| |
| |||||||
Log-Analyse und Auswertung: Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.01.2015, 13:19
| #16 |
 |  Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht Ich sende Dir meine FRST von meinem PC, er ist ziemlich langsam. Folgende Fehlermeldung hatte ich schon: Es wurde ein IP-Adresskonflikt ermittelt. Ein anderer Computer im Netzwerk hat dieselbe IP-Adresse wie dieser Computer. Zu diesem Zeitpunkt hatte ich in meine LTE-Router nur den PC und 3 Smardphones laufen. Den Fehler hatte ich in den letzten 3 Monaten 2 mal. Der PC braucht auch ziemlich beim herunterfahren, ca 90 bis 120 Sekunden. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Jörn-Friedrich (administrator) on JF29 on 08-01-2015 15:37:25
Running from C:\Users\Jörn-Friedrich\Downloads
Loaded Profile: Jörn-Friedrich (Available profiles: Jörn-Friedrich)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Browser7)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Jörn-Friedrich\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ThreatFire] => C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\RunOnce: [Adobe Speed Launcher] => 1420702101
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\MountPoints2: {d2adaa84-1e8f-11e3-9abf-8c89a59bac48} - G:\laucher.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * ᔃ]߾뿰ι
CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {28D88AB1-AA93-19B9-8FCD-48FA7FA69FE5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> DefaultScope {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {49A9EC78-0083-4AA6-9FE3-0B76A933572A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {83D23A4C-ADA1-4D5E-B1F2-49E8841CAEEE} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {906BF378-A14E-4DC3-9A7D-DFEC2F12607D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {A1503A9B-A574-4D9A-BEF4-613485148BF2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {B8DA2ED1-CA3D-48F5-A46E-10CE29D43091} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Plus-HD-2.2 -> {11111111-1111-1111-1111-110311301136} -> No File
BHO-x32: Boostyb.Core.BHO -> {42ad2408-abba-2408-1972-4706560e817b} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {42ad2408-baaa-408d-b13e-4706560e817b} - No File
Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Allin1Convert_8h.com/Plugin -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\NP8hStub.dll (Mindspark)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\searchplugins\conduit-search.xml
FF Extension: Avira Browser Safety - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira SafeSearch - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\safesearch@avira.com [2014-12-04]
FF Extension: Cliqz Beta - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\cliqz@cliqz.com.xpi [2014-09-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-04-05]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-04-05]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-21]
FF HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR DefaultSearchURL: Default -> hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=0c975f8c-e63d-a644-8ea0-7138087bdbf4&searchtype=ds&q={searchTerms}&installDate=17/11/2013
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Funmoods Chat) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-07]
CHR Extension: (FreeHDSport TV) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon [2013-05-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-26]
CHR Extension: (Google Wallet) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JRN-FR~1\AppData\Local\funmoods.crx [2012-11-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JRN-FR~1\AppData\Local\funmoods.crx [2012-11-17]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JRN-FR~1\AppData\Local\funmoods.crx [2012-11-17]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx [2013-05-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\VipBoxSportsApp.com\stv10.crx [2013-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [88648 2014-01-02] (COMPANYVERS_NAME)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [107008 2014-11-16] (Deutsche Telekom AG) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] () [File not signed]
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-04-16] (microOLAP Technologies LTD)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
U3 DfSdkS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 15:37 - 2015-01-08 15:37 - 00019761 _____ () C:\Users\Jörn-Friedrich\Downloads\FRST.txt
2015-01-08 15:37 - 2015-01-08 15:37 - 00000000 ____D () C:\FRST
2015-01-08 15:36 - 2015-01-08 15:36 - 02124288 _____ (Farbar) C:\Users\Jörn-Friedrich\Downloads\FRST64.exe
2015-01-08 15:36 - 2015-01-08 15:36 - 02124288 _____ (Farbar) C:\Users\Jörn-Friedrich\Downloads\FRST64(1).exe
2015-01-08 15:36 - 2015-01-08 15:36 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Reinigung
2015-01-08 10:55 - 2015-01-08 11:00 - 00009221 _____ () C:\Users\Jörn-Friedrich\Desktop\Finanzierung.xlsx
2015-01-08 08:28 - 2015-01-08 08:28 - 00000056 _____ () C:\Windows\setupact.log
2015-01-08 08:28 - 2015-01-08 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 18:14 - 2015-01-07 18:14 - 00000490 _____ () C:\Users\Jörn-Friedrich\Downloads\defogger_disable.log
2015-01-07 18:14 - 2015-01-07 18:14 - 00000000 _____ () C:\Users\Jörn-Friedrich\defogger_reenable
2015-01-07 18:11 - 2015-01-07 18:11 - 00050477 _____ () C:\Users\Jörn-Friedrich\Downloads\Defogger.exe
2015-01-05 00:12 - 2015-01-05 00:13 - 00001154 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150105_001252.reg
2014-12-28 20:40 - 2014-12-28 20:41 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\AviraSpeedup
2014-12-28 20:39 - 2014-12-28 20:39 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-12-27 22:57 - 2014-12-27 22:57 - 00000980 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_225657.reg
2014-12-27 00:09 - 2014-12-27 00:09 - 00005700 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_000935.reg
2014-12-25 11:34 - 2014-12-25 11:34 - 00045586 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_113359.reg
2014-12-25 11:06 - 2014-12-25 11:06 - 00013064 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_110632.reg
2014-12-23 21:53 - 2014-12-23 21:53 - 00000000 ____D () C:\TempDump
2014-12-23 14:36 - 2014-12-23 14:36 - 00000061 _____ () C:\Users\Jörn-Friedrich\Downloads\server.properties
2014-12-21 23:09 - 2014-12-21 23:09 - 00000460 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141221_230858.reg
2014-12-21 23:05 - 2014-12-21 23:05 - 05317104 _____ (Piriform Ltd) C:\Users\Jörn-Friedrich\Downloads\ccsetup501.exe
2014-12-19 21:22 - 2014-12-19 21:23 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8(1).zip
