| |
| |||||||
Log-Analyse und Auswertung: Windows Firewall startet nicht - Fehlercode 0x8007042cWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2014, 18:18
| #1 |
| |  Windows Firewall startet nicht - Fehlercode 0x8007042c Windows Firewall laesst sich nicht mehr starten und liefert die Fehlermeldung 0x8007042c. Des weiteren ist keine Netzwerkverbindung mehr möglich und im Virenscanner lassen sich die Scanner für Browser und Email nicht mehr aktivieren. Rechner stuerzt sporadisch ab, teilweise mit Bluescreen. Die Anweisungen auf der Microsoft Support Seite zum genannten Windows Fehler wurden durchgefuehrt, blieben jedoch ohne Erfolg. Der Virenscanner (Avira Professional) findet keine Auffälligkeiten (Stand Virensignaturen heute). Der Rechner wird für selbstaendige Taetigkeit genutzt, es besteht aber kein Zugriff auf Administratoren / Spezialisten. Nachfolgend die Logfiles. Vielen Dank im Voraus für Ihre Hillfe! FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by admin (administrator) on CELSIUS on 23-12-2014 16:21:12
Running from J:\
Loaded Profile: admin (Available profiles: admin & rita)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(SDL) C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\Deskupdate\DeskUpdateNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-12-05] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2009 Widget.lnk
ShortcutTarget: SDL MultiTerm 2009 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (SDL)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> DefaultScope {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {4765B790-C12B-4C26-90E7-DF72B6A53221} URL =
SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.1.7/AxViewer/AxMediaControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.22
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4cpzx6k.default
FF Homepage: hxxp://www.startfenster.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2011-12-20] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:18 - 2014-12-23 16:18 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-12-23 15:05 - 2014-12-23 16:21 - 00000000 ____D () C:\FRST
2014-12-23 14:36 - 2014-12-23 14:35 - 00000402 _____ () C:\Users\admin\Desktop\repair.bat
2014-12-23 14:01 - 2014-12-23 14:01 - 00002000 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-23 14:01 - 2014-11-24 10:30 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-23 14:01 - 2014-11-24 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-23 13:47 - 2014-12-23 13:47 - 00000000 ____D () C:\Intel19.5
2014-12-23 12:50 - 2014-12-23 12:50 - 00000000 ____D () C:\Program Files\Intel
2014-12-23 12:50 - 2014-09-23 15:07 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2014-12-23 12:49 - 2014-09-23 15:15 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2014-12-11 20:02 - 2014-12-11 20:02 - 00021904 _____ () C:\Users\rita\.recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:18 - 2011-03-08 21:17 - 00000000 ____D () C:\Users\admin
2014-12-23 16:03 - 2013-06-01 18:10 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 16:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 16:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:57 - 2011-03-09 03:52 - 01372965 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 15:56 - 2010-04-26 14:06 - 00728516 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 15:56 - 2010-04-26 14:06 - 00158608 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 15:56 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 15:52 - 2013-06-01 18:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 15:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 15:51 - 2009-07-14 05:51 - 00220968 _____ () C:\Windows\setupact.log
2014-12-23 15:29 - 2011-03-09 18:01 - 00692392 _____ () C:\Windows\PFRO.log
2014-12-23 14:26 - 2012-08-14 12:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 14:01 - 2011-03-13 14:03 - 00000000 ____D () C:\ProgramData\Avira
2014-12-23 13:35 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-15 19:00 - 2013-12-14 20:53 - 00000978 _____ () C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job
2014-12-15 17:54 - 2012-07-17 16:46 - 00000704 _____ () C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job
2014-12-14 09:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 20:02 - 2011-10-18 18:30 - 00000000 ____D () C:\Users\rita\AppData\Roaming\gtk-2.0
2014-12-11 20:02 - 2011-10-18 18:28 - 00000000 ____D () C:\Users\rita\.gimp-2.6
2014-12-11 20:02 - 2011-03-13 14:21 - 00000000 ____D () C:\Users\rita
2014-12-08 23:17 - 2011-03-08 21:19 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2014-12-01 18:00 - 2013-12-14 20:02 - 00000954 _____ () C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\6h7iqqvn.dll
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\drxviogi.dll
C:\Users\admin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 16:46
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by admin at 2014-12-23 16:21:27
Running from J:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABUS IP-Installer (HKLM-x32\...\{DAA8FDCE-EB1A-4332-818C-43C6E738CEB4}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
ABUS VMS Express (x64) (HKLM\...\{0B2917EB-936C-46B7-AD30-C1934658095A}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe FrameMaker v7.1 (HKLM-x32\...\Adobe FrameMaker 7.1) (Version: 7.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50907 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D091F65F-BBB7-D8BB-7E7E-024BDA4058C5}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gamma Scout Toolbox (HKLM-x32\...\{4F48CD95-B2B4-4532-B6E9-5055277B95BA}) (Version: 1.0.0 - GammaScout)
GetFoldersize 2.5.10 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.10 - Michael Thummerer Software Design)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{fa628712-09e0-451c-a751-fe8e91b07cdd}) (Version: - Nero AG)
Nero BackItUp 4 Essentials (HKLM-x32\...\{0c44f617-a587-4822-83c0-29391f0899af}) (Version: - Nero AG)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
QuarkXPress (HKLM-x32\...\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}) (Version: 8.10.0000 - Quark Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAIDar 4.3.4 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
SDL MultiTerm 2009 Convert (HKLM-x32\...\{7D860239-2378-4A9B-8F4E-6E06F2029B5E}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Core SP4 (HKLM-x32\...\{5B2C86E5-EF04-47A7-BCF7-9DDA6456A43F}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Desktop (HKLM-x32\...\{A1CC3003-50E3-4EBA-965A-377250B576BF}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Extract (HKLM-x32\...\{CEC855A6-82CC-4EDA-9A2C-AF5CB8BB931A}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Widget (HKLM-x32\...\{2FCA4642-B4C8-444D-B43D-CE24C555C61B}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Word Integration (HKLM-x32\...\{9E82F52F-D918-4EF0-A1EE-956A6360E44D}) (Version: 8.6.339 - SDL)
SDL MultiTerm Side By Side Tools (HKLM-x32\...\{3F337F82-AA02-42CF-9B90-3AECAD87388B}) (Version: 8.6.339 - SDL)
SDL Passolo 2009 Essential SR3 (HKLM-x32\...\SDL Passolo 2009 Essential SR3) (Version: SDL Passolo 2009 Essential SR3 - SDL Passolo GmbH)
SDL Trados Studio 2009 SP3 (HKLM-x32\...\{399F2130-59E1-11DF-9F46-8091DFD72085}) (Version: 1.3.2307.0 - SDL)
SEH InterCon-NetTool 1.8.43 (HKLM-x32\...\InterCon-NetTool) (Version: 1.8.43 - SEH Computertechnik GmbH)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19AF83E4-A482-45F6-91BB-4AABA36B83A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {227C66AD-4250-4823-8466-ECC7D22331AA} - System32\Tasks\Paragon Archive name diff_141213195248161 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {31707073-25B6-4FF4-94F9-0038E146C164} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {3FBF02EF-53EC-467A-9264-6B112C413A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {42B724DF-FCFB-4C4B-BBCB-D5B4C1A5BC08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {B591FD95-DCAC-446E-85F7-C6300778FE95} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {B6FC70DB-AE8A-4144-96C3-9DDF75FB150D} - System32\Tasks\Paragon Archive name arc_141213185517937 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {C794EA5A-19CB-47A1-9A80-4B23C2BEE07D} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {E4C88E8D-DE00-481D-AD4A-760726D07E15} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {FB46ADD1-4289-4E42-996D-E93EFA5732D3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-03-21 21:16 - 2011-03-21 21:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-26 12:25 - 2010-11-26 12:25 - 01423360 _____ () C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\Sdl.Core.Licensing.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-173040323-2897980119-3820871240-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-173040323-2897980119-3820871240-500 - Administrator - Disabled)
Gast (S-1-5-21-173040323-2897980119-3820871240-501 - Limited - Disabled)
rita (S-1-5-21-173040323-2897980119-3820871240-1001 - Limited - Enabled) => C:\Users\rita
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2014 04:01:53 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von CELSIUS (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:52:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e8b11fbe-4a32-4136-8f3f-7675f49a0ca0}
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/23/2014 03:39:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {03ad7ce9-47b2-4318-b086-caab98e01e02}
Error: (12/23/2014 03:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7d1c83c0-8f7e-43d2-bf43-2ffe636fae6f}
System errors:
=============
Error: (12/23/2014 04:18:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741288.
Error: (12/23/2014 04:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:17:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741288.
Error: (12/23/2014 04:17:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:15:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/23/2014 04:06:41 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/23/2014 04:06:41 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (12/23/2014 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Microsoft Office Sessions:
=========================
Error: (12/23/2014 04:01:53 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: CELSIUS (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:56:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:52:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e8b11fbe-4a32-4136-8f3f-7675f49a0ca0}
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:46:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/23/2014 03:39:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {03ad7ce9-47b2-4318-b086-caab98e01e02}
Error: (12/23/2014 03:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7d1c83c0-8f7e-43d2-bf43-2ffe636fae6f}
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 15%
Total physical RAM: 12223.61 MB
Available physical RAM: 10355.5 MB
Total Pagefile: 24445.4 MB
Available Pagefile: 22293.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:64.65 GB) (Free:10.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Daten) (Fixed) (Total:399.1 GB) (Free:337.54 GB) NTFS
Drive j: (USB-STICK) (Removable) (Total:7.34 GB) (Free:7.17 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-23 16:51:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!free 00000000757e9894 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!malloc 00000000757e9cee 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 00000000757eb0b9 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 00000000757eb0c9 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!realloc 00000000757eb10d 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!calloc 00000000757ec456 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_msize 00000000757ef43b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000075805942 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 000000007581028d 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000758102a9 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000007583bfd1 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 000000007583bfe1 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 000000007583c16b 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_expand 000000007583c18a 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapadd 000000007583dd03 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapchk 000000007583dd17 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 000000007583de16 4 bytes {JMP 0xffffffff950fe43b}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapmin 000000007583de1f 5 bytes JMP 000000010a93c320
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapused 000000007583df05 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\msvcrt.dll!_heapwalk 000000007583df18 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000072d51073 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!free 0000000072d54b6c 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!malloc 0000000072d54d09 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!calloc 0000000072d54f58 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!realloc 0000000072d54f97 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_msize 0000000072d56c6b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??2@YAPAXI@Z 0000000072d80e13 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??3@YAXPAX@Z + 1 0000000072d80e7e 4 bytes {JMP 0xffffffff97bbb323}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_malloc 0000000072d80e8c 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_free 0000000072d80f77 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_malloc 0000000072d80f8c 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_realloc 0000000072d80f9f 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_realloc 0000000072d81196 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_expand 0000000072d811c8 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapadd 0000000072d81364 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapchk 0000000072d81373 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapset + 1 0000000072d8143b 9 bytes {JMP 0xffffffff97bbae16}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapused 0000000072d814ee 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapwalk 0000000072d814fc 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000073301b31 5 bytes JMP 000000010a93c1d0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!free 0000000073343b4e 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!calloc 0000000073343c40 5 bytes JMP 000000010a93bf10
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!malloc 0000000073343d3f 5 bytes JMP 000000010a93bed0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??2@YAPAXI@Z 0000000073343e99 5 bytes JMP 000000010a93c140
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??3@YAXPAX@Z 0000000073343f03 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_malloc 0000000073343f33 5 bytes JMP 000000010a93c0a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_free 0000000073344040 5 bytes JMP 000000010a93c1a0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_malloc 000000007334405f 5 bytes JMP 000000010a93c080
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_realloc 000000007334407b 5 bytes JMP 000000010a93c0e0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_realloc 0000000073344288 5 bytes JMP 000000010a93c0c0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_expand 000000007334434d 5 bytes JMP 000000010a93c060
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapadd 0000000073345e88 5 bytes JMP 000000010a93c220
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapchk 0000000073345e9c 5 bytes JMP 000000010a93c230
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapset + 1 0000000073345f69 4 bytes {JMP 0xffffffff975f62e8}
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapmin 0000000073345f72 5 bytes JMP 000000010a93c320
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapused 0000000073346026 5 bytes JMP 000000010a93c2f0
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapwalk 0000000073346039 5 bytes JMP 000000010a93c260
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_msize 000000007334619b 5 bytes JMP 000000010a93bf70
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!realloc 0000000073346415 5 bytes JMP 000000010a93bf50
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
|
|
23.12.2014, 18:31
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Firewall startet nicht - Fehlercode 0x8007042c hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
23.12.2014, 20:01
| #3 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Danke fuer die schnelle Antwort.
