir" sh=781F353EA130DCB9C496D35204CB5AB96C4DCCBF ft=1 fh=7e2601b6c3711131 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir" sh=02515F710B884FF8B426B43DF8C9B05E943B6AED ft=1 fh=d9df6fa40224409d vn="Win32/Toolbar.Babylon.G evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir" sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe.vir" sh=DFB461F520B77E9CF268FDFBFFBBB624C7EA5064 ft=1 fh=0fb3be40d7aae6ee vn="Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll.vir" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3263861943-4074465539-867821772-1000\$RD1MW3U\Quarantine\C\Users\Acer Aspire 5742G\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0" sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0" checkup.txt Es kam folgende Fehlermeldung (?) Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01 Ran by Acer Aspire 5742G (administrator) on ACERASPIRE5742G on 24-08-2014 15:28:38 Running from C:\Users\Acer Aspire 5742G\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 SearchScopes: HKCU - {92E8507F-DBAA-4B35-A21E-415780EF012E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE446DE446 BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Acer Aspire 5742G\AppData\Roaming\Mozilla\Firefox\Profiles\702wv88f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05] CHR Extension: (Google Drive) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05] CHR Extension: (YouTube) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05] CHR Extension: (Google-Suche) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05] CHR Extension: (Avira Browser Safety) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-23] CHR Extension: (Google Wallet) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05] CHR Extension: (Google Mail) - C:\Users\Acer Aspire 5742G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "508286c0aae35d85" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 508286c0aae35d85; C:\Windows\System32\Drivers\508286c0aae35d85.sys [41928 2014-07-27] () <===== ATTENTION Necurs Rootkit? U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.) R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed] R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed] S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH) [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed] R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [231328 2010-01-27] () [File not signed] S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [694888 2010-11-25] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed] R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [74960 2011-12-07] () [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 15:28 - 2014-08-24 15:29 - 00025304 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-24 15:27 - 2014-08-24 15:27 - 00000041 _____ () C:\Users\Acer Aspire 5742G\Desktop\checkup.txt 2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe 2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe 2014-08-24 13:34 - 2014-08-24 15:28 - 00000000 ____D () C:\FRST 2014-08-24 13:33 - 2014-08-24 13:34 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe 2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-24 13:19 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner 2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe 2014-08-24 13:05 - 2014-08-24 13:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-24 13:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-24 13:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt 2014-08-24 09:00 - 2014-08-24 09:17 - 00000000 ____D () C:\Qoobox 2014-08-24 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-24 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-24 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-24 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-24 08:59 - 2014-08-24 09:12 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2014-07-23 13:29 - 00130584 _____ () C:\Windows\system32\Drivers\avipbb.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-05 16:01 - 2014-07-23 13:29 - 00028600 _____ () C:\Windows\system32\Drivers\avkmgr.sys 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2011-08-10 07:51 - 00067685 _____ () C:\Windows\system32\athrextx.cat 2014-08-05 14:55 - 2011-08-05 16:33 - 02768384 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:02 - 2014-08-05 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 15:55 - 2014-08-24 13:21 - 00453258 _____ () C:\Windows\PFRO.log 2014-08-01 15:55 - 2014-08-24 13:21 - 00003640 _____ () C:\Windows\setupact.log 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:47 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:29 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-01 15:29 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-01 15:29 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-01 15:29 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-01 15:28 - 2014-08-01 15:29 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 15:29 - 2014-08-24 15:28 - 00025304 _____ () C:\Users\Acer Aspire 5742G\Desktop\FRST.txt 2014-08-24 15:28 - 2014-08-24 13:34 - 00000000 ____D () C:\FRST 2014-08-24 15:27 - 2014-08-24 15:27 - 00000041 _____ () C:\Users\Acer Aspire 5742G\Desktop\checkup.txt 2014-08-24 15:26 - 2014-08-24 15:26 - 00854417 _____ () C:\Users\Acer Aspire 5742G\Desktop\SecurityCheck.exe 2014-08-24 15:21 - 2013-10-05 14:14 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job 2014-08-24 14:47 - 2012-10-05 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-24 14:45 - 2011-08-22 15:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-24 13:50 - 2014-08-24 13:50 - 02347384 _____ (ESET) C:\Users\Acer Aspire 5742G\Desktop\esetsmartinstaller_deu.exe 2014-08-24 13:38 - 2014-08-24 13:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 13:34 - 2014-08-24 13:33 - 02103296 _____ (Farbar) C:\Users\Acer Aspire 5742G\Desktop\FRST64.exe 2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-24 13:30 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-24 13:24 - 2014-08-24 13:24 - 01016261 _____ (Thisisu) C:\Users\Acer Aspire 5742G\Desktop\JRT.exe 2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-24 13:22 - 2012-11-13 22:21 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-08-24 13:22 - 2011-08-22 15:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-24 13:21 - 2014-08-24 13:19 - 00000000 ____D () C:\AdwCleaner 2014-08-24 13:21 - 2014-08-01 15:55 - 00453258 _____ () C:\Windows\PFRO.log 2014-08-24 13:21 - 2014-08-01 15:55 - 00003640 _____ () C:\Windows\setupact.log 2014-08-24 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-24 13:19 - 2014-08-24 13:19 - 01364531 _____ () C:\Users\Acer Aspire 5742G\Desktop\adwcleaner_3.308.exe 2014-08-24 13:05 - 2014-08-24 13:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Acer Aspire 5742G\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-08-24 13:05 - 2014-08-24 13:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-24 09:17 - 2014-08-24 09:17 - 00031418 _____ () C:\ComboFix.txt 2014-08-24 09:17 - 2014-08-24 09:00 - 00000000 ____D () C:\Qoobox 2014-08-24 09:12 - 2014-08-24 08:59 - 00000000 ____D () C:\Windows\erdnt 2014-08-24 09:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-23 20:21 - 2013-10-05 14:14 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job 2014-08-23 18:07 - 2013-10-05 14:15 - 00002427 _____ () C:\Users\Acer Aspire 5742G\Desktop\Google Chrome.lnk 2014-08-23 16:47 - 2013-05-01 15:29 - 00000971 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-08-23 14:39 - 2011-08-16 22:27 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-08-23 14:39 - 2011-08-16 22:27 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-08-23 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 22:53 - 2014-08-11 22:53 - 00001721 _____ () C:\Users\Acer Aspire 5742G\Desktop\SPORT1 Fußball Bundesliga 2. Bundesliga Formel 1 US-Sport Handball Basketball MotoGP.url 2014-08-10 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-05 16:02 - 2014-08-05 16:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Avira 2014-08-05 16:02 - 2014-08-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-05 16:02 - 2014-08-01 16:02 - 00002269 _____ () C:\Windows\WindowsUpdate.log 2014-08-05 16:01 - 2014-08-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-05 16:01 - 2013-09-28 15:25 - 00000000 ____D () C:\ProgramData\Avira 2014-08-05 15:47 - 2010-07-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-05 15:46 - 2011-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Users\Acer Aspire 5742G\AppData\Roaming\Notepad++ 2014-08-05 15:39 - 2012-11-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-08-05 15:37 - 2014-08-05 15:37 - 00003166 _____ () C:\Windows\System32\Tasks\{98BDD118-E5AB-41E6-BD2A-EEA3B7BAD9B4} 2014-08-05 15:37 - 2014-06-12 16:12 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 14:57 - 2014-08-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect 2014-08-05 14:55 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-05 14:54 - 2014-08-05 14:54 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2014-08-01 16:17 - 2014-08-01 16:17 - 00000000 _____ () C:\Users\Acer Aspire 5742G\defogger_reenable 2014-08-01 16:17 - 2011-08-18 12:41 - 00000000 ____D () C:\Users\Acer Aspire 5742G 2014-08-01 15:55 - 2014-08-01 15:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-01 15:53 - 2012-09-29 20:16 - 00000000 ____D () C:\Windows\Minidump 2014-08-01 15:53 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-08-01 15:47 - 2014-08-01 15:40 - 151513264 _____ () C:\Users\Acer Aspire 5742G\Downloads\avira_free_antivirus06_de.exe 2014-08-01 15:41 - 2014-08-01 15:41 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-08-01 15:41 - 2014-08-01 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-01 15:33 - 2012-10-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-01 15:33 - 2012-05-19 21:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-01 15:33 - 2011-09-07 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-01 15:31 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 15:29 - 2014-08-01 15:28 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-01 15:29 - 2014-06-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-27 10:32 - 2014-07-27 10:32 - 00041928 _____ () C:\Windows\system32\Drivers\508286c0aae35d85.sys 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 20:46 - 2013-09-14 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-25 14:52 - 2013-09-14 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Acer Aspire 5742G\AppData\Local\Temp\avgnt.exe C:\Users\Acer Aspire 5742G\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2011-08-23 11:49] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2014-07-07 14:51 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01 Ran by Acer Aspire 5742G at 2014-08-24 15:29:27 Running from C:\Users\Acer Aspire 5742G\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden Druckerdeinstallation für EPSON WP-4015 Series (HKLM\...\EPSON WP-4015 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer Aspire 5742G\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3263861943-4074465539-867821772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-08-24 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B6DCCC5-771D-4649-936B-8F4ACF736159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {117417D2-DC0A-46AA-B911-0CB8B3A78849} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4DF04356-EBCD-4B13-80C4-008B80B8E59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {69852996-6750-4990-96BD-3D2B48E455E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22] (Google Inc.) Task: {990E37C7-27E6-438C-AA70-FBB7D744D3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.) Task: {E3EBA028-AF1B-4AC3-BBBA-41DAE93AAAAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000Core.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263861943-4074465539-867821772-1000UA.job => C:\Users\Acer Aspire 5742G\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-14 18:19 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll 2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2014-02-15 12:06 - 2014-02-15 12:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: DevoloNetworkService => 2 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: nlsvc => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: Virtual Router => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PinnacleDriverCheck => C:\Windows\system32\PSDrvCheck.exe -CheckReg MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: PnP-Monitor (Standard) Description: PnP-Monitor (Standard) Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardmonitortypen) Service: monitor Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2014 03:23:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/24/2014 01:51:03 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/24/2014 01:50:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/24/2014 01:50:29 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (08/24/2014 02:49:33 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (08/24/2014 01:38:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-24 09:10:58.556 Description: N/A Date: 2014-08-24 09:10:58.369 Description: N/A Date: 2014-07-27 10:32:05.772 Description: N/A Date: 2014-07-27 10:32:05.554 Description: N/A ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 41% Total physical RAM: 3958.71 MB Available physical RAM: 2332.44 MB Total Pagefile: 7915.6 MB Available Pagefile: 6259.29 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:185.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3329EE64) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