2014-12-19 21:21 - 2014-12-19 21:21 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8.zip
2014-12-18 08:12 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:12 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 22:47 - 2014-12-13 22:47 - 00000890 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141213_224740.reg
2014-12-13 20:52 - 2014-12-19 21:37 - 00010240 ___SH () C:\Users\Jörn-Friedrich\Downloads\Thumbs.db
2014-12-11 19:07 - 2014-12-11 19:07 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-10 08:42 - 2014-12-10 08:42 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 08:04 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 08:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 07:53 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 07:53 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 07:53 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 07:53 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:53 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:53 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:53 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:53 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:53 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:53 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:53 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:53 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:53 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:53 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:53 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:53 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:53 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:53 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:53 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:53 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:53 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:53 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:53 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:53 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:53 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:53 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:53 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:53 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:53 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:53 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:53 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:53 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:53 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:53 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:53 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:53 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:53 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:53 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:53 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:53 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:53 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:53 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:53 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:53 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:53 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:53 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:53 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:53 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:53 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:53 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:53 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:53 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:53 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:53 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:53 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:53 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:53 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:53 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:53 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:52 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:52 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:52 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:52 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:52 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:52 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:52 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:52 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:52 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:52 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:52 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:52 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:52 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:52 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 11:48 - 2014-12-09 11:48 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 15:18 - 2012-04-07 18:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-08 13:07 - 2014-04-19 10:16 - 01745661 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 08:35 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 08:35 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 08:28 - 2012-06-11 21:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-08 08:28 - 2012-04-07 18:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 08:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 20:43 - 2011-03-11 10:20 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 20:43 - 2011-03-11 10:20 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 20:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 18:14 - 2012-04-07 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich
2015-01-05 11:36 - 2014-12-08 12:05 - 00035328 ___SH () C:\Users\Jörn-Friedrich\Desktop\Thumbs.db
2015-01-04 20:54 - 2014-10-29 15:18 - 00000000 ____D () C:\FTBLite2
2015-01-04 20:54 - 2014-10-27 23:12 - 00000000 ____D () C:\Users\Jörn-Friedrich\Downloads\Neuer Ordner
2015-01-04 20:54 - 2012-04-07 19:32 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Daniel
2015-01-04 20:53 - 2014-11-10 16:36 - 00000000 ____D () C:\FTBLite
2015-01-04 20:53 - 2014-10-29 15:25 - 00000000 ____D () C:\Ultimate
2015-01-04 20:51 - 2013-12-23 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-02 16:06 - 2014-04-13 17:32 - 00000440 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2014-12-28 21:40 - 2009-07-14 05:45 - 00304160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 20:40 - 2014-09-07 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-12-28 20:40 - 2012-04-07 18:48 - 00072296 _____ () C:\Users\Jörn-Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 00:08 - 2014-04-21 19:26 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-12-27 00:08 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\GlarySoft