__________________mbar-Datenbank konnte wegen fehlender Netzwerkverbindung nicht aktualisiert werden. Anbei die Logs: TDSS Killer Report: Code:
ATTFilter 19:31:26.0524 0x0ca0 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:31:33.0981 0x0ca0 ============================================================
19:31:33.0981 0x0ca0 Current date / time: 2014/12/23 19:31:33.0981
19:31:33.0981 0x0ca0 SystemInfo:
19:31:33.0981 0x0ca0
19:31:33.0981 0x0ca0 OS Version: 6.1.7601 ServicePack: 1.0
19:31:33.0981 0x0ca0 Product type: Workstation
19:31:33.0981 0x0ca0 ComputerName: CELSIUS
19:31:33.0981 0x0ca0 UserName: admin
19:31:33.0981 0x0ca0 Windows directory: C:\Windows
19:31:33.0981 0x0ca0 System windows directory: C:\Windows
19:31:33.0981 0x0ca0 Running under WOW64
19:31:33.0981 0x0ca0 Processor architecture: Intel x64
19:31:33.0981 0x0ca0 Number of processors: 8
19:31:33.0981 0x0ca0 Page size: 0x1000
19:31:33.0981 0x0ca0 Boot type: Normal boot
19:31:33.0981 0x0ca0 ============================================================
19:31:34.0932 0x0ca0 KLMD registered as C:\Windows\system32\drivers\87291709.sys
19:31:35.0307 0x0ca0 System UUID: {B8A3064F-9941-4E1E-29FE-62D3414C06BB}
19:31:35.0743 0x0ca0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:35.0775 0x0ca0 Drive \Device\Harddisk5\DR6 - Size: 0x1D6C00000 ( 7.36 Gb ), SectorSize: 0x200, Cylinders: 0x3C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:31:35.0775 0x0ca0 ============================================================
19:31:35.0775 0x0ca0 \Device\Harddisk0\DR0:
19:31:35.0775 0x0ca0 MBR partitions:
19:31:35.0790 0x0ca0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x404000, BlocksNum 0x814CE6D
19:31:35.0806 0x0ca0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8551000, BlocksNum 0x31E34800
19:31:35.0806 0x0ca0 \Device\Harddisk5\DR6:
19:31:35.0806 0x0ca0 MBR partitions:
19:31:35.0806 0x0ca0 \Device\Harddisk5\DR6\Partition1: MBR, Type 0xB, StartLBA 0x2, BlocksNum 0xEB5FFE
19:31:35.0806 0x0ca0 ============================================================
19:31:35.0853 0x0ca0 C: <-> \Device\Harddisk0\DR0\Partition1
19:31:36.0352 0x0ca0 I: <-> \Device\Harddisk0\DR0\Partition2
19:31:36.0352 0x0ca0 ============================================================
19:31:36.0352 0x0ca0 Initialize success
19:31:36.0352 0x0ca0 ============================================================
19:32:53.0229 0x0c04 ============================================================
19:32:53.0229 0x0c04 Scan started
19:32:53.0229 0x0c04 Mode: Manual; SigCheck; TDLFS;
19:32:53.0229 0x0c04 ============================================================
19:32:53.0229 0x0c04 KSN ping started
19:32:53.0260 0x0c04 KSN ping finished: false
19:32:53.0806 0x0c04 ================ Scan system memory ========================
19:32:53.0806 0x0c04 System memory - ok
19:32:53.0806 0x0c04 ================ Scan services =============================
19:32:53.0931 0x0c04 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:32:54.0149 0x0c04 1394ohci - ok
19:32:54.0243 0x0c04 [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
19:32:54.0274 0x0c04 AAV UpdateService - ok
19:32:54.0336 0x0c04 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:32:54.0367 0x0c04 ACPI - ok
19:32:54.0414 0x0c04 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:32:54.0477 0x0c04 AcpiPmi - ok
19:32:54.0555 0x0c04 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:32:54.0586 0x0c04 AdobeARMservice - ok
19:32:54.0695 0x0c04 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:32:54.0757 0x0c04 AdobeFlashPlayerUpdateSvc - ok
19:32:54.0820 0x0c04 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:54.0851 0x0c04 adp94xx - ok
19:32:54.0898 0x0c04 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:32:54.0945 0x0c04 adpahci - ok
19:32:54.0960 0x0c04 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:32:54.0991 0x0c04 adpu320 - ok
19:32:55.0023 0x0c04 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:32:55.0179 0x0c04 AeLookupSvc - ok
19:32:55.0241 0x0c04 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
19:32:55.0366 0x0c04 AFD - ok
19:32:55.0413 0x0c04 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:32:55.0444 0x0c04 agp440 - ok
19:32:55.0444 0x0c04 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:32:55.0522 0x0c04 ALG - ok
19:32:55.0569 0x0c04 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:32:55.0600 0x0c04 aliide - ok
19:32:55.0678 0x0c04 [ 47ED3E30067280E824CC623585ED8773, FB19881AC6F66E8B8D073FF219FE899882CEFEB0B71CCFC00351026036F44849 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:32:55.0740 0x0c04 AMD External Events Utility - ok
19:32:55.0756 0x0c04 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:32:55.0771 0x0c04 amdide - ok
19:32:55.0803 0x0c04 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:32:55.0881 0x0c04 AmdK8 - ok
19:32:56.0146 0x0c04 [ 6F2E0C74BD13A3AE96D0B66976B51E15, 3F1A9292DEF63AA60D2CA5A3C4BE264AFF56243CD0E9C9D149E82AC4464388C5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:56.0427 0x0c04 amdkmdag - ok
19:32:56.0458 0x0c04 [ 61BDC5D8FBA64E3E3664CC8CEAFF7D1B, 63101D7652DB235845BA43F9CF0929D8B0B201B9DEAB701831B9DCE2118EE2DD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:32:56.0473 0x0c04 amdkmdap - ok
19:32:56.0489 0x0c04 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:32:56.0520 0x0c04 AmdPPM - ok
19:32:56.0551 0x0c04 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:32:56.0583 0x0c04 amdsata - ok
19:32:56.0598 0x0c04 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:56.0614 0x0c04 amdsbs - ok
19:32:56.0629 0x0c04 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:32:56.0645 0x0c04 amdxata - ok
19:32:56.0723 0x0c04 [ D0F2BD42CD3AC015BD93A81638210BC7, 87C4DD26623959A8D7A5F2031D57BCBA68F02EEA2F6D0016D6AD06F4EADC4C7A ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
19:32:56.0754 0x0c04 AntiVirMailService - ok
19:32:56.0785 0x0c04 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:32:56.0817 0x0c04 AntiVirSchedulerService - ok
19:32:56.0863 0x0c04 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:32:56.0910 0x0c04 AntiVirService - ok
19:32:56.0973 0x0c04 [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
19:32:56.0988 0x0c04 AntiVirWebService - ok
19:32:57.0035 0x0c04 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:32:58.0283 0x0c04 AppID - ok
19:32:58.0314 0x0c04 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:32:58.0408 0x0c04 AppIDSvc - ok
19:32:58.0455 0x0c04 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:32:58.0533 0x0c04 Appinfo - ok
19:32:58.0564 0x0c04 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:32:58.0595 0x0c04 AppMgmt - ok
19:32:58.0626 0x0c04 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:32:58.0626 0x0c04 arc - ok
19:32:58.0642 0x0c04 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:32:58.0657 0x0c04 arcsas - ok
19:32:58.0767 0x0c04 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:32:58.0876 0x0c04 aspnet_state - ok
19:32:58.0907 0x0c04 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:58.0938 0x0c04 AsyncMac - ok
19:32:58.0969 0x0c04 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:32:58.0985 0x0c04 atapi - ok
19:32:59.0001 0x0c04 [ FDA1E117A7E880BFF5540D180C06EA87, 061A0AC1DBCF93D568C740BB18A5D76C7FFB1E86AE9339E046E6372EB8B93426 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:32:59.0047 0x0c04 AtiHDAudioService - ok
19:32:59.0094 0x0c04 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:59.0157 0x0c04 AudioEndpointBuilder - ok
19:32:59.0188 0x0c04 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:32:59.0219 0x0c04 AudioSrv - ok
19:32:59.0266 0x0c04 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:32:59.0297 0x0c04 avgntflt - ok
19:32:59.0344 0x0c04 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:32:59.0359 0x0c04 avipbb - ok
19:32:59.0375 0x0c04 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:32:59.0391 0x0c04 avkmgr - ok
19:32:59.0406 0x0c04 [ F627BFFCC52587350E49FC2C2A03C7F9, 5BB748CEEB72199E6AAB6C48B111342A89EC03649EC28ED32BA12E95E3B6F607 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
19:32:59.0406 0x0c04 avnetflt - ok
19:32:59.0469 0x0c04 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:32:59.0562 0x0c04 AxInstSV - ok
19:32:59.0609 0x0c04 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:59.0656 0x0c04 b06bdrv - ok
19:32:59.0687 0x0c04 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:59.0734 0x0c04 b57nd60a - ok
19:32:59.0749 0x0c04 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:32:59.0796 0x0c04 BDESVC - ok
19:32:59.0812 0x0c04 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:32:59.0843 0x0c04 Beep - ok
19:32:59.0905 0x0c04 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:32:59.0968 0x0c04 BFE - ok
19:33:00.0015 0x0c04 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:33:00.0093 0x0c04 BITS - ok
19:33:00.0124 0x0c04 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:33:00.0155 0x0c04 blbdrive - ok
19:33:00.0171 0x0c04 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:33:00.0202 0x0c04 bowser - ok
19:33:00.0217 0x0c04 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:33:00.0249 0x0c04 BrFiltLo - ok
19:33:00.0264 0x0c04 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:33:00.0280 0x0c04 BrFiltUp - ok
19:33:00.0311 0x0c04 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:33:00.0342 0x0c04 Browser - ok
19:33:00.0373 0x0c04 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:33:00.0405 0x0c04 Brserid - ok
19:33:00.0420 0x0c04 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:33:00.0436 0x0c04 BrSerWdm - ok
19:33:00.0467 0x0c04 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:33:00.0514 0x0c04 BrUsbMdm - ok
19:33:00.0529 0x0c04 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:33:00.0545 0x0c04 BrUsbSer - ok
19:33:00.0576 0x0c04 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:33:00.0607 0x0c04 BTHMODEM - ok
19:33:00.0654 0x0c04 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:33:00.0748 0x0c04 bthserv - ok
19:33:00.0763 0x0c04 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:33:00.0810 0x0c04 cdfs - ok
19:33:00.0857 0x0c04 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:33:00.0873 0x0c04 cdrom - ok
19:33:00.0904 0x0c04 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:33:00.0982 0x0c04 CertPropSvc - ok
19:33:00.0997 0x0c04 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:33:01.0029 0x0c04 circlass - ok
19:33:01.0060 0x0c04 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:33:01.0075 0x0c04 CLFS - ok
19:33:01.0107 0x0c04 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:33:01.0153 0x0c04 clr_optimization_v2.0.50727_32 - ok
19:33:01.0185 0x0c04 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:33:01.0216 0x0c04 clr_optimization_v2.0.50727_64 - ok
19:33:01.0294 0x0c04 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:33:01.0372 0x0c04 clr_optimization_v4.0.30319_32 - ok
19:33:01.0387 0x0c04 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:33:01.0403 0x0c04 clr_optimization_v4.0.30319_64 - ok
19:33:01.0419 0x0c04 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:33:01.0434 0x0c04 CmBatt - ok
19:33:01.0465 0x0c04 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:33:01.0481 0x0c04 cmdide - ok
19:33:01.0512 0x0c04 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
19:33:01.0543 0x0c04 CNG - ok
19:33:01.0559 0x0c04 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:33:01.0575 0x0c04 Compbatt - ok
19:33:01.0621 0x0c04 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:33:01.0653 0x0c04 CompositeBus - ok
19:33:01.0668 0x0c04 COMSysApp - ok
19:33:01.0684 0x0c04 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:33:01.0684 0x0c04 crcdisk - ok
19:33:01.0731 0x0c04 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:33:01.0793 0x0c04 CryptSvc - ok
19:33:01.0840 0x0c04 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
19:33:01.0871 0x0c04 CSC - ok
19:33:01.0933 0x0c04 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
19:33:01.0980 0x0c04 CscService - ok
19:33:01.0996 0x0c04 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:33:02.0043 0x0c04 DcomLaunch - ok
19:33:02.0074 0x0c04 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:33:02.0121 0x0c04 defragsvc - ok
19:33:02.0152 0x0c04 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:33:02.0199 0x0c04 DfsC - ok
19:33:02.0230 0x0c04 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:33:02.0277 0x0c04 Dhcp - ok
19:33:02.0292 0x0c04 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:33:02.0355 0x0c04 discache - ok
19:33:02.0386 0x0c04 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:33:02.0401 0x0c04 Disk - ok
19:33:02.0417 0x0c04 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:33:02.0464 0x0c04 Dnscache - ok
19:33:02.0511 0x0c04 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:33:02.0557 0x0c04 dot3svc - ok
19:33:02.0573 0x0c04 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:33:02.0620 0x0c04 DPS - ok
19:33:02.0635 0x0c04 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:33:02.0682 0x0c04 drmkaud - ok
19:33:02.0745 0x0c04 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:33:02.0776 0x0c04 DXGKrnl - ok
19:33:02.0807 0x0c04 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:33:02.0838 0x0c04 E1G60 - ok
19:33:02.0901 0x0c04 [ 477E33019A855D9B8E7B3263CB9A1AE5, F28840936D992C99238AFECBBF03B75047DEDF0EC682C1444036931E4036AFBB ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
19:33:02.0932 0x0c04 e1kexpress - ok
19:33:02.0947 0x0c04 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:33:02.0994 0x0c04 EapHost - ok
19:33:03.0103 0x0c04 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:33:03.0213 0x0c04 ebdrv - ok
19:33:03.0259 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
19:33:03.0306 0x0c04 EFS - ok
19:33:03.0369 0x0c04 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:33:03.0462 0x0c04 ehRecvr - ok
19:33:03.0478 0x0c04 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:33:03.0525 0x0c04 ehSched - ok