24.08.2014, 15:25 | #11 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2014, 16:57 | #12 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Es stand dort, dass ich es als Anhang hochladen müsse. Habe ich auch getan... Passt das so? |
25.08.2014, 12:10 | #13 |
/// the machine /// TB-Ausbilder | [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.08.2014, 12:22 | #14 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] TSSKiller Logfile Teil 1 Code:
ATTFilter 17:38:32.0846 0x0a44 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58 17:38:33.0377 0x0a44 ============================================================ 17:38:33.0377 0x0a44 Current date / time: 2014/08/24 17:38:33.0377 17:38:33.0377 0x0a44 SystemInfo: 17:38:33.0377 0x0a44 17:38:33.0377 0x0a44 OS Version: 6.1.7601 ServicePack: 1.0 17:38:33.0377 0x0a44 Product type: Workstation 17:38:33.0377 0x0a44 ComputerName: ACERASPIRE5742G 17:38:33.0377 0x0a44 UserName: Acer Aspire 5742G 17:38:33.0377 0x0a44 Windows directory: C:\Windows 17:38:33.0377 0x0a44 System windows directory: C:\Windows 17:38:33.0377 0x0a44 Running under WOW64 17:38:33.0377 0x0a44 Processor architecture: Intel x64 17:38:33.0377 0x0a44 Number of processors: 4 17:38:33.0377 0x0a44 Page size: 0x1000 17:38:33.0377 0x0a44 Boot type: Normal boot 17:38:33.0377 0x0a44 ============================================================ 17:38:33.0392 0x0a44 BG loaded 17:38:34.0188 0x0a44 System UUID: {BFAF0882-7AD8-0E87-6045-A8C288D53868} 17:38:35.0608 0x0a44 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:38:35.0623 0x0a44 ============================================================ 17:38:35.0623 0x0a44 \Device\Harddisk0\DR0: 17:38:35.0623 0x0a44 MBR partitions: 17:38:35.0623 0x0a44 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 17:38:35.0623 0x0a44 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800 17:38:35.0623 0x0a44 ============================================================ 17:38:35.0748 0x0a44 C: <-> \Device\Harddisk0\DR0\Partition2 17:38:35.0748 0x0a44 ============================================================ 17:38:35.0748 0x0a44 Initialize success 17:38:35.0748 0x0a44 ============================================================ 17:40:15.0468 0x12f8 ============================================================ 17:40:15.0468 0x12f8 Scan started 17:40:15.0468 0x12f8 Mode: Manual; SigCheck; TDLFS; 17:40:15.0468 0x12f8 ============================================================ 17:40:15.0468 0x12f8 KSN ping started 17:40:18.0369 0x12f8 KSN ping finished: true 17:40:20.0772 0x12f8 ================ Scan system memory ======================== 17:40:20.0772 0x12f8 System memory - ok 17:40:20.0772 0x12f8 ================ Scan services ============================= 17:40:21.0162 0x12f8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:40:21.0349 0x12f8 1394ohci - ok 17:40:21.0396 0x12f8 Suspicious service (NoAccess): 508286c0aae35d85 17:40:21.0458 0x12f8 [ C165DD5F33FDF8AAD5E970E69394230F, C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD ] 508286c0aae35d85 C:\Windows\System32\Drivers\508286c0aae35d85.sys 17:40:21.0458 0x12f8 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\508286c0aae35d85.sys. md5: C165DD5F33FDF8AAD5E970E69394230F, sha256: C36D47BE0062AF1739DC2766383293707B1F9C710FB77B4235E4C586A7F3B2BD 17:40:21.0489 0x12f8 508286c0aae35d85 - detected Rootkit.Win32.Necurs.gen ( 0 ) 17:40:24.0453 0x12f8 508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - infected 17:40:24.0453 0x12f8 Force sending object to P2P due to detect: 508286c0aae35d85 17:40:27.0355 0x12f8 Object send P2P result: true 17:40:30.0179 0x12f8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:40:30.0225 0x12f8 ACPI - ok 17:40:30.0272 0x12f8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:40:30.0366 0x12f8 AcpiPmi - ok 17:40:30.0537 0x12f8 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:40:30.0569 0x12f8 AdobeFlashPlayerUpdateSvc - ok 17:40:30.0662 0x12f8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:40:30.0709 0x12f8 adp94xx - ok 17:40:30.0740 0x12f8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:40:30.0771 0x12f8 adpahci - ok 17:40:30.0787 0x12f8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:40:30.0803 0x12f8 adpu320 - ok 17:40:30.0849 0x12f8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:40:31.0068 0x12f8 AeLookupSvc - ok 17:40:31.0130 0x12f8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 17:40:31.0239 0x12f8 AFD - ok 17:40:31.0302 0x12f8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 17:40:31.0333 0x12f8 agp440 - ok 17:40:31.0395 0x12f8 [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf C:\Windows\system32\drivers\aksdf.sys 17:40:31.0458 0x12f8 aksdf - ok 17:40:31.0536 0x12f8 [ 43415AF4F20E9867974623840A22FE98, 6AA2B5C000D984D21AC75A0BE48D359C24EDEB6343A9B507C299ECDA5DEAD367 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys 17:40:31.0567 0x12f8 aksfridge - ok 17:40:31.0629 0x12f8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 17:40:31.0676 0x12f8 ALG - ok 17:40:31.0754 0x12f8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 17:40:31.0785 0x12f8 aliide - ok 17:40:31.0848 0x12f8 [ F687D4976EFF550FB0BE45A5CB19F18F, 96AEFAB5B1960DFBFB9F1C74A1C2A03E765B7807985A75D6689E00EE6C23BE34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:40:31.0926 0x12f8 AMD External Events Utility - ok 17:40:31.0957 0x12f8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 17:40:31.0988 0x12f8 amdide - ok 17:40:32.0035 0x12f8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:40:32.0097 0x12f8 AmdK8 - ok 17:40:32.0363 0x12f8 [ 74687C33C4AD25A975BBB1EA1E8B3884, 30A53DF35C013DFE28C6FC200E93ABCA47BDE9104215ABC9E14E435B9FDBE4E1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:40:32.0597 0x12f8 amdkmdag - ok 17:40:32.0643 0x12f8 [ C7F56ED86327A78E7F8A5CC503A98BD6, 4DA79D45CCDC47380C67889F842454D18C5B140A71A7AF11A63206FF74C2E2B3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 17:40:32.0721 0x12f8 amdkmdap - ok 17:40:32.0784 0x12f8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:40:32.0831 0x12f8 AmdPPM - ok 17:40:32.0877 0x12f8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:40:32.0893 0x12f8 amdsata - ok 17:40:32.0940 0x12f8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:40:32.0971 0x12f8 amdsbs - ok 17:40:32.0987 0x12f8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:40:33.0002 0x12f8 amdxata - ok 17:40:33.0267 0x12f8 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:40:33.0299 0x12f8 AntiVirSchedulerService - ok 17:40:33.0361 0x12f8 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:40:33.0392 0x12f8 AntiVirService - ok 17:40:33.0533 0x12f8 [ 8275A6F8857CB98F72CBAF75770E9E10, B945A8937E95269A84C4B0EA0E202EE564B457E32DE239DCCDF9F14D9CC204C7 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 17:40:33.0611 0x12f8 AntiVirWebService - ok 17:40:33.0657 0x12f8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 17:40:33.0860 0x12f8 AppID - ok 17:40:33.0891 0x12f8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:40:33.0969 0x12f8 AppIDSvc - ok 17:40:34.0016 0x12f8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 17:40:34.0079 0x12f8 Appinfo - ok 17:40:34.0125 0x12f8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 17:40:34.0157 0x12f8 arc - ok 17:40:34.0172 0x12f8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:40:34.0188 0x12f8 arcsas - ok 17:40:34.0344 0x12f8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:40:34.0437 0x12f8 aspnet_state - ok 17:40:34.0469 0x12f8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:40:34.0547 0x12f8 AsyncMac - ok 17:40:34.0593 0x12f8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 17:40:34.0609 0x12f8 atapi - ok 17:40:34.0781 0x12f8 [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys 17:40:34.0843 0x12f8 athr - ok 17:40:34.0968 0x12f8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:40:35.0061 0x12f8 AudioEndpointBuilder - ok 17:40:35.0108 0x12f8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:40:35.0171 0x12f8 AudioSrv - ok 17:40:35.0233 0x12f8 [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:40:35.0264 0x12f8 avgntflt - ok 17:40:35.0295 0x12f8 [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:40:35.0327 0x12f8 avipbb - ok 17:40:35.0342 0x12f8 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:40:35.0358 0x12f8 avkmgr - ok 17:40:35.0420 0x12f8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:40:35.0529 0x12f8 AxInstSV - ok 17:40:35.0607 0x12f8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:40:35.0701 0x12f8 b06bdrv - ok 17:40:35.0748 0x12f8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:40:35.0810 0x12f8 b57nd60a - ok 17:40:35.0857 0x12f8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 17:40:35.0904 0x12f8 BDESVC - ok 17:40:35.0935 0x12f8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 17:40:36.0044 0x12f8 Beep - ok 17:40:36.0153 0x12f8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 17:40:36.0216 0x12f8 BFE - ok 17:40:36.0309 0x12f8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll 17:40:36.0434 0x12f8 BITS - ok 17:40:36.0450 0x12f8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:40:36.0481 0x12f8 blbdrive - ok 17:40:36.0528 0x12f8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:40:36.0575 0x12f8 bowser - ok 17:40:36.0621 0x12f8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:40:36.0699 0x12f8 BrFiltLo - ok 17:40:36.0746 0x12f8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:40:36.0793 0x12f8 BrFiltUp - ok 17:40:36.0840 0x12f8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:40:36.0933 0x12f8 BridgeMP - ok 17:40:36.0980 0x12f8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 17:40:37.0043 0x12f8 Browser - ok 17:40:37.0089 0x12f8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:40:37.0167 0x12f8 Brserid - ok 17:40:37.0199 0x12f8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:40:37.0230 0x12f8 BrSerWdm - ok 17:40:37.0261 0x12f8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:40:37.0323 0x12f8 BrUsbMdm - ok 17:40:37.0339 0x12f8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:40:37.0386 0x12f8 BrUsbSer - ok 17:40:37.0401 0x12f8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:40:37.0433 0x12f8 BTHMODEM - ok 17:40:37.0479 0x12f8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 17:40:37.0557 0x12f8 bthserv - ok 17:40:37.0589 0x12f8 catchme - ok 17:40:37.0635 0x12f8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:40:37.0713 0x12f8 cdfs - ok 17:40:37.0791 0x12f8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:40:37.0838 0x12f8 cdrom - ok 17:40:37.0885 0x12f8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 17:40:37.0979 0x12f8 CertPropSvc - ok 17:40:38.0010 0x12f8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:40:38.0057 0x12f8 circlass - ok 17:40:38.0119 0x12f8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 17:40:38.0181 0x12f8 CLFS - ok 17:40:38.0244 0x12f8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:40:38.0259 0x12f8 clr_optimization_v2.0.50727_32 - ok 17:40:38.0291 0x12f8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:40:38.0322 0x12f8 clr_optimization_v2.0.50727_64 - ok 17:40:38.0431 0x12f8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:40:38.0587 0x12f8 clr_optimization_v4.0.30319_32 - ok 17:40:38.0634 0x12f8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:40:38.0712 0x12f8 clr_optimization_v4.0.30319_64 - ok 17:40:38.0743 0x12f8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:40:38.0790 0x12f8 CmBatt - ok 17:40:38.0821 0x12f8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:40:38.0852 0x12f8 cmdide - ok 17:40:38.0930 0x12f8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 17:40:38.0993 0x12f8 CNG - ok 17:40:39.0055 0x12f8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:40:39.0071 0x12f8 Compbatt - ok 17:40:39.0133 0x12f8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:40:39.0180 0x12f8 CompositeBus - ok 17:40:39.0195 0x12f8 COMSysApp - ok 17:40:39.0211 0x12f8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:40:39.0242 0x12f8 crcdisk - ok 17:40:39.0305 0x12f8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:40:39.0351 0x12f8 CryptSvc - ok 17:40:39.0429 0x12f8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:40:39.0507 0x12f8 DcomLaunch - ok 17:40:39.0554 0x12f8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 17:40:39.0663 0x12f8 defragsvc - ok 17:40:39.0710 0x12f8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:40:39.0788 0x12f8 DfsC - ok 17:40:39.0835 0x12f8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 