2014-12-25 11:32 - 2011-08-22 17:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 11:31 - 2013-11-11 20:22 - 00000000 ____D () C:\Users\Jörn-Friedrich\Documents\My Games
2014-12-25 11:31 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 11:29 - 2014-09-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2013
2014-12-25 07:51 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\DiskDefrag
2014-12-24 15:48 - 2013-09-16 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\.minecraft
2014-12-23 23:04 - 2013-05-21 17:45 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\CrashDumps
2014-12-22 09:52 - 2014-10-27 10:01 - 00021504 ___SH () C:\Users\Jörn-Friedrich\Documents\Thumbs.db
2014-12-21 23:06 - 2012-04-08 09:27 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-21 23:06 - 2012-04-08 09:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-12 18:23 - 2012-04-07 18:46 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 17:39 - 2014-09-11 10:00 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Ebay-Bilder
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-11 17:52 - 2014-08-29 22:01 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\Adobe
2014-12-11 17:52 - 2012-04-30 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 17:52 - 2011-08-22 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 16:00 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-10 15:37 - 2013-02-21 20:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 08:42 - 2014-05-08 17:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 08:10 - 2012-04-15 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 08:09 - 2013-07-24 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 08:05 - 2011-03-14 15:08 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
Some content of TEMP:
====================
C:\Users\Jörn-Friedrich\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 12:33
==================== End Of Log ============================
--- --- --- [/CODE] [ und die Additional CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015 Ran by Jörn-Friedrich at 2015-01-08 15:38:09 Running from C:\Users\Jörn-Friedrich\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: ThreatFire (Enabled - Out of date) {EDD97D31-048C-2774-0FBE-26EE50D6465E} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ThreatFire (Enabled - Out of date) {56B89CD5-22B6-28FA-350E-1D9C2B510CE3} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 5700_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{2F949F9F-EBD4-8597-5CF0-6370C0161CC9}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM-x32\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG) Boost Your Browser (HKLM-x32\...\{28AAEC25-198C-44D6-8D70-77494DFA8DB4}) (Version: 0.7 - Nikozen) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Browser 7 der Telekom 33.0.11 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 33.0.11 (x86 de)) (Version: 33.0.11 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.20 - Deutsche Telekom AG) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden DSL-Manager (HKLM-x32\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - ) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP OfficeJet J5700 (HKLM\...\{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}) (Version: 13.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) J5700 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden J5700_Basic (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 7.0 - Abelssoft) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Klett Lehrersoftware Green Line (Band 2) (HKLM-x32\...\Klett Lehrersoftware Green Line (Band 2)) (Version: - ) Klett Lehrersoftware Green Line (Band 3) (HKLM-x32\...\Klett Lehrersoftware Green Line (Band 3)) (Version: - ) Klett Lehrersoftware Green Line (HKLM-x32\...\Klett Lehrersoftware Green Line) (Version: - ) Klett Lehrersoftware Green Line NI (Band 2) (HKLM-x32\...\Klett Lehrersoftware Green Line NI (Band 2)) (Version: - ) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla) Mozilla Firefox 34.0.5 (x86 de) (HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Naturwissenschaften Arbeitsblätter 1 (HKLM-x32\...\{54DA4E8E-61F3-481F-8805-1CA64C07FC87}) (Version: 1.00 - ) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Ökologie (HKLM-x32\...\{0746C6D7-3FD1-42FB-99D1-6B0B73DE2B55}) (Version: 1.00.0001 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Studie zur Verbesserung von HP Photosmart 5520 series Produkten (HKLM\...\{B99F865A-3ECB-4E65-B6CF-9C60EE0273A3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) ThreatFire (HKLM-x32\...\3554AA4B-9B0B-451a-A269-2B5F53982209_is1) (Version: - PC Tools) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VipBoxSportsApp (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - VipBoxSportsApp.com) <==== ATTENTION VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-12-2014 20:39:55 Avira System Speedup 1.5 28-12-2014 20:41:32 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden 04-01-2015 19:00:20 Windows-Sicherung ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-11-09 23:59 - 00000000 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {14167E82-08E3-43D1-8996-92B8704A17CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.4.0.13\WSCStub.exe Task: {2F3BDC2E-3B25-4EA8-B601-08D71FE8BEA8} - System32\Tasks\HP AR Program Upload - 103e5ea9e68e48ef898ffab3d0a7a7445b5c4caf35164e4098a8b06afc6fbe03 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {31FF28B0-07B4-4C30-996A-9C7455CF2915} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.4.0.13\SymErr.exe Task: {4049C539-2E99-4D05-A142-F744CB0B4789} - System32\Tasks\{04325A7F-AC69-40B9-ACCA-1E26234D2AD8} => pcalua.exe -a E:\setup.exe -d E:\ Task: {421AFE08-3326-42DC-A055-9DD157BD9DA3} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG) Task: {58A2DFA0-EF80-4FB7-A453-F9A32BC3F399} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {69C17C76-6BAC-407C-97A7-E09ED59BE675} - System32\Tasks\{E87B0CB2-0127-49B7-AA1D-86BA5E8798C2} => pcalua.exe -a "G:\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe" -d "G:\HP\Digital Imaging\extcapuninstall" Task: {6F2D98EB-AE99-46DE-BB8C-D07E8344609D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {70C0E124-F204-4585-A613-A3B382A7D26E} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {77338522-067F-4C6D-8CB3-859A2C873B0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.) Task: {77B585CA-9A54-47F6-ABB0-B9388DA62A26} - System32\Tasks\{D7AB6A25-7202-43CF-BA83-2842E956B1D7} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {8A3E707F-78D2-4D21-95D1-C869FA38DBB6} - System32\Tasks\{00A86ABF-1645-4E19-893D-25ACB9B82BC9} => C:\Klett\Lehrersoftware\Green Line\Lehrersoftware.exe [2005-12-20] (Macromedia, Inc.) Task: {92757F55-94DF-492E-8795-F2351D92EE84} - System32\Tasks\{7AE043A9-E5AA-4A32-89D4-16A49C5E3C9C} => pcalua.exe -a "C:\Users\Jörn-Friedrich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P267NJTQ\wmp11-windowsxp-x86-DE-DE.exe" -d C:\Users\Jörn-Friedrich\Desktop Task: {979A520B-4783-4851-8050-9747AFB96B3E} - System32\Tasks\{C881014E-0543-4815-9A23-3100B712CD5E} => pcalua.exe -a E:\Sicherheits-Center\GData\GER_R_ESD_CBE_IS.exe -d E:\Sicherheits-Center\GData Task: {C3CD27DE-50EA-4576-9933-85D6915AE966} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.4.0.13\SymErr.exe Task: {C95C76E9-A64F-4E79-911E-72033E53867C} - System32\Tasks\{756982EA-90AB-47AD-84D0-D3DBD20BC3A3} => pcalua.exe -a C:\Users\Jörn-Friedrich\Desktop\Daniel\FarmingSimulator2009DemoDE.exe -d C:\Users\Jörn-Friedrich\Desktop\Daniel Task: {CD66F585-14E8-4687-878D-F9765BE0D3E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {D3662D69-499E-4581-B396-DFDB9B8DF91D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {DB70218F-C5A9-4B44-BD19-2239915FCA25} - System32\Tasks\{B460C4DC-CF64-4DE4-A8F8-594015661CB0} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {EFBD5344-A11D-4E94-9D61-41B99D08A0A2} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2013-12-18] (Ashampoo Development GmbH & Co. KG) Task: {F95910D3-D842-47A8-A0CF-CA21AE2CC349} - System32\Tasks\4787 => Wscript.exe C:\Users\JRN-FR~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {FCABCB2F-FABD-4C40-A596-785A11AC11CE} - System32\Tasks\{01F6BFF5-BB14-46FD-B1A6-96DCABFF52B9} => pcalua.exe -a C:\PROGRA~2\Klett\LEHRER~1\UNWISE.EXE -c C:\PROGRA~2\Klett\LEHRER~1\INSTALL.LOG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-10-15 15:22 - 2014-10-15 15:22 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll 2011-08-22 17:03 - 2011-05-20 18:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-12-09 11:48 - 2014-12-09 11:48 - 03758192 _____ () C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:AD022376 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Allin1Convert_8h Browser Plugin Loader 64 => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon64.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-3173901494-1134987012-1569752986-500 - Administrator - Disabled) Gast (S-1-5-21-3173901494-1134987012-1569752986-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3173901494-1134987012-1569752986-1004 - Limited - Enabled) Jörn-Friedrich (S-1-5-21-3173901494-1134987012-1569752986-1001 - Administrator - Enabled) => C:\Users\Jörn-Friedrich ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/08/2015 08:28:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/08/2015 08:28:11 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/08/2015 08:28:09 AM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig Error: (01/07/2015 07:39:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 07:39:19 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 07:39:19 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 07:39:19 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 07:39:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (01/07/2015 07:39:15 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/07/2015 07:39:15 AM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) System errors: ============= Error: (01/07/2015 10:41:49 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/07/2015 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/07/2015 07:39:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (01/05/2015 09:59:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2015 09:59:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (01/04/2015 09:29:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/04/2015 09:29:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (01/04/2015 00:23:56 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/03/2015 08:42:49 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der Netzwerkhardwareadresse 10-3B-59-F3-97-A3 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (01/03/2015 10:09:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (09/20/2014 08:48:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-07-13 01:22:54.845 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-07-13 01:22:54.755 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. [/CODE] |
|
09.01.2015, 14:08
| #17 |
| /// the machine /// TB-Ausbilder    | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht Laptop: Fertig
__________________Dieser PC: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
10.01.2015, 00:30
| #18 |
| | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht Anbei die TDSS-Datei
__________________Code:
ATTFilter 23:59:40.0159 0x1374 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
00:00:02.0327 0x1374 ============================================================
00:00:02.0327 0x1374 Current date / time: 2015/01/10 00:00:02.0327
00:00:02.0327 0x1374 SystemInfo:
00:00:02.0327 0x1374
00:00:02.0327 0x1374 OS Version: 6.1.7601 ServicePack: 1.0
00:00:02.0327 0x1374 Product type: Workstation
00:00:02.0327 0x1374 ComputerName: JF29
00:00:02.0327 0x1374 UserName: Jörn-Friedrich
00:00:02.0327 0x1374 Windows directory: C:\Windows
00:00:02.0327 0x1374 System windows directory: C:\Windows
00:00:02.0327 0x1374 Running under WOW64
00:00:02.0327 0x1374 Processor architecture: Intel x64
00:00:02.0327 0x1374 Number of processors: 4
00:00:02.0327 0x1374 Page size: 0x1000
00:00:02.0327 0x1374 Boot type: Normal boot
00:00:02.0327 0x1374 ============================================================
00:00:03.0462 0x1374 KLMD registered as C:\Windows\system32\drivers\41043480.sys
00:00:04.0013 0x1374 System UUID: {A83C0347-5D7A-FDC2-68E4-98FD211F786C}
00:00:05.0401 0x1374 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:00:05.0440 0x1374 ============================================================
00:00:05.0440 0x1374 \Device\Harddisk0\DR0:
00:00:05.0441 0x1374 MBR partitions:
00:00:05.0441 0x1374 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:00:05.0441 0x1374 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454000
00:00:05.0441 0x1374 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
00:00:05.0441 0x1374 ============================================================
00:00:05.0539 0x1374 C: <-> \Device\Harddisk0\DR0\Partition2