19:33:03.0556 0x0c04 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:33:03.0587 0x0c04 elxstor - ok
19:33:03.0618 0x0c04 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:33:03.0649 0x0c04 ErrDev - ok
19:33:03.0696 0x0c04 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:33:03.0774 0x0c04 EventSystem - ok
19:33:03.0790 0x0c04 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:33:03.0821 0x0c04 exfat - ok
19:33:03.0852 0x0c04 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:33:03.0868 0x0c04 fastfat - ok
19:33:03.0915 0x0c04 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:33:03.0977 0x0c04 Fax - ok
19:33:03.0993 0x0c04 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:33:04.0024 0x0c04 fdc - ok
19:33:04.0024 0x0c04 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:33:04.0071 0x0c04 fdPHost - ok
19:33:04.0071 0x0c04 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:33:04.0117 0x0c04 FDResPub - ok
19:33:04.0149 0x0c04 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:33:04.0149 0x0c04 FileInfo - ok
19:33:04.0164 0x0c04 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:33:04.0195 0x0c04 Filetrace - ok
19:33:04.0273 0x0c04 [ 3D9B36631032FDE0FFEA0DC0260E4E35, 48B574A67D3FA015EBD078715CEC3E2B63B939D379CD4B40BFBB80397A2C58B3 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:33:04.0336 0x0c04 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
19:33:04.0398 0x0c04 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:33:04.0398 0x0c04 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:33:04.0414 0x0c04 flpydisk - ok
19:33:04.0445 0x0c04 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:33:04.0461 0x0c04 FltMgr - ok
19:33:04.0507 0x0c04 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:33:04.0585 0x0c04 FontCache - ok
19:33:04.0617 0x0c04 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:33:04.0632 0x0c04 FontCache3.0.0.0 - ok
19:33:04.0648 0x0c04 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:33:04.0663 0x0c04 FsDepends - ok
19:33:04.0695 0x0c04 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:33:04.0726 0x0c04 Fs_Rec - ok
19:33:04.0741 0x0c04 [ 0F210048C6BFBFBC0F50816BCE40B575, 73C015B6EE647A875BD124254542FF8759264D51F331FF95D14675C1599FAD94 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
19:33:04.0757 0x0c04 FTDIBUS - ok
19:33:04.0773 0x0c04 [ 814F098B02095814A8BEBBF86D13FC90, 16203CC697F335ED4773AA13A2C340B47847CCBF7CF036E844E6759576BF31CE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
19:33:04.0788 0x0c04 FTSER2K - ok
19:33:04.0835 0x0c04 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:33:04.0851 0x0c04 fvevol - ok
19:33:04.0882 0x0c04 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:33:04.0897 0x0c04 gagp30kx - ok
19:33:04.0944 0x0c04 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:33:05.0022 0x0c04 gpsvc - ok
19:33:05.0085 0x0c04 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:05.0116 0x0c04 gupdate - ok
19:33:05.0131 0x0c04 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:05.0147 0x0c04 gupdatem - ok
19:33:05.0163 0x0c04 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:33:05.0209 0x0c04 hcw85cir - ok
19:33:05.0225 0x0c04 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:33:05.0256 0x0c04 HdAudAddService - ok
19:33:05.0272 0x0c04 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:33:05.0303 0x0c04 HDAudBus - ok
19:33:05.0319 0x0c04 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:33:05.0334 0x0c04 HECIx64 - ok
19:33:05.0350 0x0c04 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:33:05.0365 0x0c04 HidBatt - ok
19:33:05.0397 0x0c04 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:33:05.0428 0x0c04 HidBth - ok
19:33:05.0443 0x0c04 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:33:05.0475 0x0c04 HidIr - ok
19:33:05.0506 0x0c04 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:33:05.0553 0x0c04 hidserv - ok
19:33:05.0584 0x0c04 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:33:05.0599 0x0c04 HidUsb - ok
19:33:05.0631 0x0c04 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:33:05.0677 0x0c04 hkmsvc - ok
19:33:05.0709 0x0c04 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:33:05.0740 0x0c04 HomeGroupListener - ok
19:33:05.0771 0x0c04 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:33:05.0787 0x0c04 HomeGroupProvider - ok
19:33:05.0802 0x0c04 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:33:05.0802 0x0c04 HpSAMD - ok
19:33:05.0865 0x0c04 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:33:05.0911 0x0c04 HTTP - ok
19:33:05.0943 0x0c04 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:33:05.0943 0x0c04 hwpolicy - ok
19:33:05.0974 0x0c04 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:33:05.0989 0x0c04 i8042prt - ok
19:33:06.0021 0x0c04 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:33:06.0036 0x0c04 iaStor - ok
19:33:06.0052 0x0c04 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:33:06.0067 0x0c04 iaStorV - ok
19:33:06.0161 0x0c04 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:33:06.0239 0x0c04 idsvc - ok
19:33:06.0270 0x0c04 IEEtwCollectorService - ok
19:33:06.0442 0x0c04 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:33:06.0645 0x0c04 igfx - ok
19:33:06.0676 0x0c04 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:33:06.0676 0x0c04 iirsp - ok
19:33:06.0723 0x0c04 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:33:06.0769 0x0c04 IKEEXT - ok
19:33:06.0801 0x0c04 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:33:06.0816 0x0c04 Impcd - ok
19:33:06.0941 0x0c04 [ 5205DE9BD47F633E06EF3EF3DE11EF99, B2E9F6A776A5EEFF565478321FF1A83E22C4391E877E2D8F16BDF5D7778A5863 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:33:07.0003 0x0c04 IntcAzAudAddService - ok
19:33:07.0035 0x0c04 [ 9AAC116EE05FBA3D22775EB0BAC5333D, F206948B9B2CD1B748612ED3609F0F429E79FB99C4A2ACCBDC82E2EF0D5AD4C6 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
19:33:07.0050 0x0c04 Intel(R) PROSet Monitoring Service - ok
19:33:07.0066 0x0c04 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:33:07.0081 0x0c04 intelide - ok
19:33:07.0097 0x0c04 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:33:07.0113 0x0c04 intelppm - ok
19:33:07.0128 0x0c04 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:33:07.0159 0x0c04 IPBusEnum - ok
19:33:07.0175 0x0c04 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:07.0206 0x0c04 IpFilterDriver - ok
19:33:07.0269 0x0c04 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:33:07.0331 0x0c04 iphlpsvc - ok
19:33:07.0347 0x0c04 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:33:07.0378 0x0c04 IPMIDRV - ok
19:33:07.0378 0x0c04 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:33:07.0425 0x0c04 IPNAT - ok
19:33:07.0456 0x0c04 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:33:07.0503 0x0c04 IRENUM - ok
19:33:07.0518 0x0c04 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:33:07.0534 0x0c04 isapnp - ok
19:33:07.0565 0x0c04 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:33:07.0581 0x0c04 iScsiPrt - ok
19:33:07.0596 0x0c04 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:33:07.0612 0x0c04 kbdclass - ok
19:33:07.0627 0x0c04 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:33:07.0659 0x0c04 kbdhid - ok
19:33:07.0674 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
19:33:07.0690 0x0c04 KeyIso - ok
19:33:07.0721 0x0c04 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:33:07.0737 0x0c04 KSecDD - ok
19:33:07.0752 0x0c04 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:33:07.0768 0x0c04 KSecPkg - ok
19:33:07.0768 0x0c04 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:33:07.0815 0x0c04 ksthunk - ok
19:33:07.0846 0x0c04 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:33:07.0893 0x0c04 KtmRm - ok
19:33:07.0924 0x0c04 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:33:07.0986 0x0c04 LanmanServer - ok
19:33:08.0017 0x0c04 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:33:08.0049 0x0c04 LanmanWorkstation - ok
19:33:08.0064 0x0c04 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:33:08.0095 0x0c04 lltdio - ok
19:33:08.0127 0x0c04 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:33:08.0173 0x0c04 lltdsvc - ok
19:33:08.0189 0x0c04 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:33:08.0251 0x0c04 lmhosts - ok
19:33:08.0298 0x0c04 [ 0B4F38AA22D5634C48EDB18FE257F005, 66C26F8223431CBE8FAA0B160B8B1D6FE2FC2802497EDD5B425058BD10DE0013 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:33:08.0314 0x0c04 LMS - ok
19:33:08.0345 0x0c04 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:33:08.0345 0x0c04 LSI_FC - ok
19:33:08.0361 0x0c04 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:33:08.0361 0x0c04 LSI_SAS - ok
19:33:08.0376 0x0c04 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:33:08.0376 0x0c04 LSI_SAS2 - ok
19:33:08.0392 0x0c04 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:33:08.0407 0x0c04 LSI_SCSI - ok
19:33:08.0423 0x0c04 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:33:08.0470 0x0c04 luafv - ok
19:33:08.0532 0x0c04 [ 968BFF74AEB683C962960ECE0CAE4135, 3E08B39DE27FE27A27BD3E81486F0FCA1947D4B50BFE0167A0C27CE48DD56793 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
19:33:08.0579 0x0c04 McComponentHostService - ok
19:33:08.0595 0x0c04 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:33:08.0626 0x0c04 Mcx2Svc - ok
19:33:08.0641 0x0c04 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:33:08.0657 0x0c04 megasas - ok
19:33:08.0673 0x0c04 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:33:08.0704 0x0c04 MegaSR - ok
19:33:08.0735 0x0c04 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:33:08.0813 0x0c04 MMCSS - ok
19:33:08.0829 0x0c04 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:33:08.0844 0x0c04 Modem - ok
19:33:08.0860 0x0c04 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:33:08.0875 0x0c04 monitor - ok
19:33:08.0907 0x0c04 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:33:08.0907 0x0c04 mouclass - ok
19:33:08.0922 0x0c04 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:33:08.0953 0x0c04 mouhid - ok
19:33:08.0985 0x0c04 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:33:09.0000 0x0c04 mountmgr - ok
19:33:09.0047 0x0c04 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:33:09.0078 0x0c04 MozillaMaintenance - ok
19:33:09.0109 0x0c04 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:33:09.0141 0x0c04 mpio - ok
19:33:09.0156 0x0c04 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:33:09.0187 0x0c04 mpsdrv - ok
19:33:09.0219 0x0c04 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:33:09.0297 0x0c04 MpsSvc - ok
19:33:09.0328 0x0c04 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:33:09.0375 0x0c04 MRxDAV - ok
19:33:09.0390 0x0c04 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:09.0437 0x0c04 mrxsmb - ok
19:33:09.0468 0x0c04 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:09.0499 0x0c04 mrxsmb10 - ok
19:33:09.0499 0x0c04 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:09.0531 0x0c04 mrxsmb20 - ok
19:33:09.0546 0x0c04 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:33:09.0577 0x0c04 msahci - ok
19:33:09.0593 0x0c04 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:33:09.0609 0x0c04 msdsm - ok
19:33:09.0624 0x0c04 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:33:09.0655 0x0c04 MSDTC - ok
19:33:09.0687 0x0c04 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:33:09.0749 0x0c04 Msfs - ok
19:33:09.0780 0x0c04 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:33:09.0811 0x0c04 mshidkmdf - ok
19:33:09.0827 0x0c04 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:33:09.0843 0x0c04 msisadrv - ok
19:33:09.0858 0x0c04 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:33:09.0889 0x0c04 MSiSCSI - ok
19:33:09.0905 0x0c04 msiserver - ok
19:33:09.0921 0x0c04 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:33:09.0952 0x0c04 MSKSSRV - ok
19:33:09.0967 0x0c04 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:33:09.0999 0x0c04 MSPCLOCK - ok
19:33:09.0999 0x0c04 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:33:10.0030 0x0c04 MSPQM - ok
19:33:10.0061 0x0c04 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:33:10.0077 0x0c04 MsRPC - ok
19:33:10.0092 0x0c04 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:33:10.0108 0x0c04 mssmbios - ok
19:33:10.0108 0x0c04 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:33:10.0139 0x0c04 MSTEE - ok
19:33:10.0155 0x0c04 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:33:10.0155 0x0c04 MTConfig - ok
19:33:10.0170 0x0c04 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:33:10.0186 0x0c04 Mup - ok
19:33:10.0217 0x0c04 [ 1898CEDA3247213C084F43637EF163B3, 4429F32DB1CC70567919D7D47B844A91CF1329A6CD116F582305F3B7B60CD60B ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
19:33:10.0248 0x0c04 NAL - ok
19:33:10.0295 0x0c04 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:33:10.0357 0x0c04 napagent - ok
19:33:10.0373 0x0c04 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:33:10.0420 0x0c04 NativeWifiP - ok
19:33:10.0467 0x0c04 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:33:10.0482 0x0c04 NDIS - ok
19:33:10.0498 0x0c04 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:33:10.0529 0x0c04 NdisCap - ok
19:33:10.0545 0x0c04 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:33:10.0576 0x0c04 NdisTapi - ok
19:33:10.0607 0x0c04 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:33:10.0654 0x0c04 Ndisuio - ok
19:33:10.0685 0x0c04 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:33:10.0716 0x0c04 NdisWan - ok
19:33:10.0747 0x0c04 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:33:10.0794 0x0c04 NDProxy - ok
19:33:10.0872 0x0c04 [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:33:10.0919 0x0c04 Nero BackItUp Scheduler 4.0 - ok
19:33:10.0966 0x0c04 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:33:10.0981 0x0c04 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:33:10.0981 0x0c04 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:33:10.0981 0x0c04 Force sending object to P2P due to detect: Net Driver HPZ12