17:40:39.0897 0x12f8 Dhcp - ok 17:40:39.0944 0x12f8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 17:40:40.0022 0x12f8 discache - ok 17:40:40.0053 0x12f8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:40:40.0085 0x12f8 Disk - ok 17:40:40.0131 0x12f8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:40:40.0194 0x12f8 Dnscache - ok 17:40:40.0241 0x12f8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 17:40:40.0334 0x12f8 dot3svc - ok 17:40:40.0397 0x12f8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 17:40:40.0490 0x12f8 DPS - ok 17:40:40.0521 0x12f8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:40:40.0568 0x12f8 drmkaud - ok 17:40:40.0662 0x12f8 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1, 3508547FCE3B6ACA34511BB2C50A375E3894EBFAC656B9D1C82EA8439EFD8846 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 17:40:40.0693 0x12f8 DsiWMIService - ok 17:40:40.0802 0x12f8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:40:40.0849 0x12f8 DXGKrnl - ok 17:40:40.0911 0x12f8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 17:40:41.0005 0x12f8 EapHost - ok 17:40:41.0177 0x12f8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:40:41.0395 0x12f8 ebdrv - ok 17:40:41.0457 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe 17:40:41.0504 0x12f8 EFS - ok 17:40:41.0598 0x12f8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:40:41.0754 0x12f8 ehRecvr - ok 17:40:41.0785 0x12f8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 17:40:41.0847 0x12f8 ehSched - ok 17:40:41.0925 0x12f8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:40:41.0972 0x12f8 elxstor - ok 17:40:42.0128 0x12f8 [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 17:40:42.0206 0x12f8 ePowerSvc - ok 17:40:42.0237 0x12f8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:40:42.0284 0x12f8 ErrDev - ok 17:40:42.0347 0x12f8 [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 17:40:42.0378 0x12f8 ETD - ok 17:40:42.0440 0x12f8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 17:40:42.0534 0x12f8 EventSystem - ok 17:40:42.0596 0x12f8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 17:40:42.0752 0x12f8 exfat - ok 17:40:42.0768 0x12f8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:40:42.0830 0x12f8 fastfat - ok 17:40:42.0908 0x12f8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 17:40:42.0971 0x12f8 Fax - ok 17:40:43.0017 0x12f8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:40:43.0064 0x12f8 fdc - ok 17:40:43.0142 0x12f8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 17:40:43.0236 0x12f8 fdPHost - ok 17:40:43.0251 0x12f8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 17:40:43.0298 0x12f8 FDResPub - ok 17:40:43.0329 0x12f8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:40:43.0345 0x12f8 FileInfo - ok 17:40:43.0407 0x12f8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:40:43.0532 0x12f8 Filetrace - ok 17:40:43.0719 0x12f8 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:40:43.0782 0x12f8 FLEXnet Licensing Service - ok 17:40:43.0797 0x12f8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:40:43.0829 0x12f8 flpydisk - ok 17:40:43.0891 0x12f8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:40:43.0938 0x12f8 FltMgr - ok 17:40:44.0078 0x12f8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 17:40:44.0250 0x12f8 FontCache - ok 17:40:44.0359 0x12f8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:40:44.0375 0x12f8 FontCache3.0.0.0 - ok 17:40:44.0421 0x12f8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:40:44.0453 0x12f8 FsDepends - ok 17:40:44.0546 0x12f8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:40:44.0577 0x12f8 Fs_Rec - ok 17:40:45.0014 0x12f8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:40:45.0061 0x12f8 fvevol - ok 17:40:45.0123 0x12f8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:40:45.0123 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 17:40:45.0123 0x12f8 gagp30kx - detected LockedFile.Multi.Generic ( 1 ) 17:40:47.0869 0x12f8 Detect skipped due to KSN trusted 17:40:47.0869 0x12f8 gagp30kx - ok 17:40:48.0056 0x12f8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 17:40:48.0197 0x12f8 gpsvc - ok 17:40:48.0306 0x12f8 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 17:40:48.0321 0x12f8 GREGService - ok 17:40:48.0431 0x12f8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:40:48.0431 0x12f8 gupdate - ok 17:40:48.0524 0x12f8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:40:48.0587 0x12f8 gupdatem - ok 17:40:48.0774 0x12f8 [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock C:\Windows\system32\drivers\hardlock.sys 17:40:48.0789 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hardlock.sys. md5: D619BA1712B83D14149850E758B835AD, sha256: AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 17:40:48.0805 0x12f8 hardlock - detected LockedFile.Multi.Generic ( 1 ) 17:40:51.0644 0x12f8 Detect skipped due to KSN trusted 17:40:51.0644 0x12f8 hardlock - ok 17:40:51.0644 0x12f8 hasplms - ok 17:40:51.0738 0x12f8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:40:51.0738 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 17:40:51.0738 0x12f8 hcw85cir - detected LockedFile.Multi.Generic ( 1 ) 17:40:54.0499 0x12f8 Detect skipped due to KSN trusted 17:40:54.0499 0x12f8 hcw85cir - ok 17:40:54.0577 0x12f8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:40:54.0577 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 17:40:54.0577 0x12f8 HdAudAddService - detected LockedFile.Multi.Generic ( 1 ) 17:40:57.0354 0x12f8 Detect skipped due to KSN trusted 17:40:57.0354 0x12f8 HdAudAddService - ok 17:40:57.0385 0x12f8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:40:57.0385 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 17:40:57.0401 0x12f8 HDAudBus - detected LockedFile.Multi.Generic ( 1 ) 17:41:00.0177 0x12f8 Detect skipped due to KSN trusted 17:41:00.0177 0x12f8 HDAudBus - ok 17:41:00.0240 0x12f8 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 17:41:00.0240 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 17:41:00.0240 0x12f8 HECIx64 - detected LockedFile.Multi.Generic ( 1 ) 17:41:03.0017 0x12f8 Detect skipped due to KSN trusted 17:41:03.0017 0x12f8 HECIx64 - ok 17:41:03.0079 0x12f8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:41:03.0079 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 17:41:03.0079 0x12f8 HidBatt - detected LockedFile.Multi.Generic ( 1 ) 17:41:05.0825 0x12f8 Detect skipped due to KSN trusted 17:41:05.0825 0x12f8 HidBatt - ok 17:41:05.0934 0x12f8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:41:05.0934 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 17:41:05.0934 0x12f8 HidBth - detected LockedFile.Multi.Generic ( 1 ) 17:41:08.0695 0x12f8 Detect skipped due to KSN trusted 17:41:08.0695 0x12f8 HidBth - ok 17:41:08.0742 0x12f8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:41:08.0742 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D 17:41:08.0742 0x12f8 HidIr - detected LockedFile.Multi.Generic ( 1 ) 17:41:11.0597 0x12f8 Detect skipped due to KSN trusted 17:41:11.0597 0x12f8 HidIr - ok 17:41:11.0659 0x12f8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 17:41:11.0768 0x12f8 hidserv - ok 17:41:11.0815 0x12f8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:41:11.0815 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F 17:41:11.0815 0x12f8 HidUsb - detected LockedFile.Multi.Generic ( 1 ) 17:41:14.0654 0x12f8 Detect skipped due to KSN trusted 17:41:14.0654 0x12f8 HidUsb - ok 17:41:14.0732 0x12f8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:41:14.0810 0x12f8 hkmsvc - ok 17:41:14.0888 0x12f8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:41:14.0966 0x12f8 HomeGroupListener - ok 17:41:15.0029 0x12f8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:41:15.0076 0x12f8 HomeGroupProvider - ok 17:41:15.0122 0x12f8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:41:15.0122 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 17:41:15.0122 0x12f8 HpSAMD - detected LockedFile.Multi.Generic ( 1 ) 17:41:17.0884 0x12f8 Detect skipped due to KSN trusted 17:41:17.0884 0x12f8 HpSAMD - ok 17:41:18.0008 0x12f8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:41:18.0008 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 17:41:18.0008 0x12f8 HTTP - detected LockedFile.Multi.Generic ( 1 ) 17:41:20.0957 0x12f8 Detect skipped due to KSN trusted 17:41:20.0957 0x12f8 HTTP - ok 17:41:21.0019 0x12f8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:41:21.0019 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 17:41:21.0019 0x12f8 hwpolicy - detected LockedFile.Multi.Generic ( 1 ) 17:41:31.0034 0x12f8 hwpolicy ( LockedFile.Multi.Generic ) - warning 17:41:33.0889 0x12f8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:41:33.0889 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD 17:41:33.0889 0x12f8 i8042prt - detected LockedFile.Multi.Generic ( 1 ) 17:41:36.0650 0x12f8 Detect skipped due to KSN trusted 17:41:36.0650 0x12f8 i8042prt - ok 17:41:36.0744 0x12f8 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:41:36.0744 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1384872112E8E7FD5786ECEB8BDDF4C9, sha256: DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 17:41:36.0760 0x12f8 iaStor - detected LockedFile.Multi.Generic ( 1 ) 17:41:39.0521 0x12f8 Detect skipped due to KSN trusted 17:41:39.0521 0x12f8 iaStor - ok 17:41:39.0630 0x12f8 [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:41:39.0661 0x12f8 IAStorDataMgrSvc - ok 17:41:39.0724 0x12f8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:41:39.0724 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 17:41:39.0724 0x12f8 iaStorV - detected LockedFile.Multi.Generic ( 1 ) 17:41:42.0500 0x12f8 Detect skipped due to KSN trusted 17:41:42.0500 0x12f8 iaStorV - ok 17:41:42.0610 0x12f8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:41:42.0703 0x12f8 idsvc - ok 17:41:42.0750 0x12f8 IEEtwCollectorService - ok 17:41:42.0781 0x12f8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:41:42.0781 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 17:41:42.0781 0x12f8 iirsp - detected LockedFile.Multi.Generic ( 1 ) 17:41:45.0558 0x12f8 Detect skipped due to KSN trusted 17:41:45.0558 0x12f8 iirsp - ok 17:41:45.0652 0x12f8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 17:41:45.0714 0x12f8 IKEEXT - ok 17:41:45.0870 0x12f8 [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:41:45.0870 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 235362D403D9D677514649D88DB31914, sha256: 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 17:41:45.0886 0x12f8 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 ) 17:41:48.0616 0x12f8 Detect skipped due to KSN trusted 17:41:48.0616 0x12f8 IntcAzAudAddService - ok 17:41:48.0694 0x12f8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 17:41:48.0694 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 17:41:48.0694 0x12f8 intelide - detected LockedFile.Multi.Generic ( 1 ) 17:41:51.0455 0x12f8 Detect skipped due to KSN trusted 17:41:51.0455 0x12f8 intelide - ok 17:41:51.0517 0x12f8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:41:51.0517 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 17:41:51.0533 0x12f8 intelppm - detected LockedFile.Multi.Generic ( 1 ) 17:41:54.0325 0x12f8 Detect skipped due to KSN trusted 17:41:54.0325 0x12f8 intelppm - ok 17:41:54.0388 0x12f8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:41:54.0466 0x12f8 IPBusEnum - ok 17:41:54.0512 0x12f8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:41:54.0512 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 17:41:54.0512 0x12f8 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 ) 17:41:57.0289 0x12f8 Detect skipped due to KSN trusted 17:41:57.0289 0x12f8 IpFilterDriver - ok 17:41:57.0383 0x12f8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:41:57.0430 0x12f8 iphlpsvc - ok 17:41:57.0476 0x12f8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:41:57.0476 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 17:41:57.0476 0x12f8 IPMIDRV - detected LockedFile.Multi.Generic ( 1 ) 17:42:00.0222 0x12f8 Detect skipped due to KSN trusted 17:42:00.0222 0x12f8 IPMIDRV - ok 17:42:00.0284 0x12f8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:42:00.0284 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E 17:42:00.0284 0x12f8 IPNAT - detected LockedFile.Multi.Generic ( 1 ) 17:42:03.0046 0x12f8 Detect skipped due to KSN trusted 17:42:03.0046 0x12f8 IPNAT - ok 17:42:03.0108 0x12f8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:42:03.0108 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE 17:42:03.0108 0x12f8 IRENUM - detected LockedFile.Multi.Generic ( 1 ) 17:42:05.0854 0x12f8 Detect skipped due to KSN trusted 17:42:05.0854 0x12f8 IRENUM - ok 17:42:05.0916 0x12f8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:42:05.0916 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 17:42:05.0916 0x12f8 isapnp - detected LockedFile.Multi.Generic ( 1 ) 17:42:09.0145 0x12f8 Detect skipped due to KSN trusted 17:42:09.0145 0x12f8 isapnp - ok 17:42:09.0176 0x12f8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:42:09.0176 