00:00:05.0574 0x1374 D: <-> \Device\Harddisk0\DR0\Partition3
00:00:05.0574 0x1374 ============================================================
00:00:05.0574 0x1374 Initialize success
00:00:05.0574 0x1374 ============================================================
00:00:51.0558 0x032c ============================================================
00:00:51.0558 0x032c Scan started
00:00:51.0558 0x032c Mode: Manual; SigCheck; TDLFS;
00:00:51.0558 0x032c ============================================================
00:00:51.0558 0x032c KSN ping started
00:00:54.0007 0x032c KSN ping finished: true
00:00:54.0647 0x032c ================ Scan system memory ========================
00:00:54.0647 0x032c System memory - ok
00:00:54.0647 0x032c ================ Scan services =============================
00:00:54.0772 0x032c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:00:54.0896 0x032c 1394ohci - ok
00:00:54.0943 0x032c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:00:54.0959 0x032c ACPI - ok
00:00:54.0990 0x032c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:00:55.0021 0x032c AcpiPmi - ok
00:00:55.0099 0x032c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:00:55.0146 0x032c AdobeARMservice - ok
00:00:55.0162 0x032c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:00:55.0177 0x032c adp94xx - ok
00:00:55.0240 0x032c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:00:55.0255 0x032c adpahci - ok
00:00:55.0286 0x032c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:00:55.0302 0x032c adpu320 - ok
00:00:55.0333 0x032c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:00:55.0411 0x032c AeLookupSvc - ok
00:00:55.0458 0x032c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
00:00:55.0489 0x032c AFD - ok
00:00:55.0536 0x032c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
00:00:55.0536 0x032c agp440 - ok
00:00:55.0552 0x032c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
00:00:55.0598 0x032c ALG - ok
00:00:55.0614 0x032c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
00:00:55.0630 0x032c aliide - ok
00:00:55.0661 0x032c [ C08ADE825268D291AFE06EDA71415C7D, 0AB351119D6ACAAED51F8091294AE6CE4A6EC980B14796D8FA0F14F399A1FF1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:00:55.0723 0x032c AMD External Events Utility - ok
00:00:55.0739 0x032c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
00:00:55.0754 0x032c amdide - ok
00:00:55.0786 0x032c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:00:55.0801 0x032c AmdK8 - ok
00:00:56.0098 0x032c [ F59A32A90C4F96189CD74473F7BE572B, 278D81DBFA1E31ED3AB7A0A3F675E4236D356FD78AD4C149BCD9415F4F5F08A3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:00:56.0394 0x032c amdkmdag - ok
00:00:56.0441 0x032c [ 0327723D45A7BB7C1FE4835EB784AC61, B1A9C51C911045F11582CEDC2A5D3A51AB5AD08C341FE1BCEE021E179EA2C81B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:00:56.0472 0x032c amdkmdap - ok
00:00:56.0503 0x032c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:00:56.0503 0x032c AmdPPM - ok
00:00:56.0534 0x032c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:00:56.0550 0x032c amdsata - ok
00:00:56.0566 0x032c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:00:56.0581 0x032c amdsbs - ok
00:00:56.0581 0x032c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:00:56.0597 0x032c amdxata - ok
00:00:56.0690 0x032c [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:00:56.0706 0x032c AntiVirSchedulerService - ok
00:00:56.0753 0x032c [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:00:56.0768 0x032c AntiVirService - ok
00:00:56.0800 0x032c [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
00:00:56.0831 0x032c AppID - ok
00:00:56.0846 0x032c [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:00:56.0893 0x032c AppIDSvc - ok
00:00:56.0940 0x032c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
00:00:56.0971 0x032c Appinfo - ok
00:00:57.0034 0x032c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
00:00:57.0049 0x032c arc - ok
00:00:57.0065 0x032c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:00:57.0080 0x032c arcsas - ok
00:00:57.0127 0x032c [ D6D2BB2F4F5868549DDE75F3146BC84E, FE2965649FF62696D30A4A7C377064EA2A27F03511DAF781913AA055A5FED323 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
00:00:57.0236 0x032c asmthub3 - ok
00:00:57.0299 0x032c [ 1E758172367DC2A3653F16586D62A3F0, 5395781F2B71CD9050F6CF75779D661F98E816A263ABA51153D14E21B73D4BC4 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
00:00:57.0361 0x032c asmtxhci - ok
00:00:57.0455 0x032c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:00:57.0470 0x032c aspnet_state - ok
00:00:57.0502 0x032c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:00:57.0533 0x032c AsyncMac - ok
00:00:57.0564 0x032c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
00:00:57.0580 0x032c atapi - ok
00:00:57.0611 0x032c [ 230CF51113CD4B830B3BFD09B0D4C066, 54751AA93E5E697A09B9C02EED34BFFE4B9C98B69490B738BFD4127EACC0E39F ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:00:57.0626 0x032c AtiHDAudioService - ok
00:00:57.0658 0x032c [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:00:57.0704 0x032c AudioEndpointBuilder - ok
00:00:57.0736 0x032c [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:00:57.0767 0x032c AudioSrv - ok
00:00:57.0798 0x032c [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:00:57.0814 0x032c avgntflt - ok
00:00:57.0845 0x032c [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:00:57.0860 0x032c avipbb - ok
00:00:57.0923 0x032c [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
00:00:57.0923 0x032c Avira.OE.ServiceHost - ok
00:00:57.0954 0x032c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:00:57.0954 0x032c avkmgr - ok
00:00:57.0985 0x032c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:00:58.0032 0x032c AxInstSV - ok
00:00:58.0079 0x032c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:00:58.0110 0x032c b06bdrv - ok
00:00:58.0157 0x032c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:00:58.0172 0x032c b57nd60a - ok
00:00:58.0204 0x032c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
00:00:58.0235 0x032c BDESVC - ok
00:00:58.0250 0x032c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
00:00:58.0282 0x032c Beep - ok
00:00:58.0313 0x032c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
00:00:58.0360 0x032c BFE - ok
00:00:58.0391 0x032c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
00:00:58.0562 0x032c BITS - ok
00:00:58.0578 0x032c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:00:58.0609 0x032c blbdrive - ok
00:00:58.0640 0x032c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:00:58.0672 0x032c bowser - ok