19:33:10.0981 0x0c04 Object send P2P result: false
19:33:10.0997 0x0c04 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:33:11.0059 0x0c04 NetBIOS - ok
19:33:11.0091 0x0c04 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:33:11.0106 0x0c04 NetBT - ok
19:33:11.0122 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
19:33:11.0138 0x0c04 Netlogon - ok
19:33:11.0169 0x0c04 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:33:11.0216 0x0c04 Netman - ok
19:33:11.0262 0x0c04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:11.0309 0x0c04 NetMsmqActivator - ok
19:33:11.0325 0x0c04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:11.0340 0x0c04 NetPipeActivator - ok
19:33:11.0387 0x0c04 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:33:11.0434 0x0c04 netprofm - ok
19:33:11.0450 0x0c04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:11.0465 0x0c04 NetTcpActivator - ok
19:33:11.0465 0x0c04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:11.0481 0x0c04 NetTcpPortSharing - ok
19:33:11.0496 0x0c04 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:33:11.0496 0x0c04 nfrd960 - ok
19:33:11.0528 0x0c04 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:33:11.0559 0x0c04 NlaSvc - ok
19:33:11.0590 0x0c04 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF C:\Windows\system32\drivers\npf.sys
19:33:11.0606 0x0c04 NPF - ok
19:33:11.0621 0x0c04 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:33:11.0668 0x0c04 Npfs - ok
19:33:11.0684 0x0c04 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:33:11.0715 0x0c04 nsi - ok
19:33:11.0730 0x0c04 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:33:11.0762 0x0c04 nsiproxy - ok
19:33:11.0808 0x0c04 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:33:11.0871 0x0c04 Ntfs - ok
19:33:11.0886 0x0c04 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:33:11.0902 0x0c04 Null - ok
19:33:11.0918 0x0c04 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:33:11.0933 0x0c04 nvraid - ok
19:33:11.0949 0x0c04 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:33:11.0964 0x0c04 nvstor - ok
19:33:11.0980 0x0c04 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:33:12.0011 0x0c04 nv_agp - ok
19:33:12.0042 0x0c04 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:33:12.0058 0x0c04 ohci1394 - ok
19:33:12.0120 0x0c04 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:33:12.0167 0x0c04 ose - ok
19:33:12.0339 0x0c04 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:33:12.0510 0x0c04 osppsvc - ok
19:33:12.0557 0x0c04 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:33:12.0604 0x0c04 p2pimsvc - ok
19:33:12.0620 0x0c04 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:33:12.0666 0x0c04 p2psvc - ok
19:33:12.0682 0x0c04 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:33:12.0713 0x0c04 Parport - ok
19:33:12.0729 0x0c04 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:33:12.0744 0x0c04 partmgr - ok
19:33:12.0744 0x0c04 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:33:12.0776 0x0c04 PcaSvc - ok
19:33:12.0807 0x0c04 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:33:12.0807 0x0c04 pci - ok
19:33:12.0838 0x0c04 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:33:12.0838 0x0c04 pciide - ok
19:33:12.0869 0x0c04 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:33:12.0885 0x0c04 pcmcia - ok
19:33:12.0900 0x0c04 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:33:12.0916 0x0c04 pcw - ok
19:33:12.0932 0x0c04 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:33:12.0978 0x0c04 PEAUTH - ok
19:33:13.0025 0x0c04 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:33:13.0103 0x0c04 PeerDistSvc - ok
19:33:13.0181 0x0c04 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:33:13.0228 0x0c04 PerfHost - ok
19:33:13.0322 0x0c04 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:33:13.0400 0x0c04 pla - ok
19:33:13.0431 0x0c04 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:33:13.0478 0x0c04 PlugPlay - ok
19:33:13.0493 0x0c04 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:33:13.0524 0x0c04 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:33:13.0524 0x0c04 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:33:13.0524 0x0c04 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:33:13.0556 0x0c04 PNRPAutoReg - ok
19:33:13.0571 0x0c04 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:33:13.0587 0x0c04 PNRPsvc - ok
19:33:13.0602 0x0c04 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:33:13.0665 0x0c04 PolicyAgent - ok
19:33:13.0696 0x0c04 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:33:13.0727 0x0c04 Power - ok
19:33:13.0774 0x0c04 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:33:13.0821 0x0c04 PptpMiniport - ok
19:33:13.0836 0x0c04 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:33:13.0852 0x0c04 Processor - ok
19:33:13.0883 0x0c04 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
19:33:13.0961 0x0c04 ProfSvc - ok
19:33:13.0977 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:33:13.0992 0x0c04 ProtectedStorage - ok
19:33:14.0039 0x0c04 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:33:14.0102 0x0c04 Psched - ok
19:33:14.0164 0x0c04 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:33:14.0195 0x0c04 ql2300 - ok
19:33:14.0211 0x0c04 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:33:14.0226 0x0c04 ql40xx - ok
19:33:14.0258 0x0c04 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:33:14.0289 0x0c04 QWAVE - ok
19:33:14.0304 0x0c04 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:33:14.0336 0x0c04 QWAVEdrv - ok
19:33:14.0336 0x0c04 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:33:14.0398 0x0c04 RasAcd - ok
19:33:14.0414 0x0c04 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:33:14.0476 0x0c04 RasAgileVpn - ok
19:33:14.0492 0x0c04 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:33:14.0523 0x0c04 RasAuto - ok
19:33:14.0554 0x0c04 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:33:14.0585 0x0c04 Rasl2tp - ok
19:33:14.0616 0x0c04 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:33:14.0663 0x0c04 RasMan - ok
19:33:14.0663 0x0c04 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:33:14.0694 0x0c04 RasPppoe - ok
19:33:14.0710 0x0c04 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:33:14.0741 0x0c04 RasSstp - ok
19:33:14.0772 0x0c04 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:33:14.0804 0x0c04 rdbss - ok
19:33:14.0819 0x0c04 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:33:14.0835 0x0c04 rdpbus - ok
19:33:14.0850 0x0c04 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:33:14.0866 0x0c04 RDPCDD - ok
19:33:14.0897 0x0c04 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:33:14.0928 0x0c04 RDPDR - ok
19:33:14.0928 0x0c04 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:33:14.0960 0x0c04 RDPENCDD - ok
19:33:14.0975 0x0c04 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:33:15.0006 0x0c04 RDPREFMP - ok
19:33:15.0022 0x0c04 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:33:15.0069 0x0c04 RDPWD - ok
19:33:15.0084 0x0c04 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:33:15.0100 0x0c04 rdyboost - ok
19:33:15.0116 0x0c04 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:33:15.0162 0x0c04 RemoteAccess - ok
19:33:15.0178 0x0c04 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:33:15.0209 0x0c04 RemoteRegistry - ok
19:33:15.0240 0x0c04 [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
19:33:15.0256 0x0c04 rpcapd - ok
19:33:15.0256 0x0c04 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:33:15.0303 0x0c04 RpcEptMapper - ok
19:33:15.0318 0x0c04 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:33:15.0334 0x0c04 RpcLocator - ok
19:33:15.0365 0x0c04 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:33:15.0396 0x0c04 RpcSs - ok
19:33:15.0412 0x0c04 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:33:15.0443 0x0c04 rspndr - ok
19:33:15.0459 0x0c04 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:33:15.0490 0x0c04 s3cap - ok
19:33:15.0506 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
19:33:15.0521 0x0c04 SamSs - ok
19:33:15.0537 0x0c04 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:33:15.0552 0x0c04 sbp2port - ok
19:33:15.0568 0x0c04 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:33:15.0599 0x0c04 SCardSvr - ok
19:33:15.0630 0x0c04 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:33:15.0662 0x0c04 scfilter - ok
19:33:15.0708 0x0c04 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:33:15.0786 0x0c04 Schedule - ok
19:33:15.0818 0x0c04 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:33:15.0849 0x0c04 SCPolicySvc - ok
19:33:15.0864 0x0c04 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:33:15.0896 0x0c04 SDRSVC - ok
19:33:15.0927 0x0c04 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:33:15.0958 0x0c04 secdrv - ok
19:33:15.0974 0x0c04 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:33:16.0005 0x0c04 seclogon - ok
19:33:16.0020 0x0c04 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:33:16.0036 0x0c04 SENS - ok
19:33:16.0052 0x0c04 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:33:16.0083 0x0c04 SensrSvc - ok
19:33:16.0098 0x0c04 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:33:16.0114 0x0c04 Serenum - ok
19:33:16.0130 0x0c04 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:33:16.0130 0x0c04 Serial - ok
19:33:16.0161 0x0c04 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:33:16.0176 0x0c04 sermouse - ok
19:33:16.0223 0x0c04 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:33:16.0286 0x0c04 SessionEnv - ok
19:33:16.0301 0x0c04 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:33:16.0332 0x0c04 sffdisk - ok
19:33:16.0348 0x0c04 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:33:16.0364 0x0c04 sffp_mmc - ok
19:33:16.0379 0x0c04 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:33:16.0395 0x0c04 sffp_sd - ok
19:33:16.0410 0x0c04 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:33:16.0426 0x0c04 sfloppy - ok
19:33:16.0457 0x0c04 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:33:16.0520 0x0c04 SharedAccess - ok
19:33:16.0566 0x0c04 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:33:16.0629 0x0c04 ShellHWDetection - ok
19:33:16.0660 0x0c04 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:33:16.0660 0x0c04 SiSRaid2 - ok
19:33:16.0691 0x0c04 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:33:16.0691 0x0c04 SiSRaid4 - ok
19:33:16.0722 0x0c04 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:33:16.0754 0x0c04 Smb - ok
19:33:16.0785 0x0c04 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:33:16.0800 0x0c04 SNMPTRAP - ok
19:33:16.0816 0x0c04 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:33:16.0832 0x0c04 spldr - ok
19:33:16.0878 0x0c04 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:33:16.0941 0x0c04 Spooler - ok
19:33:17.0066 0x0c04 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:33:17.0190 0x0c04 sppsvc - ok
19:33:17.0222 0x0c04 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:33:17.0253 0x0c04 sppuinotify - ok
19:33:17.0284 0x0c04 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:33:17.0315 0x0c04 srv - ok
19:33:17.0331 0x0c04 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:33:17.0362 0x0c04 srv2 - ok
19:33:17.0362 0x0c04 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:33:17.0378 0x0c04 srvnet - ok
19:33:17.0409 0x0c04 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:33:17.0440 0x0c04 SSDPSRV - ok
19:33:17.0440 0x0c04 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:33:17.0471 0x0c04 SstpSvc - ok
19:33:17.0502 0x0c04 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:33:17.0518 0x0c04 stexstor - ok
19:33:17.0565 0x0c04 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:33:17.0612 0x0c04 stisvc - ok
19:33:17.0643 0x0c04 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:33:17.0658 0x0c04 storflt - ok
19:33:17.0658 0x0c04 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
19:33:17.0690 0x0c04 StorSvc - ok
19:33:17.0705 0x0c04 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:33:17.0705 0x0c04 storvsc - ok
19:33:17.0736 0x0c04 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:33:17.0736 0x0c04 swenum - ok
19:33:17.0752 0x0c04 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:33:17.0814 0x0c04 swprv - ok
19:33:17.0877 0x0c04 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:33:17.0939 0x0c04 SysMain - ok
19:33:17.0970 0x0c04 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:33:17.0986 0x0c04 TabletInputService - ok
19:33:18.0017 0x0c04 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:33:18.0064 0x0c04 TapiSrv - ok
19:33:18.0080 0x0c04 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:33:18.0111 0x0c04 TBS - ok
19:33:18.0173 0x0c04 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:33:18.0236 0x0c04 Tcpip - ok
19:33:18.0282 0x0c04 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:33:18.0329 0x0c04 TCPIP6 - ok
19:33:18.0360 0x0c04 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:33:18.0360 0x0c04 tcpipreg - ok
19:33:18.0392 0x0c04 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:33:18.0423 0x0c04 TDPIPE - ok
19:33:18.0438 0x0c04 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:33:18.0470 0x0c04 TDTCP - ok
19:33:18.0501 0x0c04 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:33:18.0563 0x0c04 tdx - ok
19:33:18.0579 0x0c04 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:33:18.0610 0x0c04 TermDD - ok
19:33:18.0641 0x0c04 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
19:33:18.0719 0x0c04 TermService - ok
19:33:18.0797 0x0c04 [ CBA4FA2089AA7A5A52EEF55B8376F144, 8F720043004F533BA359416732690BC0A84B76EE1FEA5C1FAE485CF1532E6D69 ] TestHandler C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
19:33:18.0828 0x0c04 TestHandler - ok
19:33:18.0844 0x0c04 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:33:18.0860 0x0c04 Themes - ok
19:33:18.0891 0x0c04 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:33:18.0906 0x0c04 THREADORDER - ok
19:33:18.0938 0x0c04 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