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA 17:42:09.0176 0x12f8 iScsiPrt - detected LockedFile.Multi.Generic ( 1 ) 17:42:11.0938 0x12f8 Detect skipped due to KSN trusted 17:42:11.0938 0x12f8 iScsiPrt - ok 17:42:12.0031 0x12f8 [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 17:42:12.0031 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 37E053A2CF8F0082B689ED74106E0CEC, sha256: 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 17:42:12.0031 0x12f8 k57nd60a - detected LockedFile.Multi.Generic ( 1 ) 17:42:14.0870 0x12f8 Detect skipped due to KSN trusted 17:42:14.0870 0x12f8 k57nd60a - ok 17:42:14.0933 0x12f8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:42:14.0933 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 17:42:14.0933 0x12f8 kbdclass - detected LockedFile.Multi.Generic ( 1 ) 17:42:17.0725 0x12f8 Detect skipped due to KSN trusted 17:42:17.0725 0x12f8 kbdclass - ok 17:42:17.0772 0x12f8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:42:17.0772 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 17:42:17.0772 0x12f8 kbdhid - detected LockedFile.Multi.Generic ( 1 ) 17:42:20.0549 0x12f8 Detect skipped due to KSN trusted 17:42:20.0549 0x12f8 kbdhid - ok 17:42:20.0580 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe 17:42:20.0611 0x12f8 KeyIso - ok 17:42:20.0642 0x12f8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:42:20.0642 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 353009DEDF918B2A51414F330CF72DEC, sha256: BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 17:42:20.0642 0x12f8 KSecDD - detected LockedFile.Multi.Generic ( 1 ) 17:42:23.0450 0x12f8 Detect skipped due to KSN trusted 17:42:23.0450 0x12f8 KSecDD - ok 17:42:23.0513 0x12f8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:42:23.0513 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 1C2D8E18AA8FD50CD04C15CC27F7F5AB, sha256: 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 17:42:23.0513 0x12f8 KSecPkg - detected LockedFile.Multi.Generic ( 1 ) 17:42:26.0258 0x12f8 Detect skipped due to KSN trusted 17:42:26.0258 0x12f8 KSecPkg - ok 17:42:26.0336 0x12f8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:42:26.0336 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B 17:42:26.0336 0x12f8 ksthunk - detected LockedFile.Multi.Generic ( 1 ) 17:42:29.0191 0x12f8 Detect skipped due to KSN trusted 17:42:29.0191 0x12f8 ksthunk - ok 17:42:29.0269 0x12f8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 17:42:29.0378 0x12f8 KtmRm - ok 17:42:29.0441 0x12f8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 17:42:29.0550 0x12f8 LanmanServer - ok 17:42:29.0581 0x12f8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:42:29.0659 0x12f8 LanmanWorkstation - ok 17:42:29.0706 0x12f8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:42:29.0706 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C 17:42:29.0706 0x12f8 lltdio - detected LockedFile.Multi.Generic ( 1 ) 17:42:32.0452 0x12f8 Detect skipped due to KSN trusted 17:42:32.0452 0x12f8 lltdio - ok 17:42:32.0530 0x12f8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:42:32.0654 0x12f8 lltdsvc - ok 17:42:32.0686 0x12f8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:42:32.0748 0x12f8 lmhosts - ok 17:42:32.0810 0x12f8 [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:42:32.0842 0x12f8 LMS - ok 17:42:32.0873 0x12f8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:42:32.0873 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B 17:42:32.0873 0x12f8 LSI_FC - detected LockedFile.Multi.Generic ( 1 ) 17:42:38.0816 0x12f8 Detect skipped due to KSN trusted 17:42:38.0816 0x12f8 LSI_FC - ok 17:42:38.0863 0x12f8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:42:38.0863 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B 17:42:38.0863 0x12f8 LSI_SAS - detected LockedFile.Multi.Generic ( 1 ) 17:42:41.0624 0x12f8 Detect skipped due to KSN trusted 17:42:41.0624 0x12f8 LSI_SAS - ok 17:42:41.0671 0x12f8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:42:41.0671 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 17:42:41.0671 0x12f8 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 ) 17:42:44.0542 0x12f8 Detect skipped due to KSN trusted 17:42:44.0542 0x12f8 LSI_SAS2 - ok 17:42:44.0588 0x12f8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:42:44.0588 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D 17:42:44.0588 0x12f8 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 ) 17:42:54.0604 0x12f8 Object is SCO, delete is not allowed 17:42:54.0604 0x12f8 LSI_SCSI ( LockedFile.Multi.Generic ) - warning 17:42:54.0604 0x12f8 Force sending object to P2P due to detect: LSI_SCSI 17:42:57.0427 0x12f8 Object send P2P result: true 17:43:00.0235 0x12f8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 17:43:00.0235 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 17:43:00.0235 0x12f8 luafv - detected LockedFile.Multi.Generic ( 1 ) 17:43:03.0308 0x12f8 Detect skipped due to KSN trusted 17:43:03.0308 0x12f8 luafv - ok 17:43:03.0371 0x12f8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:43:03.0418 0x12f8 Mcx2Svc - ok 17:43:03.0433 0x12f8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:43:03.0433 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 17:43:03.0433 0x12f8 megasas - detected LockedFile.Multi.Generic ( 1 ) 17:43:06.0226 0x12f8 Detect skipped due to KSN trusted 17:43:06.0226 0x12f8 megasas - ok 17:43:06.0272 0x12f8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:43:06.0272 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 17:43:06.0272 0x12f8 MegaSR - detected LockedFile.Multi.Generic ( 1 ) 17:43:09.0127 0x12f8 Detect skipped due to KSN trusted 17:43:09.0127 0x12f8 MegaSR - ok 17:43:09.0174 0x12f8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 17:43:09.0252 0x12f8 MMCSS - ok 17:43:09.0268 0x12f8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 17:43:09.0268 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 17:43:09.0268 0x12f8 Modem - detected LockedFile.Multi.Generic ( 1 ) 17:43:19.0283 0x12f8 Object is SCO, delete is not allowed 17:43:19.0283 0x12f8 Modem ( LockedFile.Multi.Generic ) - warning 17:43:19.0283 0x12f8 Force sending object to P2P due to detect: Modem 17:43:22.0153 0x12f8 Object send P2P result: true 17:43:25.0008 0x12f8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:43:25.0008 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 17:43:25.0008 0x12f8 monitor - detected LockedFile.Multi.Generic ( 1 ) 17:43:27.0785 0x12f8 Detect skipped due to KSN trusted 17:43:27.0785 0x12f8 monitor - ok 17:43:27.0863 0x12f8 [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys 17:43:27.0863 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MijXfilt.sys. md5: C030F9E822A057C1A7A9BB4EA3E8877E, sha256: 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A 17:43:27.0863 0x12f8 MotioninJoyXFilter - detected LockedFile.Multi.Generic ( 1 ) 17:43:30.0702 0x12f8 Detect skipped due to KSN trusted 17:43:30.0702 0x12f8 MotioninJoyXFilter - ok 17:43:30.0780 0x12f8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:43:30.0780 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 17:43:30.0780 0x12f8 mouclass - detected LockedFile.Multi.Generic ( 1 ) 17:43:33.0635 0x12f8 Detect skipped due to KSN trusted 17:43:33.0635 0x12f8 mouclass - ok 17:43:33.0697 0x12f8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:43:33.0697 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 17:43:33.0697 0x12f8 mouhid - detected LockedFile.Multi.Generic ( 1 ) 17:43:36.0568 0x12f8 Detect skipped due to KSN trusted 17:43:36.0568 0x12f8 mouhid - ok 17:43:36.0630 0x12f8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:43:36.0630 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 17:43:36.0630 0x12f8 mountmgr - detected LockedFile.Multi.Generic ( 1 ) 17:43:39.0391 0x12f8 Detect skipped due to KSN trusted 17:43:39.0391 0x12f8 mountmgr - ok 17:43:39.0469 0x12f8 [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:43:39.0501 0x12f8 MozillaMaintenance - ok 17:43:39.0563 0x12f8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 17:43:39.0563 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 17:43:39.0563 0x12f8 mpio - detected LockedFile.Multi.Generic ( 1 ) 17:43:42.0324 0x12f8 Detect skipped due to KSN trusted 17:43:42.0324 0x12f8 mpio - ok 17:43:42.0402 0x12f8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:43:42.0402 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 17:43:42.0402 0x12f8 mpsdrv - detected LockedFile.Multi.Generic ( 1 ) 17:43:45.0257 0x12f8 Detect skipped due to KSN trusted 17:43:45.0257 0x12f8 mpsdrv - ok 17:43:45.0382 0x12f8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:43:45.0507 0x12f8 MpsSvc - ok 17:43:45.0538 0x12f8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:43:45.0538 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 1A4F75E63C9FB84B85DFFC6B63FD5404, sha256: 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F 17:43:45.0538 0x12f8 MRxDAV - detected LockedFile.Multi.Generic ( 1 ) 17:43:48.0408 0x12f8 Detect skipped due to KSN trusted 17:43:48.0408 0x12f8 MRxDAV - ok 17:43:48.0471 0x12f8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:43:48.0471 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 17:43:48.0471 0x12f8 mrxsmb - detected LockedFile.Multi.Generic ( 1 ) 17:43:51.0294 0x12f8 Detect skipped due to KSN trusted 17:43:51.0294 0x12f8 mrxsmb - ok 17:43:51.0372 0x12f8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:43:51.0372 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF 17:43:51.0372 0x12f8 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 ) 17:43:54.0165 0x12f8 Detect skipped due to KSN trusted 17:43:54.0165 0x12f8 mrxsmb10 - ok 17:43:54.0211 0x12f8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:43:54.0211 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC 17:43:54.0227 0x12f8 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 ) 17:43:57.0144 0x12f8 Detect skipped due to KSN trusted 17:43:57.0144 0x12f8 mrxsmb20 - ok 17:43:57.0207 0x12f8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 17:43:57.0207 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 17:43:57.0207 0x12f8 msahci - detected LockedFile.Multi.Generic ( 1 ) 17:44:00.0046 0x12f8 Detect skipped due to KSN trusted 17:44:00.0046 0x12f8 msahci - ok 17:44:00.0155 0x12f8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:44:00.0155 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 17:44:00.0155 0x12f8 msdsm - detected LockedFile.Multi.Generic ( 1 ) 17:44:02.0901 0x12f8 Detect skipped due to KSN trusted 17:44:02.0901 0x12f8 msdsm - ok 17:44:02.0947 0x12f8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 17:44:02.0994 0x12f8 MSDTC - ok 17:44:03.0025 0x12f8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:44:03.0025 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 17:44:03.0025 0x12f8 Msfs - detected LockedFile.Multi.Generic ( 1 ) 17:44:05.0865 0x12f8 Detect skipped due to KSN trusted 17:44:05.0865 0x12f8 Msfs - ok 17:44:05.0896 0x12f8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:44:05.0896 0x12f8 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 17:44:05.0896 0x12f8 mshidkmdf - detected LockedFile.Multi.Generic ( 1 ) 17:44:08.0657 0x12f8 Detect skipped due to KSN trusted 17:44:08.0657 0x12f8 mshidkmdf - ok 17:44:08.0719 0x12f8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:44:08.0719 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 17:44:08.0719 0x12f8 msisadrv - detected LockedFile.Multi.Generic ( 1 ) 17:44:11.0465 0x12f8 Detect skipped due to KSN trusted 17:44:11.0465 0x12f8 msisadrv - ok 17:44:11.0527 0x12f8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:44:11.0605 0x12f8 MSiSCSI - ok 17:44:11.0605 0x12f8 msiserver - ok 17:44:11.0637 0x12f8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:44:11.0637 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 17:44:11.0637 0x12f8 MSKSSRV - detected LockedFile.Multi.Generic ( 1 ) 17:44:14.0367 0x12f8 Detect skipped due to KSN trusted 17:44:14.0367 0x12f8 MSKSSRV - ok 17:44:14.0413 0x12f8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:44:14.0413 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB 17:44:14.0413 0x12f8 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 ) 17:44:17.0346 0x12f8 Detect skipped due to KSN trusted 17:44:17.0346 0x12f8 MSPCLOCK - ok 17:44:17.0393 0x12f8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:44:17.0393 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC 17:44:17.0393 0x12f8 MSPQM - detected LockedFile.Multi.Generic ( 1 ) 17:44:20.0232 0x12f8 Detect skipped due to KSN trusted 17:44:20.0232 0x12f8 MSPQM - ok 17:44:20.0295 0x12f8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:44:20.0295 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 17:44:20.0295 0x12f8 MsRPC - detected LockedFile.Multi.Generic ( 1 ) 17:44:23.0056 0x12f8 Detect skipped due to KSN trusted 17:44:23.0056 0x12f8 MsRPC - ok 17:44:23.0134 0x12f8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:44:23.0134 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 17:44:23.0134 0x12f8 mssmbios - detected