00:00:58.0703 0x032c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:00:58.0718 0x032c BrFiltLo - ok
00:00:58.0718 0x032c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:00:58.0734 0x032c BrFiltUp - ok
00:00:58.0765 0x032c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
00:00:58.0781 0x032c Browser - ok
00:00:58.0843 0x032c [ 84FA9DC43E5E7AA2D359CAA018A780A3, 5E311CA36FED62728E713D27D1FC21D22E567D9E54610A3C6999DCD558BF18F5 ] Browser7Maintenance C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe
00:00:58.0859 0x032c Browser7Maintenance - detected UnsignedFile.Multi.Generic ( 1 )
00:01:01.0261 0x032c Detect skipped due to KSN trusted
00:01:01.0261 0x032c Browser7Maintenance - ok
00:01:01.0277 0x032c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:01:01.0324 0x032c Brserid - ok
00:01:01.0339 0x032c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:01:01.0355 0x032c BrSerWdm - ok
00:01:01.0355 0x032c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:01:01.0386 0x032c BrUsbMdm - ok
00:01:01.0433 0x032c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:01:01.0448 0x032c BrUsbSer - ok
00:01:01.0464 0x032c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:01:01.0480 0x032c BTHMODEM - ok
00:01:01.0511 0x032c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
00:01:01.0542 0x032c bthserv - ok
00:01:01.0573 0x032c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:01:01.0589 0x032c cdfs - ok
00:01:01.0604 0x032c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:01:01.0620 0x032c cdrom - ok
00:01:01.0651 0x032c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
00:01:01.0682 0x032c CertPropSvc - ok
00:01:01.0698 0x032c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
00:01:01.0714 0x032c circlass - ok
00:01:01.0729 0x032c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
00:01:01.0745 0x032c CLFS - ok
00:01:01.0792 0x032c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:01:01.0807 0x032c clr_optimization_v2.0.50727_32 - ok
00:01:01.0854 0x032c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:01:01.0870 0x032c clr_optimization_v2.0.50727_64 - ok
00:01:01.0932 0x032c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:01:01.0948 0x032c clr_optimization_v4.0.30319_32 - ok
00:01:01.0948 0x032c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:01:01.0963 0x032c clr_optimization_v4.0.30319_64 - ok
00:01:01.0979 0x032c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
00:01:01.0979 0x032c CmBatt - ok
00:01:02.0010 0x032c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:01:02.0010 0x032c cmdide - ok
00:01:02.0057 0x032c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
00:01:02.0088 0x032c CNG - ok
00:01:02.0104 0x032c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:01:02.0119 0x032c Compbatt - ok
00:01:02.0119 0x032c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:01:02.0135 0x032c CompositeBus - ok
00:01:02.0135 0x032c COMSysApp - ok
00:01:02.0166 0x032c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:01:02.0182 0x032c crcdisk - ok
00:01:02.0197 0x032c [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:01:02.0228 0x032c CryptSvc - ok
00:01:02.0275 0x032c [ 95B3CEAF06A2DF96FE28CD0755D319C4, 4BFA65F9786AB80FF321A1D21C243DCCDA168FCD35394B1066BE9379A811F135 ] cysfdu C:\Windows\system32\drivers\hjvjkj.sys
00:01:02.0306 0x032c cysfdu - ok
00:01:02.0338 0x032c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:01:02.0369 0x032c DcomLaunch - ok
00:01:02.0400 0x032c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
00:01:02.0447 0x032c defragsvc - ok
00:01:02.0478 0x032c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:01:02.0509 0x032c DfsC - ok
00:01:02.0540 0x032c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:01:02.0572 0x032c Dhcp - ok
00:01:02.0572 0x032c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
00:01:02.0603 0x032c discache - ok
00:01:02.0618 0x032c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
00:01:02.0634 0x032c Disk - ok
00:01:02.0665 0x032c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:01:02.0696 0x032c Dnscache - ok
00:01:02.0712 0x032c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
00:01:02.0743 0x032c dot3svc - ok
00:01:02.0774 0x032c [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:01:02.0790 0x032c Dot4 - ok
00:01:02.0806 0x032c [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:01:02.0821 0x032c Dot4Print - ok
00:01:02.0837 0x032c [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:01:02.0837 0x032c dot4usb - ok
00:01:02.0852 0x032c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
00:01:02.0884 0x032c DPS - ok
00:01:02.0899 0x032c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:01:02.0930 0x032c drmkaud - ok
00:01:02.0977 0x032c [ D52EEB224DF107AAD9059597F0EB95CC, 40BE0E795CE981AB287FE93C509ED7FB11519B9A5173C7AC67D1EFB3E766859D ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys
00:01:02.0993 0x032c DslMNLwf - ok
00:01:03.0040 0x032c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:01:03.0071 0x032c DXGKrnl - ok
00:01:03.0071 0x032c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
00:01:03.0118 0x032c EapHost - ok
00:01:03.0196 0x032c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:01:03.0305 0x032c ebdrv - ok
00:01:03.0352 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
00:01:03.0367 0x032c EFS - ok
00:01:03.0430 0x032c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:01:03.0476 0x032c ehRecvr - ok
00:01:03.0492 0x032c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
00:01:03.0508 0x032c ehSched - ok
00:01:03.0539 0x032c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:01:03.0554 0x032c elxstor - ok
00:01:03.0586 0x032c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:01:03.0601 0x032c ErrDev - ok
00:01:03.0632 0x032c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
00:01:03.0664 0x032c EventSystem - ok
00:01:03.0695 0x032c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
00:01:03.0742 0x032c exfat - ok
00:01:03.0757 0x032c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:01:03.0788 0x032c fastfat - ok
00:01:03.0804 0x032c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
00:01:03.0851 0x032c Fax - ok
00:01:03.0866 0x032c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
00:01:03.0882 0x032c fdc - ok
00:01:03.0898 0x032c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
00:01:03.0929 0x032c fdPHost - ok
00:01:03.0944 0x032c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
00:01:03.0976 0x032c FDResPub - ok
00:01:03.0991 0x032c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:01:04.0007 0x032c FileInfo - ok