19:33:18.0969 0x0c04 TPM - ok
19:33:19.0000 0x0c04 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:33:19.0078 0x0c04 TrkWks - ok
19:33:19.0125 0x0c04 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:33:19.0172 0x0c04 TrustedInstaller - ok
19:33:19.0187 0x0c04 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:33:19.0203 0x0c04 tssecsrv - ok
19:33:19.0234 0x0c04 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:33:19.0265 0x0c04 TsUsbFlt - ok
19:33:19.0296 0x0c04 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:33:19.0359 0x0c04 tunnel - ok
19:33:19.0374 0x0c04 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:33:19.0390 0x0c04 uagp35 - ok
19:33:19.0421 0x0c04 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:33:19.0452 0x0c04 udfs - ok
19:33:19.0468 0x0c04 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:33:19.0499 0x0c04 UI0Detect - ok
19:33:19.0530 0x0c04 [ 6640110398438BDC6CC8D48EEC8EDDC5, FDEF9250468CE85F9AE4239A139BFED21EF133D3050012D4DEBCFDF9B07E6D15 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
19:33:19.0562 0x0c04 UimBus - ok
19:33:19.0577 0x0c04 [ 20BABEFA37F38B3CC26C0E9A26B844FF, F032E66092D585D43B65F5BF4D7DFEE7A3BE1B22E7C63E1CF3D74F0791E99918 ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
19:33:19.0608 0x0c04 Uim_IM - ok
19:33:19.0640 0x0c04 [ 441E8BC5E68200038F0F1941A10C85F4, B93FB9DEC5365D526737A50C7958DB7441C515DF4AAACB6306998E18CF14F69B ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
19:33:19.0655 0x0c04 Uim_VIM - ok
19:33:19.0671 0x0c04 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:33:19.0671 0x0c04 uliagpkx - ok
19:33:19.0702 0x0c04 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
19:33:19.0718 0x0c04 umbus - ok
19:33:19.0733 0x0c04 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:33:19.0764 0x0c04 UmPass - ok
19:33:19.0796 0x0c04 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
19:33:19.0842 0x0c04 UmRdpService - ok
19:33:19.0967 0x0c04 [ 6FDB1CA1ADD261F893C90738EBA37197, 1C4D845C7C3E757F054A99C4A342B01262894929A5B6687B3FA437D4A2DE14F2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:33:20.0030 0x0c04 UNS - ok
19:33:20.0045 0x0c04 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:33:20.0092 0x0c04 upnphost - ok
19:33:20.0123 0x0c04 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:33:20.0154 0x0c04 usbccgp - ok
19:33:20.0170 0x0c04 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:33:20.0201 0x0c04 usbcir - ok
19:33:20.0232 0x0c04 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:33:20.0248 0x0c04 usbehci - ok
19:33:20.0279 0x0c04 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:33:20.0326 0x0c04 usbhub - ok
19:33:20.0342 0x0c04 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:33:20.0373 0x0c04 usbohci - ok
19:33:20.0404 0x0c04 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:33:20.0420 0x0c04 usbprint - ok
19:33:20.0435 0x0c04 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:33:20.0482 0x0c04 USBSTOR - ok
19:33:20.0498 0x0c04 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:33:20.0513 0x0c04 usbuhci - ok
19:33:20.0560 0x0c04 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:33:20.0607 0x0c04 UxSms - ok
19:33:20.0622 0x0c04 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
19:33:20.0622 0x0c04 VaultSvc - ok
19:33:20.0638 0x0c04 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:33:20.0638 0x0c04 vdrvroot - ok
19:33:20.0669 0x0c04 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:33:20.0732 0x0c04 vds - ok
19:33:20.0763 0x0c04 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:33:20.0763 0x0c04 vga - ok
19:33:20.0778 0x0c04 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:33:20.0810 0x0c04 VgaSave - ok
19:33:20.0825 0x0c04 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:33:20.0841 0x0c04 vhdmp - ok
19:33:20.0872 0x0c04 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:33:20.0872 0x0c04 viaide - ok
19:33:20.0888 0x0c04 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:33:20.0903 0x0c04 vmbus - ok
19:33:20.0919 0x0c04 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:33:20.0919 0x0c04 VMBusHID - ok
19:33:20.0934 0x0c04 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:33:20.0950 0x0c04 volmgr - ok
19:33:20.0981 0x0c04 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:33:20.0997 0x0c04 volmgrx - ok
19:33:21.0012 0x0c04 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:33:21.0028 0x0c04 volsnap - ok
19:33:21.0044 0x0c04 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:33:21.0059 0x0c04 vsmraid - ok
19:33:21.0153 0x0c04 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:33:21.0262 0x0c04 VSS - ok
19:33:21.0278 0x0c04 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:33:21.0293 0x0c04 vwifibus - ok
19:33:21.0324 0x0c04 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:33:21.0371 0x0c04 W32Time - ok
19:33:21.0402 0x0c04 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:33:21.0402 0x0c04 WacomPen - ok
19:33:21.0434 0x0c04 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:33:21.0465 0x0c04 WANARP - ok
19:33:21.0465 0x0c04 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:33:21.0480 0x0c04 Wanarpv6 - ok
19:33:21.0543 0x0c04 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:33:21.0605 0x0c04 WatAdminSvc - ok
19:33:21.0652 0x0c04 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:33:21.0730 0x0c04 wbengine - ok
19:33:21.0746 0x0c04 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:33:21.0792 0x0c04 WbioSrvc - ok
19:33:21.0808 0x0c04 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:33:21.0839 0x0c04 wcncsvc - ok
19:33:21.0855 0x0c04 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:33:21.0870 0x0c04 WcsPlugInService - ok
19:33:21.0870 0x0c04 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:33:21.0886 0x0c04 Wd - ok
19:33:21.0917 0x0c04 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:33:21.0948 0x0c04 Wdf01000 - ok
19:33:21.0964 0x0c04 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:33:22.0042 0x0c04 WdiServiceHost - ok
19:33:22.0058 0x0c04 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:33:22.0073 0x0c04 WdiSystemHost - ok
19:33:22.0104 0x0c04 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
19:33:22.0136 0x0c04 WebClient - ok
19:33:22.0151 0x0c04 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:33:22.0198 0x0c04 Wecsvc - ok
19:33:22.0214 0x0c04 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:33:22.0260 0x0c04 wercplsupport - ok
19:33:22.0276 0x0c04 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:33:22.0323 0x0c04 WerSvc - ok
19:33:22.0338 0x0c04 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:33:22.0370 0x0c04 WfpLwf - ok
19:33:22.0370 0x0c04 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:33:22.0385 0x0c04 WIMMount - ok
19:33:22.0401 0x0c04 WinDefend - ok
19:33:22.0401 0x0c04 WinHttpAutoProxySvc - ok
19:33:22.0448 0x0c04 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:33:22.0479 0x0c04 Winmgmt - ok
19:33:22.0572 0x0c04 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:33:22.0697 0x0c04 WinRM - ok
19:33:22.0760 0x0c04 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:33:22.0822 0x0c04 Wlansvc - ok
19:33:22.0962 0x0c04 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:33:23.0072 0x0c04 wlidsvc - ok
19:33:23.0103 0x0c04 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:33:23.0118 0x0c04 WmiAcpi - ok
19:33:23.0150 0x0c04 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:33:23.0181 0x0c04 wmiApSrv - ok
19:33:23.0196 0x0c04 WMPNetworkSvc - ok
19:33:23.0228 0x0c04 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:33:23.0259 0x0c04 WPCSvc - ok
19:33:23.0259 0x0c04 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:33:23.0306 0x0c04 WPDBusEnum - ok
19:33:23.0337 0x0c04 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:33:23.0368 0x0c04 ws2ifsl - ok
19:33:23.0384 0x0c04 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:33:23.0415 0x0c04 wscsvc - ok
19:33:23.0415 0x0c04 WSearch - ok
19:33:23.0508 0x0c04 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
19:33:23.0586 0x0c04 wuauserv - ok
19:33:23.0602 0x0c04 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:33:23.0618 0x0c04 WudfPf - ok
19:33:23.0633 0x0c04 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:23.0664 0x0c04 WUDFRd - ok
19:33:23.0680 0x0c04 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:33:23.0727 0x0c04 wudfsvc - ok
19:33:23.0758 0x0c04 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:33:23.0805 0x0c04 WwanSvc - ok
19:33:23.0805 0x0c04 ================ Scan global ===============================
19:33:23.0820 0x0c04 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:33:23.0852 0x0c04 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:33:23.0867 0x0c04 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:33:23.0883 0x0c04 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:33:23.0914 0x0c04 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:33:23.0930 0x0c04 [ Global ] - ok
19:33:23.0930 0x0c04 ================ Scan MBR ==================================
19:33:23.0930 0x0c04 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:24.0132 0x0c04 \Device\Harddisk0\DR0 - ok
19:33:24.0148 0x0c04 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR6
19:33:24.0288 0x0c04 \Device\Harddisk5\DR6 - ok
19:33:24.0288 0x0c04 ================ Scan VBR ==================================
19:33:24.0288 0x0c04 [ BEE3AC385B05300042C8D9C009D531B2 ] \Device\Harddisk0\DR0\Partition1
19:33:24.0304 0x0c04 \Device\Harddisk0\DR0\Partition1 - ok
19:33:24.0304 0x0c04 [ F9B13B8E099B568E4A28D2DF2DA637B5 ] \Device\Harddisk0\DR0\Partition2
19:33:24.0304 0x0c04 \Device\Harddisk0\DR0\Partition2 - ok
19:33:24.0320 0x0c04 [ BCBDAEDFBD681DCC5FD9A59F460F9978 ] \Device\Harddisk5\DR6\Partition1
19:33:24.0320 0x0c04 \Device\Harddisk5\DR6\Partition1 - ok
19:33:24.0320 0x0c04 ================ Scan generic autorun ======================
19:33:24.0663 0x0c04 [ A22A6FB52946E2590DEE18AE6FC31A82, 958C4C76B97F9CE1E076D0DF83975810833F3D49E545DE49FD3C1A60E2F22A1A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:33:24.0912 0x0c04 RtHDVCpl - ok
19:33:24.0928 0x0c04 ATIModeChange - ok
19:33:24.0959 0x0c04 [ 7A2609473880AE403631D81F3FB9A212, B35453B465706900915030205A5D0DF59B5B3B02A2C973C96B567C5ADDA6D4EF ] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
19:33:24.0990 0x0c04 DeskUpdateNotifier - ok
19:33:25.0084 0x0c04 [ 8AE0094F42C6BDCC6187293035C036C1, 085E4A28C3702E608EF11B17E75D62895503475A3E13432F9073DA62227DB949 ] C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe
19:33:25.0131 0x0c04 NBKeyScan - ok
19:33:25.0162 0x0c04 [ F7DD2D785280DB73DC9060F80361BEFB, 7AF1114FFA46290DC77CC5D562034287A0E617BD4747F58E65CDF70244C402CB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:33:25.0178 0x0c04 APSDaemon - ok
19:33:25.0209 0x0c04 [ AF43C4F7F3C8BC95DAD95024F96CDC4A, 6348F6D8F301C5F7290B963D6923E389414ADFBCF6AED562A32245BCADC05580 ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:33:25.0224 0x0c04 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
19:33:25.0224 0x0c04 QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
19:33:25.0287 0x0c04 [ CE3CBDA16AB9B041DBA33FAD7D06C810, B6B1B24A9EE6E15C520CFB9A2C282FEDDA855037F9EB32AB740B5BBF8B4B88F2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:33:25.0318 0x0c04 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
19:33:25.0318 0x0c04 StartCCC ( UnsignedFile.Multi.Generic ) - warning
19:33:25.0380 0x0c04 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:33:25.0427 0x0c04 Adobe ARM - ok
19:33:25.0505 0x0c04 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
19:33:25.0536 0x0c04 avgnt - ok
19:33:25.0583 0x0c04 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:33:25.0677 0x0c04 Sidebar - ok
19:33:25.0692 0x0c04 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:33:25.0724 0x0c04 mctadmin - ok
19:33:25.0755 0x0c04 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:33:25.0786 0x0c04 Sidebar - ok
19:33:25.0786 0x0c04 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:33:25.0802 0x0c04 mctadmin - ok
19:33:25.0833 0x0c04 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40010 ( disabled : outofdate )
19:33:25.0864 0x0c04 Win FW state via NFP2: enabled
19:33:25.0864 0x0c04 ============================================================
19:33:25.0864 0x0c04 Scan finished
19:33:25.0864 0x0c04 ============================================================
19:33:25.0864 0x0c14 Detected object count: 5
19:33:25.0864 0x0c14 Actual detected object count: 5
19:35:03.0504 0x0c14 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:03.0504 0x0c14 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:03.0504 0x0c14 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:03.0504 0x0c14 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:03.0504 0x0c14 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:03.0504 0x0c14 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:03.0504 0x0c14 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:03.0504 0x0c14 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:03.0504 0x0c14 StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:03.0504 0x0c14 StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.11.18.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
admin :: CELSIUS [administrator]
23.12.2014 19:43:55
mbar-log-2014-12-23 (19-43-55).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 374804
Time elapsed: 10 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
24.12.2014, 18:07
| #4 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042c hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2014, 19:03
| #5 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Anbei das Logfile von Combofix. Vielen Dank für die Bearbeitung am heutigen Feiertag! Code:
ATTFilter ComboFix 14-12-23.01 - admin 24.12.2014 18:44:18.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.12224.10177 [GMT 1:00]
ausgef¸hrt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-24 bis 2014-12-24 ))))))))))))))))))))))))))))))
.
.