LockedFile.Multi.Generic ( 1 ) 17:44:25.0957 0x12f8 Detect skipped due to KSN trusted 17:44:25.0957 0x12f8 mssmbios - ok 17:44:25.0973 0x12f8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:44:25.0973 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD 17:44:25.0973 0x12f8 MSTEE - detected LockedFile.Multi.Generic ( 1 ) 17:44:28.0734 0x12f8 Detect skipped due to KSN trusted 17:44:28.0734 0x12f8 MSTEE - ok 17:44:28.0781 0x12f8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:44:28.0781 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 17:44:28.0781 0x12f8 MTConfig - detected LockedFile.Multi.Generic ( 1 ) 17:44:38.0578 0x12f8 Detect skipped due to KSN trusted 17:44:38.0578 0x12f8 MTConfig - ok 17:44:38.0625 0x12f8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 17:44:38.0625 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A 17:44:38.0625 0x12f8 Mup - detected LockedFile.Multi.Generic ( 1 ) 17:44:43.0960 0x12f8 Detect skipped due to KSN trusted 17:44:43.0960 0x12f8 Mup - ok 17:44:44.0038 0x12f8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 17:44:44.0147 0x12f8 napagent - ok 17:44:44.0178 0x12f8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:44:44.0178 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 17:44:44.0209 0x12f8 NativeWifiP - detected LockedFile.Multi.Generic ( 1 ) 17:44:47.0064 0x12f8 Detect skipped due to KSN trusted 17:44:47.0064 0x12f8 NativeWifiP - ok 17:44:47.0189 0x12f8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 17:44:47.0189 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D 17:44:47.0189 0x12f8 NDIS - detected LockedFile.Multi.Generic ( 1 ) 17:44:50.0028 0x12f8 Detect skipped due to KSN trusted 17:44:50.0028 0x12f8 NDIS - ok 17:44:50.0091 0x12f8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:44:50.0091 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC 17:44:50.0091 0x12f8 NdisCap - detected LockedFile.Multi.Generic ( 1 ) 17:44:52.0883 0x12f8 Detect skipped due to KSN trusted 17:44:52.0883 0x12f8 NdisCap - ok 17:44:52.0930 0x12f8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:44:52.0930 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 17:44:52.0930 0x12f8 NdisTapi - detected LockedFile.Multi.Generic ( 1 ) 17:44:55.0769 0x12f8 Detect skipped due to KSN trusted 17:44:55.0769 0x12f8 NdisTapi - ok 17:44:55.0847 0x12f8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:44:55.0847 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 17:44:55.0847 0x12f8 Ndisuio - detected LockedFile.Multi.Generic ( 1 ) 17:44:58.0842 0x12f8 Detect skipped due to KSN trusted 17:44:58.0842 0x12f8 Ndisuio - ok 17:44:58.0889 0x12f8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:44:58.0889 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 17:44:58.0889 0x12f8 NdisWan - detected LockedFile.Multi.Generic ( 1 ) 17:45:01.0728 0x12f8 Detect skipped due to KSN trusted 17:45:01.0728 0x12f8 NdisWan - ok 17:45:01.0806 0x12f8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:45:01.0806 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 17:45:01.0806 0x12f8 NDProxy - detected LockedFile.Multi.Generic ( 1 ) 17:45:04.0614 0x12f8 Detect skipped due to KSN trusted 17:45:04.0614 0x12f8 NDProxy - ok 17:45:04.0677 0x12f8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:45:04.0677 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 17:45:04.0677 0x12f8 NetBIOS - detected LockedFile.Multi.Generic ( 1 ) 17:45:07.0438 0x12f8 Detect skipped due to KSN trusted 17:45:07.0438 0x12f8 NetBIOS - ok 17:45:07.0516 0x12f8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:45:07.0516 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 17:45:07.0516 0x12f8 NetBT - detected LockedFile.Multi.Generic ( 1 ) 17:45:10.0371 0x12f8 Detect skipped due to KSN trusted 17:45:10.0371 0x12f8 NetBT - ok 17:45:10.0433 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe 17:45:10.0449 0x12f8 Netlogon - ok 17:45:10.0511 0x12f8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 17:45:10.0574 0x12f8 Netman - ok 17:45:10.0636 0x12f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:10.0683 0x12f8 NetMsmqActivator - ok 17:45:10.0714 0x12f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:10.0730 0x12f8 NetPipeActivator - ok 17:45:10.0776 0x12f8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 17:45:10.0870 0x12f8 netprofm - ok 17:45:10.0870 0x12f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:10.0886 0x12f8 NetTcpActivator - ok 17:45:10.0901 0x12f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:10.0917 0x12f8 NetTcpPortSharing - ok 17:45:10.0932 0x12f8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:45:10.0932 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 17:45:10.0932 0x12f8 nfrd960 - detected LockedFile.Multi.Generic ( 1 ) 17:45:13.0694 0x12f8 Detect skipped due to KSN trusted 17:45:13.0694 0x12f8 nfrd960 - ok 17:45:13.0772 0x12f8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:45:13.0834 0x12f8 NlaSvc - ok 17:45:13.0865 0x12f8 NLNdisMP - ok 17:45:13.0896 0x12f8 NLNdisPT - ok 17:45:13.0943 0x12f8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:45:13.0943 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F 17:45:13.0943 0x12f8 Npfs - detected LockedFile.Multi.Generic ( 1 ) 17:45:16.0704 0x12f8 Detect skipped due to KSN trusted 17:45:16.0704 0x12f8 Npfs - ok 17:45:16.0751 0x12f8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 17:45:16.0845 0x12f8 nsi - ok 17:45:16.0860 0x12f8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:45:16.0860 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 17:45:16.0860 0x12f8 nsiproxy - detected LockedFile.Multi.Generic ( 1 ) 17:45:19.0715 0x12f8 Detect skipped due to KSN trusted 17:45:19.0715 0x12f8 nsiproxy - ok 17:45:19.0856 0x12f8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:45:19.0856 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 1A29A59A4C5BA6F8C85062A613B7E2B2, sha256: CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 17:45:19.0856 0x12f8 Ntfs - detected LockedFile.Multi.Generic ( 1 ) 17:45:29.0871 0x12f8 Object is SCO, delete is not allowed 17:45:29.0871 0x12f8 Ntfs ( LockedFile.Multi.Generic ) - warning 17:45:32.0757 0x12f8 [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 17:45:32.0788 0x12f8 NTI IScheduleSvc - ok 17:45:32.0835 0x12f8 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 17:45:32.0835 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: EE3BA1024594D5D09E314F206B94069E, sha256: 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 17:45:32.0835 0x12f8 NTIDrvr - detected LockedFile.Multi.Generic ( 1 ) 17:45:35.0674 0x12f8 Detect skipped due to KSN trusted 17:45:35.0674 0x12f8 NTIDrvr - ok 17:45:35.0736 0x12f8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 17:45:35.0736 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 17:45:35.0736 0x12f8 Null - detected LockedFile.Multi.Generic ( 1 ) 17:45:38.0560 0x12f8 Detect skipped due to KSN trusted 17:45:38.0560 0x12f8 Null - ok 17:45:38.0638 0x12f8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:45:38.0638 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 17:45:38.0638 0x12f8 nvraid - detected LockedFile.Multi.Generic ( 1 ) 17:45:41.0477 0x12f8 Detect skipped due to KSN trusted 17:45:41.0477 0x12f8 nvraid - ok 17:45:41.0540 0x12f8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:45:41.0540 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 17:45:41.0540 0x12f8 nvstor - detected LockedFile.Multi.Generic ( 1 ) 17:45:44.0379 0x12f8 Detect skipped due to KSN trusted 17:45:44.0379 0x12f8 nvstor - ok 17:45:44.0457 0x12f8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:45:44.0457 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F 17:45:44.0457 0x12f8 nv_agp - detected LockedFile.Multi.Generic ( 1 ) 17:45:47.0202 0x12f8 Detect skipped due to KSN trusted 17:45:47.0202 0x12f8 nv_agp - ok 17:45:47.0343 0x12f8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:45:47.0390 0x12f8 odserv - ok 17:45:47.0421 0x12f8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:45:47.0421 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 17:45:47.0421 0x12f8 ohci1394 - detected LockedFile.Multi.Generic ( 1 ) 17:45:50.0166 0x12f8 Detect skipped due to KSN trusted 17:45:50.0166 0x12f8 ohci1394 - ok 17:45:50.0260 0x12f8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:45:50.0291 0x12f8 ose - ok 17:45:50.0338 0x12f8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:45:50.0400 0x12f8 p2pimsvc - ok 17:45:50.0432 0x12f8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 17:45:50.0510 0x12f8 p2psvc - ok 17:45:50.0541 0x12f8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:45:50.0541 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 17:45:50.0556 0x12f8 Parport - detected LockedFile.Multi.Generic ( 1 ) 17:45:53.0380 0x12f8 Detect skipped due to KSN trusted 17:45:53.0380 0x12f8 Parport - ok 17:45:53.0442 0x12f8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:45:53.0442 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 17:45:53.0442 0x12f8 partmgr - detected LockedFile.Multi.Generic ( 1 ) 17:45:56.0204 0x12f8 Detect skipped due to KSN trusted 17:45:56.0204 0x12f8 partmgr - ok 17:45:56.0282 0x12f8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 17:45:56.0375 0x12f8 PcaSvc - ok 17:45:56.0406 0x12f8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 17:45:56.0406 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 17:45:56.0406 0x12f8 pci - detected LockedFile.Multi.Generic ( 1 ) 17:45:59.0230 0x12f8 Detect skipped due to KSN trusted 17:45:59.0230 0x12f8 pci - ok 17:45:59.0308 0x12f8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 17:45:59.0308 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 17:45:59.0308 0x12f8 pciide - detected LockedFile.Multi.Generic ( 1 ) 17:46:02.0054 0x12f8 Detect skipped due to KSN trusted 17:46:02.0054 0x12f8 pciide - ok 17:46:02.0116 0x12f8 PCLEPCI - ok 17:46:02.0147 0x12f8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:46:02.0147 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 17:46:02.0147 0x12f8 pcmcia - detected LockedFile.Multi.Generic ( 1 ) 17:46:04.0908 0x12f8 Detect skipped due to KSN trusted 17:46:04.0908 0x12f8 pcmcia - ok 17:46:04.0940 0x12f8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 17:46:04.0955 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 17:46:04.0955 0x12f8 pcw - detected LockedFile.Multi.Generic ( 1 ) 17:46:07.0701 0x12f8 Detect skipped due to KSN trusted 17:46:07.0701 0x12f8 pcw - ok 17:46:07.0779 0x12f8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:46:07.0779 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C 17:46:07.0779 0x12f8 PEAUTH - detected LockedFile.Multi.Generic ( 1 ) 17:46:10.0524 0x12f8 Detect skipped due to KSN trusted 17:46:10.0524 0x12f8 PEAUTH - ok 17:46:10.0852 0x12f8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:46:10.0883 0x12f8 PerfHost - ok 17:46:11.0008 0x12f8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 17:46:11.0164 0x12f8 pla - ok 17:46:11.0211 0x12f8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:46:11.0289 0x12f8 PlugPlay - ok 17:46:11.0320 0x12f8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:46:11.0351 0x12f8 PNRPAutoReg - ok 17:46:11.0382 0x12f8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:46:11.0414 0x12f8 PNRPsvc - ok 17:46:11.0460 0x12f8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:46:11.0523 0x12f8 PolicyAgent - ok 17:46:11.0554 0x12f8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 17:46:11.0632 0x12f8 Power - ok 17:46:11.0663 0x12f8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:46:11.0663 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 17:46:11.0663 0x12f8 PptpMiniport - detected LockedFile.Multi.Generic ( 1 ) 17:46:14.0409 0x12f8 Detect skipped due to KSN trusted 17:46:14.0409 0x12f8 PptpMiniport - ok 17:46:14.0471 0x12f8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:46:14.0471 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 17:46:14.0471 0x12f8 Processor - detected LockedFile.Multi.Generic ( 1 ) 17:46:17.0295 0x12f8 Detect skipped due to KSN trusted 17:46:17.0295 0x12f8 Processor - ok 17:46:17.0357 0x12f8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 17:46:17.0420 0x12f8 ProfSvc - ok 17:46:17.0451 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:46:17.0466 0x12f8 ProtectedStorage - ok 17:46:17.0544 0x12f8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:46:17.0544 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 17:46:17.0544 0x12f8 Psched - detected LockedFile.Multi.Generic ( 1 ) 17:46:20.0384 0x12f8 Detect skipped due to KSN trusted 17:46:20.0384 0x12f8 Psched - ok 17:46:20.0508 0x12f8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:46:20.0508 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 17:46:20.0508 0x12f8 ql2300 - detected LockedFile.Multi.Generic ( 1 ) 17:46:23.0394 0x12f8 Detect skipped due to KSN trusted 17:46:23.0394 0x12f8 ql2300 - ok 17:46:23.0426 0x12f8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:46:23.0426 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE 17:46:23.0426 0x12f8 ql40xx - detected LockedFile.Multi.Generic ( 1 ) 17:46:26.0358 0x12f8 Detect skipped due to KSN trusted 17:46:26.0358 0x12f8 ql40xx - ok 17:46:26.0421 0x12f8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 17:46:26.0483 0x12f8 QWAVE - ok 17:46:26.0499 0x12f8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:46:26.0499 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 17:46:26.0499 0x12f8 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 ) 17:46:29.0260 0x12f8 Detect skipped due to KSN trusted 17:46:29.0260 0x12f8 QWAVEdrv - ok 17:46:29.0307 0x12f8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:46:29.0307 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF 17:46:29.0307 0x12f8 RasAcd - detected LockedFile.Multi.Generic ( 1 ) 17:46:32.0162 0x12f8 Detect skipped due to KSN trusted 17:46:32.0162 0x12f8 RasAcd - ok 17:46:32.0240 0x12f8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:46:32.0240 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 17:46:32.0240 0x12f8 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 ) 17:46:35.0001 0x12f8 Detect skipped due to KSN trusted 17:46:35.0001 0x12f8 RasAgileVpn - ok 17:46:35.0063 0x12f8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 17:46:35.0157 0x12f8 RasAuto - ok 17:46:35.0188 0x12f8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:46:35.0188 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 17:46:35.0188 0x12f8 Rasl2tp - detected LockedFile.Multi.Generic ( 1 ) 17:46:37.0980 0x12f8 Detect skipped due to KSN trusted 17:46:37.0980 0x12f8 Rasl2tp - ok 17:46:38.0058 0x12f8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 17:46:38.0136 0x12f8 RasMan - ok 17:46:38.0168 0x12f8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:46:38.0168 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 17:46:38.0168 0x12f8 RasPppoe - detected LockedFile.Multi.Generic ( 1 ) 17:46:40.0929 0x12f8 Detect skipped due to KSN trusted 17:46:40.0929 0x12f8 RasPppoe - ok 17:46:40.0991 0x12f8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:46:40.0991 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C 17:46:40.0991 0x12f8 RasSstp - detected LockedFile.Multi.Generic ( 1 ) 17:46:43.0846 0x12f8 Detect skipped due to KSN trusted 17:46:43.0846 0x12f8 RasSstp - ok 17:46:43.0924 0x12f8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:46:43.0924 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA 17:46:43.0924 0x12f8 rdbss - detected LockedFile.Multi.Generic ( 1 ) 17:46:46.0685 0x12f8 Detect skipped due to KSN trusted 17:46:46.0685 0x12f8 rdbss - ok 17:46:46.0732 0x12f8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:46:46.0732 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 17:46:46.0732 0x12f8 rdpbus - detected LockedFile.Multi.Generic ( 1 ) 17:46:52.0566 0x12f8 Detect skipped due to KSN trusted 17:46:52.0566 0x12f8 rdpbus - ok 17:46:52.0629 0x12f8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:46:52.0629 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 17:46:52.0629 0x12f8 RDPCDD - detected LockedFile.Multi.Generic ( 1 ) 17:46:55.0468 0x12f8 Detect skipped due to KSN trusted 17:46:55.0468 0x12f8 RDPCDD - ok 17:46:55.0515 0x12f8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:46:55.0515 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F 17:46:55.0515 0x12f8 RDPENCDD - detected LockedFile.Multi.Generic ( 1 ) 17:46:58.0276 0x12f8 Detect skipped due to KSN trusted 17:46:58.0276 0x12f8 RDPENCDD - ok 17:46:58.0339 0x12f8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:46:58.0339 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 17:46:58.0339 0x12f8 RDPREFMP - detected LockedFile.Multi.Generic ( 1 ) 17:47:01.0100 0x12f8 Detect skipped due to KSN trusted 17:47:01.0100 0x12f8 RDPREFMP - ok 17:47:01.0193 0x12f8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 17:47:01.0193 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 313F68E1A3E6345A4F47A36B07062F34, sha256: B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F 17:47:01.0193 0x12f8 RdpVideoMiniport - detected LockedFile.Multi.Generic ( 1 ) 17:47:03.0955 0x12f8 Detect skipped due to KSN trusted 17:47:03.0970 0x12f8 RdpVideoMiniport - ok 17:47:04.0033 0x12f8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:47:04.0033 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 17:47:04.0033 0x12f8 RDPWD - detected LockedFile.Multi.Generic ( 1 ) 17:47:06.0778 0x12f8 Detect skipped due to KSN trusted 17:47:06.0778 0x12f8 RDPWD - ok 17:47:06.0841 0x12f8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:47:06.0841 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F 17:47:06.0856 0x12f8 rdyboost - detected LockedFile.Multi.Generic ( 1 ) 17:47:09.0773 0x12f8 Detect skipped due to KSN trusted 17:47:09.0773 0x12f8 rdyboost - ok 17:47:09.0836 0x12f8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:47:09.0929 0x12f8 RemoteAccess - ok 17:47:09.0961 0x12f8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:47:10.0023 0x12f8 RemoteRegistry - ok 17:47:10.0054 0x12f8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:47:10.0132 0x12f8 RpcEptMapper - ok 17:47:10.0163 0x12f8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 17:47:10.0210 0x12f8 RpcLocator - ok 17:47:10.0273 0x12f8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 17:47:10.0335 0x12f8 RpcSs - ok 17:47:10.0382 0x12f8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:47:10.0382 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD 17:47:10.0382 0x12f8 rspndr - detected LockedFile.Multi.Generic ( 1 ) 17:47:13.0237 0x12f8 Detect skipped due to KSN trusted 17:47:13.0237 0x12f8 rspndr - ok 17:47:13.0315 0x12f8 [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 17:47:13.0315 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 763AE0C6D9DF4C24B7E2C26036A8188A, sha256: 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 17:47:13.0315 0x12f8 RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 ) 17:47:16.0154 0x12f8 Detect skipped due to KSN trusted 17:47:16.0154 0x12f8 RSUSBSTOR - ok 17:47:16.0232 0x12f8 [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 17:47:16.0232 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: D6D381B76056C668679723938F06F16C, sha256: A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 17:47:16.0232 0x12f8 RTHDMIAzAudService - detected LockedFile.Multi.Generic ( 1 ) 17:47:19.0055 0x12f8 Detect skipped due to KSN trusted 17:47:19.0055 0x12f8 RTHDMIAzAudService - ok 17:47:19.0180 0x12f8 [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 17:47:19.0180 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RTL8192su.sys. md5: B3F36B4B3F192EA87DDC119F3A0B3E45, sha256: DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 17:47:19.0196 0x12f8 RTL8192su - detected LockedFile.Multi.Generic ( 1 ) 17:47:22.0035 0x12f8 Detect skipped due to KSN trusted 17:47:22.0035 0x12f8 RTL8192su - ok 17:47:22.0066 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe 17:47:22.0097 0x12f8 SamSs - ok 17:47:22.0144 0x12f8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:47:22.0144 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 17:47:22.0144 0x12f8 sbp2port - detected LockedFile.Multi.Generic ( 1 ) 17:47:24.0921 0x12f8 Detect skipped due to KSN trusted 17:47:24.0921 0x12f8 sbp2port - ok 17:47:24.0952 0x12f8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:47:25.0030 0x12f8 SCardSvr - ok 17:47:25.0046 0x12f8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:47:25.0046 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 17:47:25.0046 0x12f8 scfilter - detected LockedFile.Multi.Generic ( 1 ) 17:47:27.0807 0x12f8 Detect skipped due to KSN trusted 17:47:27.0807 0x12f8 scfilter - ok 17:47:27.0916 0x12f8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 17:47:28.0010 0x12f8 Schedule - ok 17:47:28.0041 0x12f8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:47:28.0088 0x12f8 SCPolicySvc - ok 17:47:28.0135 0x12f8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:47:28.0181 0x12f8 SDRSVC - ok 17:47:28.0228 0x12f8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:47:28.0228 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D 17:47:28.0228 0x12f8 secdrv - detected LockedFile.Multi.Generic ( 1 ) 17:47:32.0471 0x12f8 Detect skipped due to KSN trusted 17:47:32.0471 0x12f8 secdrv - ok 17:47:32.0534 0x12f8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 17:47:32.0612 0x12f8 seclogon - ok 17:47:32.0627 0x12f8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 17:47:32.0674 0x12f8 SENS - ok 17:47:32.0705 0x12f8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:47:32.0752 0x12f8 SensrSvc - ok 17:47:32.0799 0x12f8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:47:32.0799 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 17:47:32.0799 0x12f8 Serenum - detected LockedFile.Multi.Generic ( 1 ) 17:47:35.0638 0x12f8 Detect skipped due to KSN trusted 17:47:35.0638 0x12f8 Serenum - ok 17:47:35.0701 0x12f8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:47:35.0701 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D 17:47:35.0701 0x12f8 Serial - detected LockedFile.Multi.Generic ( 1 ) 17:47:38.0462 0x12f8 Detect skipped due to KSN trusted 17:47:38.0462 0x12f8 Serial - ok 17:47:38.0555 0x12f8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:47:38.0555 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D 17:47:38.0555 0x12f8 sermouse - detected LockedFile.Multi.Generic ( 1 ) 17:47:41.0395 0x12f8 Detect skipped due to KSN trusted 17:47:41.0395 0x12f8 sermouse - ok 17:47:41.0457 0x12f8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 17:47:41.0551 0x12f8 SessionEnv - ok 17:47:41.0582 0x12f8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:47:41.0582 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 17:47:41.0582 0x12f8 sffdisk - detected LockedFile.Multi.Generic ( 1 ) 17:47:44.0359 0x12f8 Detect skipped due to KSN trusted 17:47:44.0359 0x12f8 sffdisk - ok 17:47:44.0374 0x12f8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:47:44.0374 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 17:47:44.0374 0x12f8 sffp_mmc - detected LockedFile.Multi.Generic ( 1 ) 17:47:47.0213 0x12f8 Detect skipped due to KSN trusted 17:47:47.0213 0x12f8 sffp_mmc - ok 17:47:47.0229 0x12f8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:47:47.0229 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 17:47:47.0229 0x12f8 sffp_sd - detected LockedFile.Multi.Generic ( 1 ) 17:47:50.0068 0x12f8 Detect skipped due to KSN trusted 17:47:50.0068 0x12f8 sffp_sd - ok 17:47:50.0131 0x12f8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:47:50.0131 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 17:47:50.0131 0x12f8 sfloppy - detected LockedFile.Multi.Generic ( 1 ) 17:47:52.0892 0x12f8 Detect skipped due to KSN trusted 17:47:52.0892 0x12f8 sfloppy - ok 17:47:52.0985 0x12f8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:47:53.0063 0x12f8 SharedAccess - ok 17:47:53.0126 0x12f8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:47:53.0204 0x12f8 ShellHWDetection - ok 17:47:53.0235 0x12f8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:47:53.0235 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 17:47:53.0235 0x12f8 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 ) 17:47:55.0996 0x12f8 Detect skipped due to KSN trusted 17:47:55.0996 0x12f8 SiSRaid2 - ok 17:47:56.0027 0x12f8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:47:56.0027 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E 17:47:56.0027 0x12f8 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 ) 17:47:58.0773 0x12f8 Detect skipped due to KSN trusted 17:47:58.0773 0x12f8 SiSRaid4 - ok 17:47:58.0867 0x12f8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:47:58.0913 0x12f8 SkypeUpdate - ok 17:47:58.0929 0x12f8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:47:58.0929 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 17:47:58.0929 0x12f8 Smb - detected LockedFile.Multi.Generic ( 1 ) 17:48:01.0706 0x12f8 Detect skipped due to KSN trusted 17:48:01.0706 0x12f8 Smb - ok 17:48:01.0768 0x12f8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:48:01.0815 0x12f8 SNMPTRAP - ok 17:48:01.0831 0x12f8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 17:48:01.0831 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 17:48:01.0831 0x12f8 spldr - detected LockedFile.Multi.Generic ( 1 ) 17:48:04.0592 0x12f8 Detect skipped due to KSN trusted 17:48:04.0592 0x12f8 spldr - ok 17:48:04.0685 0x12f8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 17:48:04.0763 0x12f8 Spooler - ok 17:48:04.0951 0x12f8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 17:48:05.0200 0x12f8 sppsvc - ok 17:48:05.0231 0x12f8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:48:05.0294 0x12f8 sppuinotify - ok 17:48:05.0341 0x12f8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:48:05.0341 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 17:48:05.0341 0x12f8 srv - detected LockedFile.Multi.Generic ( 1 ) 17:48:08.0117 0x12f8 Detect skipped due to KSN trusted 17:48:08.0117 0x12f8 srv - ok 17:48:08.0195 0x12f8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:48:08.0195 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 17:48:08.0195 0x12f8 srv2 - detected LockedFile.Multi.Generic ( 1 ) |