00:01:04.0007 0x032c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:01:04.0038 0x032c Filetrace - ok
00:01:04.0038 0x032c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:01:04.0054 0x032c flpydisk - ok
00:01:04.0069 0x032c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:01:04.0085 0x032c FltMgr - ok
00:01:04.0132 0x032c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
00:01:04.0194 0x032c FontCache - ok
00:01:04.0256 0x032c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:01:04.0256 0x032c FontCache3.0.0.0 - ok
00:01:04.0272 0x032c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:01:04.0288 0x032c FsDepends - ok
00:01:04.0303 0x032c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:01:04.0303 0x032c Fs_Rec - ok
00:01:04.0334 0x032c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:01:04.0350 0x032c fvevol - ok
00:01:04.0366 0x032c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:01:04.0381 0x032c gagp30kx - ok
00:01:04.0412 0x032c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
00:01:04.0459 0x032c gpsvc - ok
00:01:04.0522 0x032c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:01:04.0522 0x032c gupdate - ok
00:01:04.0537 0x032c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:01:04.0537 0x032c gupdatem - ok
00:01:04.0584 0x032c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:01:04.0600 0x032c gusvc - ok
00:01:04.0631 0x032c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:01:04.0662 0x032c hcw85cir - ok
00:01:04.0693 0x032c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:01:04.0724 0x032c HdAudAddService - ok
00:01:04.0740 0x032c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:01:04.0756 0x032c HDAudBus - ok
00:01:04.0771 0x032c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:01:04.0787 0x032c HidBatt - ok
00:01:04.0787 0x032c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:01:04.0818 0x032c HidBth - ok
00:01:04.0818 0x032c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
00:01:04.0834 0x032c HidIr - ok
00:01:04.0849 0x032c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
00:01:04.0880 0x032c hidserv - ok
00:01:04.0912 0x032c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:01:04.0912 0x032c HidUsb - ok
00:01:04.0943 0x032c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:01:04.0990 0x032c hkmsvc - ok
00:01:05.0005 0x032c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:01:05.0036 0x032c HomeGroupListener - ok
00:01:05.0052 0x032c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:01:05.0068 0x032c HomeGroupProvider - ok
00:01:05.0146 0x032c [ 08457D8F8149757C70CEA59C71EC5D27, DC89AB78F423950E1C1A6B64CE46E6395AA8F43456A70BE1D3A517F568068BA5 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:01:05.0146 0x032c hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
00:01:07.0564 0x032c Detect skipped due to KSN trusted
00:01:07.0564 0x032c hpqcxs08 - ok
00:01:07.0595 0x032c [ 75CC8C5146A3FB76221A7606628778D5, 2FDD943E22E38083639DF61335DEFE9C38685158D8BF0528834C1B657DC1DE6F ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:01:07.0595 0x032c hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
00:01:09.0997 0x032c Detect skipped due to KSN trusted
00:01:09.0997 0x032c hpqddsvc - ok
00:01:10.0028 0x032c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:01:10.0028 0x032c HpSAMD - ok
00:01:10.0075 0x032c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:01:10.0138 0x032c HTTP - ok
00:01:10.0153 0x032c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:01:10.0169 0x032c hwpolicy - ok
00:01:10.0184 0x032c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:01:10.0200 0x032c i8042prt - ok
00:01:10.0216 0x032c [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor C:\Windows\system32\drivers\iaStor.sys
00:01:10.0247 0x032c iaStor - ok
00:01:10.0294 0x032c [ D41861E56E7552C13674D7F147A02464, A361AE723FEEFD8D34D259F667ED14EEEC3B8ED6458522AC5D50C08E281B298B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:01:10.0294 0x032c IAStorDataMgrSvc - ok
00:01:10.0309 0x032c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:01:10.0325 0x032c iaStorV - ok
00:01:10.0372 0x032c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:01:10.0403 0x032c idsvc - ok
00:01:10.0418 0x032c IEEtwCollectorService - ok
00:01:10.0590 0x032c [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:01:10.0777 0x032c igfx - ok
00:01:10.0793 0x032c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:01:10.0808 0x032c iirsp - ok
00:01:10.0840 0x032c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
00:01:10.0886 0x032c IKEEXT - ok
00:01:10.0980 0x032c [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:01:11.0058 0x032c IntcAzAudAddService - ok
00:01:11.0105 0x032c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
00:01:11.0105 0x032c intelide - ok
00:01:11.0120 0x032c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:01:11.0152 0x032c intelppm - ok
00:01:11.0183 0x032c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:01:11.0214 0x032c IPBusEnum - ok
00:01:11.0230 0x032c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:01:11.0261 0x032c IpFilterDriver - ok
00:01:11.0308 0x032c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:01:11.0339 0x032c iphlpsvc - ok
00:01:11.0354 0x032c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:01:11.0354 0x032c IPMIDRV - ok
00:01:11.0386 0x032c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:01:11.0417 0x032c IPNAT - ok
00:01:11.0417 0x032c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:01:11.0432 0x032c IRENUM - ok
00:01:11.0448 0x032c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:01:11.0448 0x032c isapnp - ok
00:01:11.0479 0x032c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:01:11.0495 0x032c iScsiPrt - ok
00:01:11.0526 0x032c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:01:11.0526 0x032c kbdclass - ok
00:01:11.0542 0x032c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:01:11.0557 0x032c kbdhid - ok
00:01:11.0573 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
00:01:11.0573 0x032c KeyIso - ok
00:01:11.0604 0x032c [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:01:11.0620 0x032c KSecDD - ok
00:01:11.0635 0x032c [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:01:11.0651 0x032c KSecPkg - ok
00:01:11.0666 0x032c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:01:11.0698 0x032c ksthunk - ok
00:01:11.0729 0x032c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
00:01:11.0760 0x032c KtmRm - ok
00:01:11.0807 0x032c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:01:11.0838 0x032c LanmanServer - ok
00:01:11.0885 0x032c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:01:11.0932 0x032c LanmanWorkstation - ok