2014-12-23 18:43 . 2014-12-23 18:43 -------- d-----w- c:\programdata\Malwarebytes
2014-12-23 18:43 . 2014-12-23 18:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-23 18:43 . 2014-12-23 18:43 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-23 18:41 . 2014-12-23 18:55 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-23 16:26 . 2014-12-23 16:26 -------- d-----w- c:\users\rita\AppData\Roaming\Avira
2014-12-23 14:05 . 2014-12-23 15:21 -------- d-----w- C:\FRST
2014-12-23 13:01 . 2014-12-23 13:01 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2014-12-23 13:01 . 2014-11-24 09:30 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-12-23 13:01 . 2014-11-24 09:30 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-12-23 13:01 . 2014-11-24 09:30 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-12-23 13:01 . 2014-11-24 09:30 141376 ----a-w- c:\windows\system32\drivers\avfwot.sys
2014-12-23 13:01 . 2014-11-24 09:30 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-12-23 13:01 . 2014-11-24 09:30 114608 ----a-w- c:\windows\system32\drivers\avfwim.sys
2014-12-23 13:01 . 2014-12-23 13:01 -------- d-----w- c:\program files (x86)\Avira
2014-12-23 12:47 . 2014-12-23 12:47 -------- d-----w- C:\Intel19.5
2014-12-23 12:21 . 2014-12-23 12:21 -------- d-----w- c:\users\admin\AppData\Local\ElevatedDiagnostics
2014-12-23 12:21 . 2014-12-23 12:21 -------- d-----w- c:\users\admin\AppData\Local\Diagnostics
2014-12-23 11:50 . 2014-12-23 11:50 -------- d-----w- c:\program files\Intel
2014-12-23 11:49 . 2014-09-23 14:15 403256 ----a-w- c:\windows\system32\PROUnstl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 18:56 . 2011-03-13 12:53 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-10 02:05 . 2014-10-16 11:11 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 02:05 . 2014-10-16 11:11 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 02:00 . 2014-10-16 11:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-07 02:54 . 2014-10-16 11:11 378552 ----a-w- c:\windows\system32\iedkcs32.dll
2014-09-29 00:58 . 2014-10-16 11:11 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:50 . 2014-10-16 11:11 13619200 ----a-w- c:\windows\system32\ieframe.dll
2014-09-25 22:32 . 2014-10-16 11:11 2017280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31 . 2014-10-16 11:11 2108416 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2013-02-26 102968]
"NBKeyScan"="c:\program files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-12-05 2254120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-21 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2011-4-2 869376]
SDL MultiTerm 2009 Widget.lnk - c:\program files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe [2011-2-22 398336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2011-3-9 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVNETFLT
*NewlyCreated* - NAL
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-23 c:\windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job
- c:\program files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05 13:06]
.
2012-07-18 c:\windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig.job
- c:\program files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05 13:06]
.
2014-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 09:26]
.
2014-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 17:10]
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 17:10]
.
2014-12-01 c:\windows\Tasks\Paragon Archive name arc_141213185517937.job
- c:\program files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15 15:00]
.
2014-12-15 c:\windows\Tasks\Paragon Archive name diff_141213195248161.job
- c:\program files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startfenster.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.22
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://192.168.1.7/AxViewer/AxMediaControl.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4cpzx6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-Adobe FrameMaker 7.1 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-24 18:54:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-24 17:54
.
Vor Suchlauf: 18 Verzeichnis(se), 10.587.832.320 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 11.508.465.664 Bytes frei
.
- - End Of File - - 984CDAFB4B16A2BAE5D52B66C257C38F
|
|
25.12.2014, 16:49
| #6 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042c Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows Firewall startet nicht - Fehlercode 0x8007042c |
|
25.12.2014, 19:15
| #7 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Hallo, vielen Dank, das sieht schon ganz gut aus. Firewall ist wieder aktiv und der Virenscanner laesst sich auch wieder für email und Browser aktivieren. Das Netzwerk scheint immer noch ein Problem zu haben. Als ich das Netzwerkkabel ansteckete ging der Rechner aus und machte einen Neustart. Die Netzwerkkarte scheint auch keine Pakete zu empfangen. Habe gerade gesehen, dass DHCP und NLA Dienst nicht laufen - also doch eher kein HW Problem? Anbei die Logs. Vielen Dank. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.12.2014 Suchlauf-Zeit: 17:24:00 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2014.11.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 385570 Verstrichene Zeit: 9 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-173040323-2897980119-3820871240-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [9f67a29c5527be78ea5edf8615ee0ef2], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 25/12/2014 um 17:55:26
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - CELSIUS
# Gestartet von : C:\Users\admin\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Datei Gelöscht : C:\Users\admin\Favorites\eBay.lnk
Datei Gelöscht : C:\Users\admin\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\admin\Desktop\Startfenster.lnk
Datei Gelöscht : C:\Users\rita\Favorites\eBay.lnk
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[b4cpzx6k.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.com");
*************************
AdwCleaner[R0].txt - [1699 octets] - [25/12/2014 17:52:12]
AdwCleaner[S0].txt - [1434 octets] - [25/12/2014 17:55:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1494 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 25.12.2014 at 18:01:06,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\admin\favorites\links\startfenster.lnk"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.12.2014 at 18:03:41,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014 Ran by admin (administrator) on CELSIUS on 25-12-2014 18:07:00 Running from C:\Users\admin\Desktop Loaded Profile: admin (Available profiles: admin & rita) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\Deskupdate\DeskUpdateNotifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (SDL) C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\admin\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor) HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-12-05] (Nero AG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2009 Widget.lnk ShortcutTarget: SDL MultiTerm 2009 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (SDL) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-173040323-2897980119-3820871240-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {4765B790-C12B-4C26-90E7-DF72B6A53221} URL = SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.1.7/AxViewer/AxMediaControl.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.22 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4cpzx6k.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2011-12-20] (Macrovision Europe Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-25 18:07 - 2014-12-25 18:07 - 00015702 _____ () C:\Users\admin\Desktop\FRST.txt 2014-12-25 18:06 - 2014-12-25 18:04 - 02122240 _____ (Farbar) C:\Users\admin\Desktop\FRST64(1).exe 2014-12-25 18:03 - 2014-12-25 18:03 - 00000707 _____ () C:\Users\admin\Desktop\JRT.txt 2014-12-25 18:01 - 2014-12-25 18:01 - 00000000 ____D () C:\Windows\ERUNT 2014-12-25 18:00 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe 2014-12-25 17:52 - 2014-12-25 17:55 - 00000000 ____D () C:\AdwCleaner 2014-12-25 17:51 - 2014-12-25 17:09 - 02173952 _____ () C:\Users\admin\Desktop\AdwCleaner_4.106.exe 2014-12-25 17:22 - 2014-12-25 17:22 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-25 17:22 - 2014-12-25 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-25 17:22 - 2014-12-25 17:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 17:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-25 17:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-25 17:21 - 2014-12-25 17:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-24 18:54 - 2014-12-24 18:54 - 00017581 _____ () C:\ComboFix.txt 2014-12-24 18:42 - 2014-12-24 18:54 - 00000000 ____D () C:\Qoobox 2014-12-24 18:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-24 18:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-24 18:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-24 18:41 - 2014-12-24 18:53 - 00000000 ____D () C:\Windows\erdnt 2014-12-24 18:40 - 2014-12-23 19:59 - 05603465 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe 2014-12-23 19:43 - 2014-12-25 17:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-23 19:43 - 2014-12-25 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-23 19:43 - 2014-12-25 17:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-23 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-23 19:40 - 2014-12-23 19:40 - 00000000 ____D () C:\Users\admin\Desktop\Mbar 2014-12-23 19:39 - 2014-11-21 00:46 - 16448208 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.08.2.1001.exe 2014-12-23 19:31 - 2014-12-12 08:13 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\admin\Desktop\tdsskiller.exe 2014-12-23 18:16 - 2014-12-23 18:16 - 00051752 _____ () C:\Users\admin\Desktop\AVSCAN-20141223-173016-7C1325BD.LOG 2014-12-23 17:26 - 2014-12-23 17:26 - 00000000 ____D () C:\Users\rita\AppData\Roaming\Avira 2014-12-23 17:18 - 2014-12-23 17:18 - 00277616 _____ () C:\Windows\Minidump\122314-31933-02.dmp 2014-12-23 16:35 - 2014-12-23 17:18 - 00000000 ____D () C:\Windows\Minidump 2014-12-23 16:35 - 2014-12-23 16:35 - 00277616 _____ () C:\Windows\Minidump\122314-31933-01.dmp 2014-12-23 16:18 - 2014-12-23 16:18 - 00000000 _____ () C:\Users\admin\defogger_reenable 2014-12-23 15:05 - 2014-12-25 18:07 - 00000000 ____D () C:\FRST 2014-12-23 14:36 - 2014-12-23 14:35 - 00000402 _____ () C:\Users\admin\Desktop\repair.bat 2014-12-23 14:01 - 2014-12-23 14:01 - 00002000 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-23 14:01 - 2014-11-24 10:30 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-23 13:47 - 2014-12-23 13:47 - 00000000 ____D () C:\Intel19.5 2014-12-23 12:50 - 2014-12-23 12:50 - 00000000 ____D () C:\Program Files\Intel 2014-12-23 12:50 - 2014-09-23 15:07 - 00001904 ____N () C:\Windows\system32\SetupBD.din 2014-12-23 12:49 - 2014-09-23 15:15 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2014-12-11 20:02 - 2014-12-11 20:02 - 00021904 _____ () C:\Users\rita\.recently-used.xbel ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-25 18:05 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-25 18:05 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-25 18:04 - 2010-04-26 14:06 - 00859394 _____ () C:\Windows\system32\perfh007.dat 2014-12-25 18:04 - 2010-04-26 14:06 - 00199270 _____ () C:\Windows\system32\perfc007.dat 2014-12-25 18:04 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-25 18:03 - 2013-06-01 18:10 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-25 18:01 - 2011-03-09 03:52 - 01447816 _____ () C:\Windows\WindowsUpdate.log 2014-12-25 17:57 - 2013-06-01 18:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-25 17:57 - 2011-03-09 18:01 - 00693888 _____ () C:\Windows\PFRO.log 2014-12-25 17:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-25 17:57 - 2009-07-14 05:51 - 00221416 _____ () C:\Windows\setupact.log 2014-12-25 17:48 - 2012-07-17 16:46 - 00000704 _____ () C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job 2014-12-25 17:48 - 2012-07-17 16:17 - 00000000 ____D () C:\Users\Public\Documents\backup_jobs 2014-12-25 17:26 - 2012-08-14 12:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-24 19:10 - 2013-12-14 20:53 - 00000978 _____ () C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job 2014-12-24 18:54 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-24 18:51 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-23 16:18 - 2011-03-08 21:17 - 00000000 ____D () C:\Users\admin 2014-12-23 14:01 - 2011-03-13 14:03 - 00000000 ____D () C:\ProgramData\Avira 2014-12-23 13:35 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-14 09:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-11 20:02 - 2011-10-18 18:30 - 00000000 ____D () C:\Users\rita\AppData\Roaming\gtk-2.0 2014-12-11 20:02 - 2011-10-18 18:28 - 00000000 ____D () C:\Users\rita\.gimp-2.6 2014-12-11 20:02 - 2011-03-13 14:21 - 00000000 ____D () C:\Users\rita 2014-12-08 23:17 - 2011-03-08 21:19 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu 2014-12-01 18:00 - 2013-12-14 20:02 - 00000954 _____ () C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\avgnt.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe C:\Users\admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 16:46 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by admin at 2014-12-25 18:07:21
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABUS IP-Installer (HKLM-x32\...\{DAA8FDCE-EB1A-4332-818C-43C6E738CEB4}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
ABUS VMS Express (x64) (HKLM\...\{0B2917EB-936C-46B7-AD30-C1934658095A}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe FrameMaker v7.1 (HKLM-x32\...\Adobe FrameMaker 7.1) (Version: 7.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50907 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D091F65F-BBB7-D8BB-7E7E-024BDA4058C5}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gamma Scout Toolbox (HKLM-x32\...\{4F48CD95-B2B4-4532-B6E9-5055277B95BA}) (Version: 1.0.0 - GammaScout)
GetFoldersize 2.5.10 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.10 - Michael Thummerer Software Design)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{fa628712-09e0-451c-a751-fe8e91b07cdd}) (Version: - Nero AG)
Nero BackItUp 4 Essentials (HKLM-x32\...\{0c44f617-a587-4822-83c0-29391f0899af}) (Version: - Nero AG)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
QuarkXPress (HKLM-x32\...\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}) (Version: 8.10.0000 - Quark Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAIDar 4.3.4 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
SDL MultiTerm 2009 Convert (HKLM-x32\...\{7D860239-2378-4A9B-8F4E-6E06F2029B5E}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Core SP4 (HKLM-x32\...\{5B2C86E5-EF04-47A7-BCF7-9DDA6456A43F}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Desktop (HKLM-x32\...\{A1CC3003-50E3-4EBA-965A-377250B576BF}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Extract (HKLM-x32\...\{CEC855A6-82CC-4EDA-9A2C-AF5CB8BB931A}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Widget (HKLM-x32\...\{2FCA4642-B4C8-444D-B43D-CE24C555C61B}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Word Integration (HKLM-x32\...\{9E82F52F-D918-4EF0-A1EE-956A6360E44D}) (Version: 8.6.339 - SDL)
SDL MultiTerm Side By Side Tools (HKLM-x32\...\{3F337F82-AA02-42CF-9B90-3AECAD87388B}) (Version: 8.6.339 - SDL)
SDL Passolo 2009 Essential SR3 (HKLM-x32\...\SDL Passolo 2009 Essential SR3) (Version: SDL Passolo 2009 Essential SR3 - SDL Passolo GmbH)
SDL Trados Studio 2009 SP3 (HKLM-x32\...\{399F2130-59E1-11DF-9F46-8091DFD72085}) (Version: 1.3.2307.0 - SDL)
SEH InterCon-NetTool 1.8.43 (HKLM-x32\...\InterCon-NetTool) (Version: 1.8.43 - SEH Computertechnik GmbH)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
23-12-2014 20:22:36 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-24 18:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19AF83E4-A482-45F6-91BB-4AABA36B83A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {227C66AD-4250-4823-8466-ECC7D22331AA} - System32\Tasks\Paragon Archive name diff_141213195248161 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {31707073-25B6-4FF4-94F9-0038E146C164} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {3FBF02EF-53EC-467A-9264-6B112C413A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {42B724DF-FCFB-4C4B-BBCB-D5B4C1A5BC08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {B591FD95-DCAC-446E-85F7-C6300778FE95} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {B6FC70DB-AE8A-4144-96C3-9DDF75FB150D} - System32\Tasks\Paragon Archive name arc_141213185517937 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {C794EA5A-19CB-47A1-9A80-4B23C2BEE07D} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {E4C88E8D-DE00-481D-AD4A-760726D07E15} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {FB46ADD1-4289-4E42-996D-E93EFA5732D3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-03-21 21:16 - 2011-03-21 21:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-26 12:25 - 2010-11-26 12:25 - 01423360 _____ () C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\Sdl.Core.Licensing.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-173040323-2897980119-3820871240-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-173040323-2897980119-3820871240-500 - Administrator - Disabled)
Gast (S-1-5-21-173040323-2897980119-3820871240-501 - Limited - Disabled)
rita (S-1-5-21-173040323-2897980119-3820871240-1001 - Limited - Enabled) => C:\Users\rita
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (12/25/2014 06:06:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741288.