25.08.2014, 12:23 | #15 |
| [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] TSSKiller Logfile Teil2: Code:
ATTFilter 17:48:11.0035 0x12f8 Detect skipped due to KSN trusted 17:48:11.0035 0x12f8 srv2 - ok 17:48:11.0081 0x12f8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:48:11.0081 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 17:48:11.0081 0x12f8 srvnet - detected LockedFile.Multi.Generic ( 1 ) 17:48:13.0936 0x12f8 Detect skipped due to KSN trusted 17:48:13.0936 0x12f8 srvnet - ok 17:48:13.0983 0x12f8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:48:14.0077 0x12f8 SSDPSRV - ok 17:48:14.0077 0x12f8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:48:14.0139 0x12f8 SstpSvc - ok 17:48:14.0155 0x12f8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:48:14.0155 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 17:48:14.0155 0x12f8 stexstor - detected LockedFile.Multi.Generic ( 1 ) 17:48:16.0978 0x12f8 Detect skipped due to KSN trusted 17:48:16.0978 0x12f8 stexstor - ok 17:48:17.0072 0x12f8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 17:48:17.0134 0x12f8 stisvc - ok 17:48:17.0165 0x12f8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 17:48:17.0165 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 17:48:17.0181 0x12f8 swenum - detected LockedFile.Multi.Generic ( 1 ) 17:48:19.0927 0x12f8 Detect skipped due to KSN trusted 17:48:19.0927 0x12f8 swenum - ok 17:48:20.0005 0x12f8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 17:48:20.0129 0x12f8 swprv - ok 17:48:20.0239 0x12f8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 17:48:20.0332 0x12f8 SysMain - ok 17:48:20.0379 0x12f8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:48:20.0441 0x12f8 TabletInputService - ok 17:48:20.0488 0x12f8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 17:48:20.0566 0x12f8 TapiSrv - ok 17:48:20.0613 0x12f8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 17:48:20.0691 0x12f8 TBS - ok 17:48:20.0831 0x12f8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:48:20.0831 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 17:48:20.0863 0x12f8 Tcpip - detected LockedFile.Multi.Generic ( 1 ) 17:48:23.0655 0x12f8 Detect skipped due to KSN trusted 17:48:23.0655 0x12f8 Tcpip - ok 17:48:23.0780 0x12f8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:48:23.0780 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, sha256: F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 17:48:23.0795 0x12f8 TCPIP6 - detected LockedFile.Multi.Generic ( 1 ) 17:48:23.0795 0x12f8 Detect skipped due to KSN trusted 17:48:23.0795 0x12f8 TCPIP6 - ok 17:48:23.0827 0x12f8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:48:23.0827 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C 17:48:23.0827 0x12f8 tcpipreg - detected LockedFile.Multi.Generic ( 1 ) 17:48:26.0572 0x12f8 Detect skipped due to KSN trusted 17:48:26.0588 0x12f8 tcpipreg - ok 17:48:26.0650 0x12f8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:48:26.0650 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D 17:48:26.0650 0x12f8 TDPIPE - detected LockedFile.Multi.Generic ( 1 ) 17:48:29.0474 0x12f8 Detect skipped due to KSN trusted 17:48:29.0474 0x12f8 TDPIPE - ok 17:48:29.0521 0x12f8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:48:29.0521 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 17:48:29.0536 0x12f8 TDTCP - detected LockedFile.Multi.Generic ( 1 ) 17:48:32.0375 0x12f8 Detect skipped due to KSN trusted 17:48:32.0375 0x12f8 TDTCP - ok 17:48:32.0422 0x12f8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:48:32.0422 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 17:48:32.0422 0x12f8 tdx - detected LockedFile.Multi.Generic ( 1 ) 17:48:35.0215 0x12f8 Detect skipped due to KSN trusted 17:48:35.0215 0x12f8 tdx - ok 17:48:35.0277 0x12f8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 17:48:35.0277 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D 17:48:35.0277 0x12f8 TermDD - detected LockedFile.Multi.Generic ( 1 ) 17:48:38.0116 0x12f8 Detect skipped due to KSN trusted 17:48:38.0116 0x12f8 TermDD - ok 17:48:38.0210 0x12f8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll 17:48:38.0366 0x12f8 TermService - ok 17:48:38.0397 0x12f8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 17:48:38.0444 0x12f8 Themes - ok 17:48:38.0475 0x12f8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 17:48:38.0553 0x12f8 THREADORDER - ok 17:48:38.0615 0x12f8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 17:48:38.0709 0x12f8 TrkWks - ok 17:48:38.0771 0x12f8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:48:38.0865 0x12f8 TrustedInstaller - ok 17:48:38.0912 0x12f8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:48:38.0912 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 17:48:38.0912 0x12f8 tssecsrv - detected LockedFile.Multi.Generic ( 1 ) 17:48:41.0782 0x12f8 Detect skipped due to KSN trusted 17:48:41.0782 0x12f8 tssecsrv - ok 17:48:41.0845 0x12f8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:48:41.0845 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: 17C6B51CBCCDED95B3CC14E22791F85E, sha256: EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C 17:48:41.0845 0x12f8 TsUsbFlt - detected LockedFile.Multi.Generic ( 1 ) 17:48:44.0606 0x12f8 Detect skipped due to KSN trusted 17:48:44.0606 0x12f8 TsUsbFlt - ok 17:48:44.0684 0x12f8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:48:44.0684 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 17:48:44.0684 0x12f8 tunnel - detected LockedFile.Multi.Generic ( 1 ) 17:48:47.0445 0x12f8 Detect skipped due to KSN trusted 17:48:47.0445 0x12f8 tunnel - ok 17:48:47.0507 0x12f8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:48:47.0507 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 17:48:47.0507 0x12f8 uagp35 - detected LockedFile.Multi.Generic ( 1 ) 17:48:50.0253 0x12f8 Detect skipped due to KSN trusted 17:48:50.0253 0x12f8 uagp35 - ok 17:48:50.0300 0x12f8 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 17:48:50.0300 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: A17D5E1A6DF4EAB0A480F2C490DE4C9D, sha256: 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B 17:48:50.0300 0x12f8 UBHelper - detected LockedFile.Multi.Generic ( 1 ) 17:48:53.0077 0x12f8 Detect skipped due to KSN trusted 17:48:53.0077 0x12f8 UBHelper - ok 17:48:53.0155 0x12f8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:48:53.0155 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 17:48:53.0155 0x12f8 udfs - detected LockedFile.Multi.Generic ( 1 ) 17:48:55.0994 0x12f8 Detect skipped due to KSN trusted 17:48:55.0994 0x12f8 udfs - ok 17:48:56.0056 0x12f8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:48:56.0088 0x12f8 UI0Detect - ok 17:48:56.0119 0x12f8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:48:56.0119 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A 17:48:56.0119 0x12f8 uliagpkx - detected LockedFile.Multi.Generic ( 1 ) 17:48:59.0005 0x12f8 Detect skipped due to KSN trusted 17:48:59.0005 0x12f8 uliagpkx - ok 17:48:59.0083 0x12f8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:48:59.0083 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE 17:48:59.0083 0x12f8 umbus - detected LockedFile.Multi.Generic ( 1 ) 17:49:01.0953 0x12f8 Detect skipped due to KSN trusted 17:49:01.0953 0x12f8 umbus - ok 17:49:02.0016 0x12f8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:49:02.0016 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 17:49:02.0016 0x12f8 UmPass - detected LockedFile.Multi.Generic ( 1 ) 17:49:04.0777 0x12f8 Detect skipped due to KSN trusted 17:49:04.0777 0x12f8 UmPass - ok 17:49:04.0964 0x12f8 [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 17:49:05.0042 0x12f8 UNS - ok 17:49:05.0198 0x12f8 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 17:49:05.0229 0x12f8 Updater Service - ok 17:49:05.0276 0x12f8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 17:49:05.0370 0x12f8 upnphost - ok 17:49:05.0416 0x12f8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:49:05.0416 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A 17:49:05.0416 0x12f8 usbaudio - detected LockedFile.Multi.Generic ( 1 ) 17:49:08.0178 0x12f8 Detect skipped due to KSN trusted 17:49:08.0178 0x12f8 usbaudio - ok 17:49:08.0240 0x12f8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:49:08.0240 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 17:49:08.0240 0x12f8 usbccgp - detected LockedFile.Multi.Generic ( 1 ) 17:49:11.0017 0x12f8 Detect skipped due to KSN trusted 17:49:11.0017 0x12f8 usbccgp - ok 17:49:11.0079 0x12f8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:49:11.0079 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD 17:49:11.0079 0x12f8 usbcir - detected LockedFile.Multi.Generic ( 1 ) 17:49:14.0152 0x12f8 Detect skipped due to KSN trusted 17:49:14.0152 0x12f8 usbcir - ok 17:49:14.0230 0x12f8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 17:49:14.0230 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 17:49:14.0230 0x12f8 usbehci - detected LockedFile.Multi.Generic ( 1 ) 17:49:16.0976 0x12f8 Detect skipped due to KSN trusted 17:49:16.0976 0x12f8 usbehci - ok 17:49:17.0070 0x12f8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:49:17.0070 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 17:49:17.0085 0x12f8 usbhub - detected LockedFile.Multi.Generic ( 1 ) 17:49:19.0831 0x12f8 Detect skipped due to KSN trusted 17:49:19.0831 0x12f8 usbhub - ok 17:49:19.0893 0x12f8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:49:19.0893 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C 17:49:19.0893 0x12f8 usbohci - detected LockedFile.Multi.Generic ( 1 ) 17:49:22.0654 0x12f8 Detect skipped due to KSN trusted 17:49:22.0654 0x12f8 usbohci - ok 17:49:22.0701 0x12f8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:49:22.0701 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C 17:49:22.0701 0x12f8 usbprint - detected LockedFile.Multi.Generic ( 1 ) 17:49:25.0447 0x12f8 Detect skipped due to KSN trusted 17:49:25.0447 0x12f8 usbprint - ok 17:49:25.0509 0x12f8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:49:25.0509 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 17:49:25.0509 0x12f8 USBSTOR - detected LockedFile.Multi.Generic ( 1 ) 17:49:28.0348 0x12f8 Detect skipped due to KSN trusted 17:49:28.0348 0x12f8 USBSTOR - ok 17:49:28.0411 0x12f8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:49:28.0411 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 17:49:28.0411 0x12f8 usbuhci - detected LockedFile.Multi.Generic ( 1 ) 17:49:31.0312 0x12f8 Detect skipped due to KSN trusted 17:49:31.0312 0x12f8 usbuhci - ok 17:49:31.0375 0x12f8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 17:49:31.0375 0x12f8 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 17:49:31.0375 0x12f8 usbvideo - detected LockedFile.Multi.Generic ( 1 ) 17:49:34.0152 0x12f8 Detect skipped due to KSN trusted 17:49:34.0152 0x12f8 usbvideo - ok 17:49:34.0183 0x12f8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 17:49:34.0276 0x12f8 UxSms - ok 17:49:34.0308 0x12f8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe 17:49:34.0339 0x12f8 VaultSvc - ok 17:49:34.0401 0x12f8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:49:34.0401 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D 17:49:34.0417 0x12f8 vdrvroot - detected LockedFile.Multi.Generic ( 1 ) 17:49:37.0178 0x12f8 Detect skipped due to KSN trusted 17:49:37.0194 0x12f8 vdrvroot - ok 17:49:37.0272 0x12f8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 17:49:37.0381 0x12f8 vds - ok 17:49:37.0428 0x12f8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:49:37.0428 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 17:49:37.0443 0x12f8 vga - detected LockedFile.Multi.Generic ( 1 ) 17:49:40.0189 0x12f8 Detect skipped due to KSN trusted 17:49:40.0189 0x12f8 vga - ok 17:49:40.0220 0x12f8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 17:49:40.0220 0x12f8 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 17:49:40.0220 0x12f8 VgaSave - detected LockedFile.Multi.Generic ( 1 ) 17:49:43.0012 0x12f8 Detect skipped due to KSN trusted 17:49:43.0012 0x12f8 VgaSave - ok 17:49:43.0075 0x12f8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:49:43.0075 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF 17:49:43.0075 0x12f8 vhdmp - detected LockedFile.Multi.Generic ( 1 ) 17:49:45.0914 0x12f8 Detect skipped due to KSN trusted 17:49:45.0914 0x12f8 vhdmp - ok 17:49:45.0976 0x12f8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 17:49:45.0976 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 17:49:45.0976 0x12f8 viaide - detected LockedFile.Multi.Generic ( 1 ) 17:49:48.0738 0x12f8 Detect skipped due to KSN trusted 17:49:48.0738 0x12f8 viaide - ok 17:49:48.0800 0x12f8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:49:48.0800 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 17:49:48.0800 0x12f8 volmgr - detected LockedFile.Multi.Generic ( 1 ) 17:49:51.0546 0x12f8 Detect skipped due to KSN trusted 17:49:51.0546 0x12f8 volmgr - ok 17:49:51.0608 