Error: (12/25/2014 06:06:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/25/2014 06:06:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/25/2014 06:06:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/25/2014 06:06:14 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/25/2014 06:06:14 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (12/25/2014 06:06:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/25/2014 06:06:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/25/2014 06:06:14 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/25/2014 06:06:14 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Microsoft Office Sessions:
=========================
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/25/2014 06:04:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2014-12-24 18:48:41.483
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-24 18:48:41.312
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 19%
Total physical RAM: 12223.61 MB
Available physical RAM: 9892.5 MB
Total Pagefile: 24445.4 MB
Available Pagefile: 21845.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:64.65 GB) (Free:10.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Daten) (Fixed) (Total:399.1 GB) (Free:337.61 GB) NTFS
Drive j: (USB-STICK) (Removable) (Total:7.34 GB) (Free:7.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
PUP.Optional.Unizeto in C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\plasma.exe. |
|
26.12.2014, 16:53
| #8 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042cESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2014, 17:31
| #9 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Eset startet den Scan nicht ohne aktuelle Datenbank - ich habe aber auf dem infizierten Rechner kein Netzwerk? Gibt es eine Moeglichkeit die Datenbank manuel bereit zu stellen? |
|
27.12.2014, 13:14
| #10 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042c Dann fixen wir erst mal die Netzwerkverbindung. Wie gehst Du Online? LAN oder WLAN? Bitte mit dem jeweiligen Verbinden soweit möglich, dann: Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2014, 20:48
| #11 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Das sieht sehr gut aus - Netzwerk (LAN) laeuft wieder. Nur Windows erkennt den Virenscanner nicht im Wartungscenter? Kann man sagen ob das jetzt ein Virus war oder eine Sammlung von Schaedlingen? Gibt es ein Programm mit dem man das haette verhindern können? Muss noch was gemacht werden? Werde mich erkenntlich zeigen... Logfiles nachfolgend. Vielen Dank. MiniToolBox / result.txt. Code:
ATTFilter MiniToolBox by Farbar Version: 30-11-2014
Ran by admin (administrator) on 27-12-2014 at 15:36:37
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Intel(R) 82578DM Gigabit Network Connection = LAN-Verbindung (Connected)
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# Ende der IPv4-Konfiguration
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : celsius
Prim�res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
Ethernet-Adapter LAN-Verbindung:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connection
Physikalische Adresse . . . . . . : 00-19-99-9F-AE-01
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::31fa:f39:d5ae:47a4%10(Bevorzugt)
IPv4-Adresse (Auto. Konfiguration): 169.254.71.164(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . :
DNS-Server . . . . . . . . . . . : 192.168.1.22
NetBIOS �ber TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.{DE5484A4-A881-42EC-AF0C-9FC83077A37F}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter Teredo Tunneling Pseudo-Interface:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Server: UnKnown
Address: 192.168.1.22
Ping-Anforderung konnte Host "google.com" nicht finden. �berpr�fen Sie den Namen, und versuchen Sie es erneut.
Server: UnKnown
Address: 192.168.1.22
Ping-Anforderung konnte Host "yahoo.com" nicht finden. �berpr�fen Sie den Namen, und versuchen Sie es erneut.
Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Ping-Statistik f�r 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
10...00 19 99 9f ae 01 ......Intel(R) 82578DM Gigabit Network Connection
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
169.254.0.0 255.255.0.0 Auf Verbindung 169.254.71.164 266
169.254.71.164 255.255.255.255 Auf Verbindung 169.254.71.164 266
169.254.255.255 255.255.255.255 Auf Verbindung 169.254.71.164 266
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 169.254.71.164 266
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 169.254.71.164 266
===========================================================================
St�ndige Routen:
Keine
IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
1 306 ::1/128 Auf Verbindung
10 266 fe80::/64 Auf Verbindung
10 266 fe80::31fa:f39:d5ae:47a4/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
10 266 ff00::/8 Auf Verbindung
===========================================================================
St�ndige Routen:
Keine
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/27/2014 03:34:16 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von CELSIUS (169.254.71.164) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.
Error: (12/27/2014 03:32:40 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {b485e580-93b1-49cd-8cdd-e6a6f572647c}
Error: (12/26/2014 08:36:14 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von CELSIUS (127.0.0.1) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.
Error: (12/26/2014 06:14:25 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Das Update von CELSIUS (169.254.71.164) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten..
Es wurden keine neuen Dateien geladen.
Error: (12/26/2014 05:33:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/26/2014 05:33:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/26/2014 05:17:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (12/27/2014 03:36:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/27/2014 03:36:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/27/2014 03:36:50 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/27/2014 03:36:50 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (12/27/2014 03:36:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/27/2014 03:36:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (12/27/2014 03:36:47 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden des Dhcpv4-Clientdiensts. Fehlercode 5. Der ShutDown-Kennzeichenwert lautet 0.
Error: (12/27/2014 03:36:47 PM) (Source: Microsoft-Windows-Dhcp-Client) (User: NT-AUTORITÄT)
Description: Fehler bei der DHCPv4-Initialisierung. Fehlercode: 5.
Error: (12/27/2014 03:36:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DHCP-Client" wurde mit folgendem Fehler beendet:
%%5
Error: (12/27/2014 03:36:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Microsoft Office Sessions:
=========================
Error: (12/27/2014 03:34:16 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: CELSIUS (169.254.71.164)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (12/27/2014 03:32:40 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Zugriff verweigert
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {b485e580-93b1-49cd-8cdd-e6a6f572647c}
Error: (12/26/2014 08:36:14 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: CELSIUS (127.0.0.1)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (12/26/2014 06:14:25 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: CELSIUS (169.254.71.164)Während des Herunterladens ist ein Fehler aufgetreten.
Error: (12/26/2014 05:33:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
Error: (12/26/2014 05:33:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/26/2014 05:19:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/26/2014 05:17:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-12-24 18:48:41.483
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-24 18:48:41.312
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABUS IP-Installer (HKLM-x32\...\{DAA8FDCE-EB1A-4332-818C-43C6E738CEB4}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
ABUS VMS Express (x64) (HKLM\...\{0B2917EB-936C-46B7-AD30-C1934658095A}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe FrameMaker v7.1 (HKLM-x32\...\Adobe FrameMaker 7.1) (Version: 7.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50907 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D091F65F-BBB7-D8BB-7E7E-024BDA4058C5}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Catalyst Control Center (x32 Version: 2011.0321.2218.38193 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0321.2218.38193 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0321.2218.38193 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help English (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help French (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help German (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0321.2217.38193 - ATI) Hidden
ccc-utility64 (Version: 2011.0321.2218.38193 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gamma Scout Toolbox (HKLM-x32\...\{4F48CD95-B2B4-4532-B6E9-5055277B95BA}) (Version: 1.0.0 - GammaScout)
GetFoldersize 2.5.10 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.10 - Michael Thummerer Software Design)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Intel(R) Network Connections 19.5.300.2 (Version: 19.5.300.2 - Intel) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{fa628712-09e0-451c-a751-fe8e91b07cdd}) (Version: - Nero AG)
Nero BackItUp (x32 Version: 4.2.0.100 - Nero AG) Hidden
Nero BackItUp (x32 Version: 4.2.3.100 - Nero AG) Hidden
Nero BackItUp 4 Essentials (HKLM-x32\...\{0c44f617-a587-4822-83c0-29391f0899af}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.10.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.10.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.10.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Rescue Agent (x32 Version: 2.4.11.100 - Nero AG) Hidden
Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.201 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.201 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.10.201 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.9.202 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
QuarkXPress (HKLM-x32\...\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}) (Version: 8.10.0000 - Quark Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAIDar 4.3.4 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
SDL MultiTerm 2009 Convert (HKLM-x32\...\{7D860239-2378-4A9B-8F4E-6E06F2029B5E}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Core SP4 (HKLM-x32\...\{5B2C86E5-EF04-47A7-BCF7-9DDA6456A43F}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Desktop (HKLM-x32\...\{A1CC3003-50E3-4EBA-965A-377250B576BF}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Extract (HKLM-x32\...\{CEC855A6-82CC-4EDA-9A2C-AF5CB8BB931A}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Widget (HKLM-x32\...\{2FCA4642-B4C8-444D-B43D-CE24C555C61B}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Word Integration (HKLM-x32\...\{9E82F52F-D918-4EF0-A1EE-956A6360E44D}) (Version: 8.6.339 - SDL)
SDL MultiTerm Side By Side Tools (HKLM-x32\...\{3F337F82-AA02-42CF-9B90-3AECAD87388B}) (Version: 8.6.339 - SDL)
SDL Passolo 2009 Essential SR3 (HKLM-x32\...\SDL Passolo 2009 Essential SR3) (Version: SDL Passolo 2009 Essential SR3 - SDL Passolo GmbH)
SDL Trados Studio 2009 SP3 (HKLM-x32\...\{399F2130-59E1-11DF-9F46-8091DFD72085}) (Version: 1.3.2307.0 - SDL)
SEH InterCon-NetTool 1.8.43 (HKLM-x32\...\InterCon-NetTool) (Version: 1.8.43 - SEH Computertechnik GmbH)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, hxxp://www.wireshark.org)
========================= Memory info: ===================================
Percentage of memory in use: 18%
Total physical RAM: 12223.61 MB
Available physical RAM: 10005.73 MB
Total Pagefile: 24445.4 MB
Available Pagefile: 21865.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.09 MB
========================= Partitions: =====================================
1 Drive c: (System) (Fixed) (Total:64.65 GB) (Free:9.94 GB) NTFS
7 Drive i: (Daten) (Fixed) (Total:399.1 GB) (Free:337.61 GB) NTFS
8 Drive j: (USB-STICK) (Removable) (Total:7.34 GB) (Free:7.11 GB) FAT32
========================= Users: ========================================
Benutzerkonten fr \\CELSIUS
admin Administrator Gast
rita
Der Befehl wurde erfolgreich ausgefhrt.
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=502b0f8bd6db8f48b5ced2a60452ddd2
# engine=21722
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-27 05:51:29
# local_time=2014-12-27 06:51:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1802 16775165 100 96 8528 21759063 1321 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46212926 171332539 0 0
# scanned=224995
# found=0
# cleaned=0
# scan_time=4469
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.152 Flash Player out of Date! Adobe Reader 9 Adobe Reader XI Mozilla Firefox 32.0.3 Firefox out of Date! Mozilla Thunderbird 16.0.2 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by admin (administrator) on CELSIUS on 27-12-2014 19:01:53 Running from C:\Users\admin\Desktop Loaded Profile: admin (Available profiles: admin & rita) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (SDL) C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\Deskupdate\DeskUpdateNotifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Paragon Software Group) C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe (Paragon Software Group) C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\plauncher_s.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor) HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-12-05] (Nero AG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2009 Widget.lnk ShortcutTarget: SDL MultiTerm 2009 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe (SDL) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-173040323-2897980119-3820871240-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-173040323-2897980119-3820871240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {4765B790-C12B-4C26-90E7-DF72B6A53221} URL = SearchScopes: HKU\S-1-5-21-173040323-2897980119-3820871240-1000 -> {9D611CC1-BF87-4975-A792-9B888D8F2E85} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} hxxp://192.168.1.7/AxViewer/AxMediaControl.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.22 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4cpzx6k.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2011-12-20] (Macrovision Europe Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 19:01 - 2014-12-27 19:01 - 02122752 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2014-12-27 19:01 - 2014-12-27 19:01 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion 2014-12-27 18:57 - 2014-12-26 17:02 - 00852505 _____ () C:\Users\admin\Desktop\SecurityCheck.exe 2014-12-27 16:34 - 2014-12-27 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CELSIUS-Microsoft-Windows-7-Professional-(64-bit).dat 2014-12-27 16:34 - 2014-12-27 16:34 - 00000000 ____D () C:\RegBackup 2014-12-27 15:54 - 2014-12-27 15:54 - 00003288 ____N () C:\bootsqm.dat 2014-12-27 15:40 - 2014-12-27 15:40 - 00002165 _____ () C:\Users\admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-12-27 15:40 - 2014-12-27 15:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-12-27 15:36 - 2014-12-27 15:36 - 00043842 _____ () C:\Users\admin\Desktop\Result.txt 2014-12-27 15:35 - 2014-11-30 17:38 - 00401920 _____ (Farbar) C:\Users\admin\Desktop\MiniToolBox.exe 2014-12-26 17:16 - 2013-02-08 16:15 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe 2014-12-25 18:07 - 2014-12-27 19:06 - 00016405 _____ () C:\Users\admin\Desktop\FRST.txt 2014-12-25 18:07 - 2014-12-25 18:07 - 00024229 _____ () C:\Users\admin\Desktop\Addition.txt 2014-12-25 18:03 - 2014-12-25 18:03 - 00000707 _____ () C:\Users\admin\Desktop\JRT.txt 2014-12-25 18:01 - 2014-12-25 18:01 - 00000000 ____D () C:\Windows\ERUNT 2014-12-25 18:00 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe 2014-12-25 17:52 - 2014-12-25 17:55 - 00000000 ____D () C:\AdwCleaner 2014-12-25 17:51 - 2014-12-25 17:09 - 02173952 _____ () C:\Users\admin\Desktop\AdwCleaner_4.106.exe 2014-12-25 17:22 - 2014-12-25 17:22 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-25 17:22 - 2014-12-25 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-25 17:22 - 2014-12-25 17:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 17:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-25 17:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-25 17:21 - 2014-12-25 17:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-24 18:54 - 2014-12-24 18:54 - 00017581 _____ () C:\ComboFix.txt 2014-12-24 18:42 - 2014-12-24 18:54 - 00000000 ____D () C:\Qoobox 2014-12-24 18:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-24 18:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-24 18:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-24 18:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-24 18:41 - 2014-12-24 18:53 - 00000000 ____D () C:\Windows\erdnt 2014-12-24 18:40 - 2014-12-23 19:59 - 05603465 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe 2014-12-23 19:43 - 2014-12-27 18:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-23 19:43 - 2014-12-25 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-23 19:43 - 2014-12-25 17:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-23 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-23 19:40 - 2014-12-23 19:40 - 00000000 ____D () C:\Users\admin\Desktop\Mbar 2014-12-23 19:39 - 2014-11-21 00:46 - 16448208 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.08.2.1001.exe 2014-12-23 19:31 - 2014-12-12 08:13 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\admin\Desktop\tdsskiller.exe 2014-12-23 18:16 - 2014-12-23 18:16 - 00051752 _____ () C:\Users\admin\Desktop\AVSCAN-20141223-173016-7C1325BD.LOG 2014-12-23 17:26 - 2014-12-23 17:26 - 00000000 ____D () C:\Users\rita\AppData\Roaming\Avira 2014-12-23 17:18 - 2014-12-23 17:18 - 00277616 _____ () C:\Windows\Minidump\122314-31933-02.dmp 2014-12-23 16:35 - 2014-12-23 17:18 - 00000000 ____D () C:\Windows\Minidump 2014-12-23 16:35 - 2014-12-23 16:35 - 00277616 _____ () C:\Windows\Minidump\122314-31933-01.dmp 2014-12-23 16:18 - 2014-12-23 16:18 - 00000000 _____ () C:\Users\admin\defogger_reenable 2014-12-23 15:05 - 2014-12-27 19:01 - 00000000 ____D () C:\FRST 2014-12-23 14:36 - 2014-12-23 14:35 - 00000402 _____ () C:\Users\admin\Desktop\repair.bat 2014-12-23 14:01 - 2014-12-23 14:01 - 00002000 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-23 14:01 - 2014-12-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-23 14:01 - 2014-11-24 10:30 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-12-23 14:01 - 2014-11-24 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-23 13:47 - 2014-12-23 13:47 - 00000000 ____D () C:\Intel19.5 2014-12-23 12:50 - 2014-12-23 12:50 - 00000000 ____D () C:\Program Files\Intel 2014-12-23 12:50 - 2014-09-23 15:07 - 00001904 ____N () C:\Windows\system32\SetupBD.din 2014-12-23 12:49 - 2014-09-23 15:15 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2014-12-11 20:02 - 2014-12-11 20:02 - 00021904 _____ () C:\Users\rita\.recently-used.xbel ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 19:03 - 2013-06-01 18:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-27 19:02 - 2013-12-14 20:53 - 00000978 _____ () C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job 2014-12-27 18:55 - 2010-04-26 14:06 - 00963582 _____ () C:\Windows\system32\perfh007.dat 2014-12-27 18:55 - 2010-04-26 14:06 - 00232066 _____ () C:\Windows\system32\perfc007.dat 2014-12-27 18:55 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-27 18:42 - 2011-03-09 03:52 - 01532794 _____ () C:\Windows\WindowsUpdate.log 2014-12-27 18:28 - 2012-08-14 12:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-27 18:28 - 2012-08-14 12:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-27 18:27 - 2012-05-16 17:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-27 18:27 - 2011-07-07 10:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-27 17:47 - 2012-07-17 16:46 - 00000704 _____ () C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job 2014-12-27 17:25 - 2013-06-01 18:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-27 17:25 - 2011-03-09 18:02 - 00109808 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-27 16:58 - 2013-06-01 18:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-27 16:58 - 2013-06-01 18:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-27 16:58 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-27 16:58 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-27 16:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-27 16:52 - 2011-03-09 18:01 - 00694250 _____ () C:\Windows\PFRO.log 2014-12-27 16:52 - 2010-06-03 16:30 - 00000000 ____D () C:\Windows\CSC 2014-12-27 16:52 - 2009-07-14 05:51 - 00221864 _____ () C:\Windows\setupact.log 2014-12-27 16:52 - 2009-07-14 05:45 - 00409184 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-27 16:48 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini 2014-12-25 17:48 - 2012-07-17 16:17 - 00000000 ____D () C:\Users\Public\Documents\backup_jobs 2014-12-24 18:54 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-24 18:51 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-24 18:49 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_870 2014-12-23 16:18 - 2011-03-08 21:17 - 00000000 ____D () C:\Users\admin 2014-12-23 14:01 - 2011-03-13 14:03 - 00000000 ____D () C:\ProgramData\Avira 2014-12-23 13:35 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-14 09:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-11 20:02 - 2011-10-18 18:30 - 00000000 ____D () C:\Users\rita\AppData\Roaming\gtk-2.0 2014-12-11 20:02 - 2011-10-18 18:28 - 00000000 ____D () C:\Users\rita\.gimp-2.6 2014-12-11 20:02 - 2011-03-13 14:21 - 00000000 ____D () C:\Users\rita 2014-12-08 23:17 - 2011-03-08 21:19 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu 2014-12-01 18:00 - 2013-12-14 20:02 - 00000954 _____ () C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\avgnt.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe C:\Users\admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 19:48 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by admin at 2014-12-27 19:06:59
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABUS IP-Installer (HKLM-x32\...\{DAA8FDCE-EB1A-4332-818C-43C6E738CEB4}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
ABUS VMS Express (x64) (HKLM\...\{0B2917EB-936C-46B7-AD30-C1934658095A}) (Version: 7.0.2202 - ABUS Security-Center GmbH & Co. KG)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe FrameMaker v7.1 (HKLM-x32\...\Adobe FrameMaker 7.1) (Version: 7.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50907 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D091F65F-BBB7-D8BB-7E7E-024BDA4058C5}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gamma Scout Toolbox (HKLM-x32\...\{4F48CD95-B2B4-4532-B6E9-5055277B95BA}) (Version: 1.0.0 - GammaScout)
GetFoldersize 2.5.10 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.10 - Michael Thummerer Software Design)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{fa628712-09e0-451c-a751-fe8e91b07cdd}) (Version: - Nero AG)
Nero BackItUp 4 Essentials (HKLM-x32\...\{0c44f617-a587-4822-83c0-29391f0899af}) (Version: - Nero AG)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
QuarkXPress (HKLM-x32\...\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}) (Version: 8.10.0000 - Quark Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAIDar 4.3.4 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
SDL MultiTerm 2009 Convert (HKLM-x32\...\{7D860239-2378-4A9B-8F4E-6E06F2029B5E}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Core SP4 (HKLM-x32\...\{5B2C86E5-EF04-47A7-BCF7-9DDA6456A43F}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Desktop (HKLM-x32\...\{A1CC3003-50E3-4EBA-965A-377250B576BF}) (Version: 8.6.355 - SDL)
SDL MultiTerm 2009 Extract (HKLM-x32\...\{CEC855A6-82CC-4EDA-9A2C-AF5CB8BB931A}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Widget (HKLM-x32\...\{2FCA4642-B4C8-444D-B43D-CE24C555C61B}) (Version: 8.6.339 - SDL)
SDL MultiTerm 2009 Word Integration (HKLM-x32\...\{9E82F52F-D918-4EF0-A1EE-956A6360E44D}) (Version: 8.6.339 - SDL)
SDL MultiTerm Side By Side Tools (HKLM-x32\...\{3F337F82-AA02-42CF-9B90-3AECAD87388B}) (Version: 8.6.339 - SDL)
SDL Passolo 2009 Essential SR3 (HKLM-x32\...\SDL Passolo 2009 Essential SR3) (Version: SDL Passolo 2009 Essential SR3 - SDL Passolo GmbH)
SDL Trados Studio 2009 SP3 (HKLM-x32\...\{399F2130-59E1-11DF-9F46-8091DFD72085}) (Version: 1.3.2307.0 - SDL)
SEH InterCon-NetTool 1.8.43 (HKLM-x32\...\InterCon-NetTool) (Version: 1.8.43 - SEH Computertechnik GmbH)
Serif PhotoPlus X2 (HKLM-x32\...\{9DCFC564-606E-424F-8A1C-56DD14908AF6}) (Version: 12.0.2.011 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-173040323-2897980119-3820871240-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
27-12-2014 16:32:44 Tweaking.com - Windows Repair
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-27 16:48 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19AF83E4-A482-45F6-91BB-4AABA36B83A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-27] (Adobe Systems Incorporated)
Task: {227C66AD-4250-4823-8466-ECC7D22331AA} - System32\Tasks\Paragon Archive name diff_141213195248161 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {31707073-25B6-4FF4-94F9-0038E146C164} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {3FBF02EF-53EC-467A-9264-6B112C413A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {42B724DF-FCFB-4C4B-BBCB-D5B4C1A5BC08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {B591FD95-DCAC-446E-85F7-C6300778FE95} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {B6FC70DB-AE8A-4144-96C3-9DDF75FB150D} - System32\Tasks\Paragon Archive name arc_141213185517937 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe [2013-03-15] (Paragon Software Group)
Task: {C794EA5A-19CB-47A1-9A80-4B23C2BEE07D} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {E4C88E8D-DE00-481D-AD4A-760726D07E15} - System32\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe [2008-12-05] (Nero AG)
Task: {FB46ADD1-4289-4E42-996D-E93EFA5732D3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co inkrementell.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\20120717_173700_Laufwerk Daten + mail & Co Vollstaendig.job => C:\Program Files (x86)\Nero\Nero BackItUp 4\BackItUp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_141213185517937.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_141213195248161.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-03-21 21:16 - 2011-03-21 21:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-26 12:25 - 2010-11-26 12:25 - 01423360 _____ () C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\Sdl.Core.Licensing.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
admin (S-1-5-21-173040323-2897980119-3820871240-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-173040323-2897980119-3820871240-500 - Administrator - Disabled)
Gast (S-1-5-21-173040323-2897980119-3820871240-501 - Limited - Disabled)
rita (S-1-5-21-173040323-2897980119-3820871240-1001 - Limited - Enabled) => C:\Users\rita
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2014 06:57:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/27/2014 06:53:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/27/2014 05:31:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/27/2014 05:31:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/27/2014 05:25:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/27/2014 04:57:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/27/2014 04:57:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (12/27/2014 04:53:51 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{d1fb3e44-49f7-11e0-9f39-806e6f6e6963}" können nicht gelesen werden.
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:49:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:48:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:48:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/27/2014 04:48:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (12/27/2014 06:57:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestJ:\20141226\esetsmartinstaller_deu.exe
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/27/2014 06:55:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/27/2014 06:53:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/27/2014 05:31:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
Error: (12/27/2014 05:31:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
Error: (12/27/2014 05:25:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe
Error: (12/27/2014 04:57:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/27/2014 04:57:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2014-12-24 18:48:41.483
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-24 18:48:41.312
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 19%
Total physical RAM: 12223.61 MB
Available physical RAM: 9786.54 MB
Total Pagefile: 24445.4 MB
Available Pagefile: 21501.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:64.65 GB) (Free:10.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Daten) (Fixed) (Total:399.1 GB) (Free:337.61 GB) NTFS
Drive j: (USB-STICK) (Removable) (Total:7.34 GB) (Free:7.11 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
28.12.2014, 17:40
| #12 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042c Flash, Firefox und Thunderbird updaten. Malwarebefall war vorhanden, ja. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2014, 21:37
| #13 |
| | Windows Firewall startet nicht - Fehlercode 0x8007042c Anbei FixLog.txt leider habe ich schlauer Weise alles bereinigt (Delfix) bevor ich das Logfile gepostet habe. Erneute Ausführung brachte anderes (siehe unten) Ergebnis. In der urspruenglichen Version wurden alle Keys erfolgreich geloescht. Der Virenscanner wird nach wie vor nicht erkannt. Er wird nur als Spywareschutz eingestuft, denn dazu kommt eine Meldung wenn ich ihn abschalte. Hat das eine Auswirkung? Ansonsten läuft jetzt alles wieder  Danke für die vielen Tipps! Habe fast alles davon jetzt umgesetzt. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by admin at 2014-12-28 21:13:14 Run:1
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin & rita)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-173040323-2897980119-3820871240-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
"HKU\S-1-5-21-173040323-2897980119-3820871240-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 88.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 21:13:16 ====
|
|
29.12.2014, 19:19
| #14 |
| /// the machine /// TB-Ausbilder | Windows Firewall startet nicht - Fehlercode 0x8007042c Virenscanner einmal neu installieren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Firewall startet nicht - Fehlercode 0x8007042c |
| 0x8007042, 0x8007042c, adware, antivir, antivirus, avira, browser, computer, cpu, desktop, email, firewall inaktiv, flash player, helper, homepage, microsoft support, mozilla, netgear, netzwerk eingeschränkt, proxy, prozess, realtek, registry, scan, security, software, starten, svchost.exe, system, windows, windows fehler |
WARNUNG an die MITLESER: 
Linear-Darstellung