0x12f8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:49:51.0624 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F 17:49:51.0624 0x12f8 volmgrx - detected LockedFile.Multi.Generic ( 1 ) 17:49:54.0400 0x12f8 Detect skipped due to KSN trusted 17:49:54.0400 0x12f8 volmgrx - ok 17:49:54.0478 0x12f8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:49:54.0478 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC 17:49:54.0478 0x12f8 volsnap - detected LockedFile.Multi.Generic ( 1 ) 17:49:57.0240 0x12f8 Detect skipped due to KSN trusted 17:49:57.0240 0x12f8 volsnap - ok 17:49:57.0302 0x12f8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:49:57.0302 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC 17:49:57.0302 0x12f8 vsmraid - detected LockedFile.Multi.Generic ( 1 ) 17:50:00.0079 0x12f8 Detect skipped due to KSN trusted 17:50:00.0079 0x12f8 vsmraid - ok 17:50:00.0219 0x12f8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 17:50:00.0391 0x12f8 VSS - ok 17:50:00.0406 0x12f8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:50:00.0406 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 17:50:00.0406 0x12f8 vwifibus - detected LockedFile.Multi.Generic ( 1 ) 17:50:03.0152 0x12f8 Detect skipped due to KSN trusted 17:50:03.0152 0x12f8 vwifibus - ok 17:50:03.0183 0x12f8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:50:03.0183 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB 17:50:03.0199 0x12f8 vwififlt - detected LockedFile.Multi.Generic ( 1 ) 17:50:05.0929 0x12f8 Detect skipped due to KSN trusted 17:50:05.0929 0x12f8 vwififlt - ok 17:50:05.0991 0x12f8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:50:05.0991 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 17:50:05.0991 0x12f8 vwifimp - detected LockedFile.Multi.Generic ( 1 ) 17:50:08.0830 0x12f8 Detect skipped due to KSN trusted 17:50:08.0830 0x12f8 vwifimp - ok 17:50:08.0893 0x12f8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 17:50:09.0018 0x12f8 W32Time - ok 17:50:09.0049 0x12f8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:50:09.0049 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 17:50:09.0049 0x12f8 WacomPen - detected LockedFile.Multi.Generic ( 1 ) 17:50:11.0872 0x12f8 Detect skipped due to KSN trusted 17:50:11.0872 0x12f8 WacomPen - ok 17:50:11.0935 0x12f8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:50:11.0935 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 17:50:11.0935 0x12f8 WANARP - detected LockedFile.Multi.Generic ( 1 ) 17:50:14.0696 0x12f8 Detect skipped due to KSN trusted 17:50:14.0696 0x12f8 WANARP - ok 17:50:14.0743 0x12f8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:50:14.0743 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 17:50:14.0743 0x12f8 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 ) 17:50:14.0743 0x12f8 Detect skipped due to KSN trusted 17:50:14.0743 0x12f8 Wanarpv6 - ok 17:50:14.0852 0x12f8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 17:50:15.0024 0x12f8 wbengine - ok 17:50:15.0070 0x12f8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:50:15.0133 0x12f8 WbioSrvc - ok 17:50:15.0180 0x12f8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:50:15.0258 0x12f8 wcncsvc - ok 17:50:15.0273 0x12f8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:50:15.0320 0x12f8 WcsPlugInService - ok 17:50:15.0336 0x12f8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:50:15.0336 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 17:50:15.0336 0x12f8 Wd - detected LockedFile.Multi.Generic ( 1 ) 17:50:18.0081 0x12f8 Detect skipped due to KSN trusted 17:50:18.0081 0x12f8 Wd - ok 17:50:18.0190 0x12f8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:50:18.0190 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 17:50:18.0190 0x12f8 Wdf01000 - detected LockedFile.Multi.Generic ( 1 ) 17:50:20.0952 0x12f8 Detect skipped due to KSN trusted 17:50:20.0952 0x12f8 Wdf01000 - ok 17:50:21.0014 0x12f8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:50:21.0108 0x12f8 WdiServiceHost - ok 17:50:21.0108 0x12f8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:50:21.0154 0x12f8 WdiSystemHost - ok 17:50:21.0201 0x12f8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 17:50:21.0279 0x12f8 WebClient - ok 17:50:21.0310 0x12f8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:50:21.0404 0x12f8 Wecsvc - ok 17:50:21.0420 0x12f8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:50:21.0498 0x12f8 wercplsupport - ok 17:50:21.0513 0x12f8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 17:50:21.0622 0x12f8 WerSvc - ok 17:50:21.0654 0x12f8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:50:21.0654 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 17:50:21.0669 0x12f8 WfpLwf - detected LockedFile.Multi.Generic ( 1 ) 17:50:24.0415 0x12f8 Detect skipped due to KSN trusted 17:50:24.0415 0x12f8 WfpLwf - ok 17:50:24.0446 0x12f8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:50:24.0446 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 17:50:24.0446 0x12f8 WIMMount - detected LockedFile.Multi.Generic ( 1 ) 17:50:27.0207 0x12f8 Detect skipped due to KSN trusted 17:50:27.0207 0x12f8 WIMMount - ok 17:50:27.0270 0x12f8 WinDefend - ok 17:50:27.0285 0x12f8 WinHttpAutoProxySvc - ok 17:50:27.0363 0x12f8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:50:27.0441 0x12f8 Winmgmt - ok 17:50:27.0597 0x12f8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 17:50:27.0800 0x12f8 WinRM - ok 17:50:27.0878 0x12f8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:50:27.0878 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 17:50:27.0894 0x12f8 WinUsb - detected LockedFile.Multi.Generic ( 1 ) 17:50:30.0655 0x12f8 Detect skipped due to KSN trusted 17:50:30.0655 0x12f8 WinUsb - ok 17:50:30.0748 0x12f8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:50:30.0795 0x12f8 Wlansvc - ok 17:50:30.0982 0x12f8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:50:31.0060 0x12f8 wlidsvc - ok 17:50:31.0107 0x12f8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:50:31.0107 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 17:50:31.0107 0x12f8 WmiAcpi - detected LockedFile.Multi.Generic ( 1 ) 17:50:34.0009 0x12f8 Detect skipped due to KSN trusted 17:50:34.0009 0x12f8 WmiAcpi - ok 17:50:34.0071 0x12f8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:50:34.0118 0x12f8 wmiApSrv - ok 17:50:34.0165 0x12f8 WMPNetworkSvc - ok 17:50:34.0180 0x12f8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:50:34.0227 0x12f8 WPCSvc - ok 17:50:34.0258 0x12f8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:50:34.0290 0x12f8 WPDBusEnum - ok 17:50:34.0321 0x12f8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:50:34.0321 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 17:50:34.0321 0x12f8 ws2ifsl - detected LockedFile.Multi.Generic ( 1 ) 17:50:37.0066 0x12f8 Detect skipped due to KSN trusted 17:50:37.0066 0x12f8 ws2ifsl - ok 17:50:37.0113 0x12f8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 17:50:37.0176 0x12f8 wscsvc - ok 17:50:37.0238 0x12f8 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 17:50:37.0238 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE 17:50:37.0238 0x12f8 WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 ) 17:50:40.0015 0x12f8 Detect skipped due to KSN trusted 17:50:40.0015 0x12f8 WSDPrintDevice - ok 17:50:40.0015 0x12f8 WSearch - ok 17:50:40.0202 0x12f8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll 17:50:40.0358 0x12f8 wuauserv - ok 17:50:40.0389 0x12f8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:50:40.0389 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 17:50:40.0389 0x12f8 WudfPf - detected LockedFile.Multi.Generic ( 1 ) 17:50:43.0150 0x12f8 Detect skipped due to KSN trusted 17:50:43.0150 0x12f8 WudfPf - ok 17:50:43.0228 0x12f8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:50:43.0228 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 17:50:43.0228 0x12f8 WUDFRd - detected LockedFile.Multi.Generic ( 1 ) 17:50:46.0099 0x12f8 Detect skipped due to KSN trusted 17:50:46.0099 0x12f8 WUDFRd - ok 17:50:46.0146 0x12f8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:50:46.0208 0x12f8 wudfsvc - ok 17:50:46.0255 0x12f8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 17:50:46.0302 0x12f8 WwanSvc - ok 17:50:46.0349 0x12f8 [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 17:50:46.0349 0x12f8 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xusb21.sys. md5: 9176C0822FAA649E45121875BE32F5D2, sha256: B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F 17:50:46.0349 0x12f8 xusb21 - detected LockedFile.Multi.Generic ( 1 ) 17:50:49.0188 0x12f8 Detect skipped due to KSN trusted 17:50:49.0188 0x12f8 xusb21 - ok 17:50:49.0297 0x12f8 [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe 17:50:49.0313 0x12f8 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 ) 17:50:52.0152 0x12f8 Detect skipped due to KSN trusted 17:50:52.0152 0x12f8 ZAtheros Wlan Agent - ok 17:50:52.0214 0x12f8 ================ Scan global =============================== 17:50:52.0230 0x12f8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 17:50:52.0292 0x12f8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 17:50:52.0339 0x12f8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 17:50:52.0386 0x12f8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 17:50:52.0433 0x12f8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 17:50:52.0448 0x12f8 [ Global ] - ok 17:50:52.0448 0x12f8 ================ Scan MBR ================================== 17:50:52.0479 0x12f8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:50:52.0916 0x12f8 \Device\Harddisk0\DR0 - ok 17:50:52.0916 0x12f8 ================ Scan VBR ================================== 17:50:52.0916 0x12f8 [ 0F52ECB401DEFCD7985FAE8A3CBE3646 ] \Device\Harddisk0\DR0\Partition1 17:50:52.0963 0x12f8 \Device\Harddisk0\DR0\Partition1 - ok 17:50:52.0994 0x12f8 [ 70EDB7B76CAB2518557095201DE0E05E ] \Device\Harddisk0\DR0\Partition2 17:50:52.0994 0x12f8 \Device\Harddisk0\DR0\Partition2 - ok 17:50:52.0994 0x12f8 ================ Scan generic autorun ====================== 17:50:53.0384 0x12f8 [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 17:50:53.0665 0x12f8 RtHDVCpl - ok 17:50:53.0681 0x12f8 ETDWare - ok 17:50:53.0805 0x12f8 [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe 17:50:53.0852 0x12f8 Acer ePower Management - ok 17:50:53.0899 0x12f8 [ 9ECF375A6E4E74D056F4B54E76D58721, 29C89504C369CC40BC6BEDE965F52736CB01FA70644059392C912FFB35C4ED0A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 17:50:53.0930 0x12f8 IAStorIcon - ok 17:50:54.0039 0x12f8 [ 5A5BF95C7410E96E04C57B06232E9965, 942CBC854CC7A729AAADE2C4E96CA20EF488701F4FA200D0FC8CEF3D35E90EF1 ] C:\Program Files (x86)\Launch Manager\LManager.exe 17:50:54.0086 0x12f8 LManager - ok 17:50:54.0149 0x12f8 [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe 17:50:54.0164 0x12f8 Adobe Reader Speed Launcher - ok 17:50:54.0383 0x12f8 [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 17:50:54.0414 0x12f8 avgnt - ok 17:50:54.0554 0x12f8 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe 17:50:54.0663 0x12f8 Sidebar - ok 17:50:54.0663 0x12f8 Waiting for KSN requests completion. In queue: 7 17:50:55.0677 0x12f8 Waiting for KSN requests completion. In queue: 7 17:50:56.0691 0x12f8 Waiting for KSN requests completion. In queue: 7 17:50:57.0783 0x12f8 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40000 ( disabled : updated ) 17:50:57.0799 0x12f8 Win FW state via NFP2: enabled 17:51:00.0607 0x12f8 ============================================================ 17:51:00.0607 0x12f8 Scan finished 17:51:00.0607 0x12f8 ============================================================ 17:51:00.0623 0x12f0 Detected object count: 5 17:51:00.0623 0x12f0 Actual detected object count: 5 17:51:50.0761 0x12f0 508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - skipped by user 17:51:50.0761 0x12f0 508286c0aae35d85 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 17:51:50.0761 0x12f0 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user 17:51:50.0761 0x12f0 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 17:51:50.0761 0x12f0 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user 17:51:50.0761 0x12f0 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 17:51:50.0777 0x12f0 Modem ( LockedFile.Multi.Generic ) - skipped by user 17:51:50.0777 0x12f0 Modem ( LockedFile.Multi.Generic ) - User select action: Skip 17:51:50.0777 0x12f0 Ntfs ( LockedFile.Multi.Generic ) - skipped by user 17:51:50.0777 0x12f0 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 17:59:36.0169 0x0a14 Deinitialize success |
Themen zu [WIN7]Antivirensoftware kann nicht aktiviert werden [Antivir,WindowsDefender] |
4d36e972-e325-11ce-bfc1-08002be10318, acer aspire, antivirus, defender, desktop, flash player, installation, launch, malware, mozilla, performance, realtek, registry, rootkit, services.exe, software, svchost.exe, system, tunnel, usbvideo.sys, win32/bundled.toolbar.ask, win32/toolbar.babylon.g, win32/toolbar.babylon.i, win32/toolbar.escort.a, win32/toolbar.montiera.a, win32/toolbar.montiera.b, windows |