00:01:11.0947 0x032c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:01:11.0978 0x032c lltdio - ok
00:01:12.0010 0x032c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:01:12.0056 0x032c lltdsvc - ok
00:01:12.0072 0x032c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:01:12.0103 0x032c lmhosts - ok
00:01:12.0134 0x032c [ 1584DEEAE5AA0E3FB045F3D0EAC585EA, 27DE800E2A609827D9D972F7B9D196870E5875F9A09FB0CC3EBBC593294D7BDD ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:01:12.0134 0x032c LMS - ok
00:01:12.0150 0x032c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:01:12.0166 0x032c LSI_FC - ok
00:01:12.0181 0x032c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:01:12.0181 0x032c LSI_SAS - ok
00:01:12.0197 0x032c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:01:12.0197 0x032c LSI_SAS2 - ok
00:01:12.0228 0x032c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:01:12.0228 0x032c LSI_SCSI - ok
00:01:12.0244 0x032c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
00:01:12.0275 0x032c luafv - ok
00:01:12.0306 0x032c MBAMSwissArmy - ok
00:01:12.0322 0x032c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:01:12.0322 0x032c Mcx2Svc - ok
00:01:12.0337 0x032c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
00:01:12.0353 0x032c megasas - ok
00:01:12.0368 0x032c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:01:12.0384 0x032c MegaSR - ok
00:01:12.0400 0x032c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
00:01:12.0400 0x032c MEIx64 - ok
00:01:12.0431 0x032c [ 8A43D23ACE2E8C95A2D87B6E9599DEDA, 18683A7CE5AF0A9C5D7E33EB99588AE55FC61103A8894F3F45E2101355966A71 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
00:01:12.0446 0x032c MemeoBackgroundService - ok
00:01:12.0462 0x032c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
00:01:12.0478 0x032c MMCSS - ok
00:01:12.0493 0x032c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
00:01:12.0509 0x032c Modem - ok
00:01:12.0524 0x032c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:01:12.0540 0x032c monitor - ok
00:01:12.0556 0x032c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:01:12.0556 0x032c mouclass - ok
00:01:12.0587 0x032c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:01:12.0618 0x032c mouhid - ok
00:01:12.0634 0x032c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:01:12.0634 0x032c mountmgr - ok
00:01:12.0680 0x032c [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:01:12.0680 0x032c MozillaMaintenance - ok
00:01:12.0712 0x032c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
00:01:12.0712 0x032c mpio - ok
00:01:12.0743 0x032c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:01:12.0758 0x032c mpsdrv - ok
00:01:12.0790 0x032c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:01:12.0836 0x032c MpsSvc - ok
00:01:12.0868 0x032c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:01:12.0899 0x032c MRxDAV - ok
00:01:12.0930 0x032c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:01:12.0946 0x032c mrxsmb - ok
00:01:12.0977 0x032c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:01:12.0992 0x032c mrxsmb10 - ok
00:01:13.0008 0x032c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:01:13.0024 0x032c mrxsmb20 - ok
00:01:13.0055 0x032c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
00:01:13.0070 0x032c msahci - ok
00:01:13.0070 0x032c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:01:13.0086 0x032c msdsm - ok
00:01:13.0102 0x032c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
00:01:13.0117 0x032c MSDTC - ok
00:01:13.0133 0x032c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:01:13.0148 0x032c Msfs - ok
00:01:13.0164 0x032c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:01:13.0180 0x032c mshidkmdf - ok
00:01:13.0211 0x032c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:01:13.0211 0x032c msisadrv - ok
00:01:13.0258 0x032c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:01:13.0273 0x032c MSiSCSI - ok
00:01:13.0289 0x032c msiserver - ok
00:01:13.0289 0x032c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:01:13.0320 0x032c MSKSSRV - ok
00:01:13.0336 0x032c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:01:13.0367 0x032c MSPCLOCK - ok
00:01:13.0382 0x032c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:01:13.0414 0x032c MSPQM - ok
00:01:13.0429 0x032c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:01:13.0445 0x032c MsRPC - ok
00:01:13.0460 0x032c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:01:13.0476 0x032c mssmbios - ok
00:01:13.0476 0x032c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:01:13.0523 0x032c MSTEE - ok
00:01:13.0554 0x032c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:01:13.0554 0x032c MTConfig - ok
00:01:13.0570 0x032c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
00:01:13.0585 0x032c Mup - ok
00:01:13.0616 0x032c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
00:01:13.0648 0x032c napagent - ok
00:01:13.0663 0x032c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:01:13.0694 0x032c NativeWifiP - ok
00:01:13.0741 0x032c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
00:01:13.0772 0x032c NDIS - ok
00:01:13.0788 0x032c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:01:13.0804 0x032c NdisCap - ok
00:01:13.0819 0x032c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:01:13.0850 0x032c NdisTapi - ok
00:01:13.0850 0x032c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:01:13.0882 0x032c Ndisuio - ok
00:01:13.0897 0x032c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:01:13.0913 0x032c NdisWan - ok
00:01:13.0928 0x032c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:01:13.0960 0x032c NDProxy - ok
00:01:13.0991 0x032c [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:01:13.0991 0x032c Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
00:01:16.0409 0x032c Detect skipped due to KSN trusted
00:01:16.0409 0x032c Net Driver HPZ12 - ok
00:01:16.0424 0x032c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:01:16.0456 0x032c NetBIOS - ok
00:01:16.0487 0x032c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:01:16.0518 0x032c NetBT - ok
00:01:16.0534 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
00:01:16.0534 0x032c Netlogon - ok
00:01:16.0580 0x032c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
00:01:16.0612 0x032c Netman - ok
00:01:16.0643 0x032c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:01:16.0658 0x032c NetMsmqActivator - ok
00:01:16.0658 0x032c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:01:16.0674 0x032c NetPipeActivator - ok
00:01:16.0705 0x032c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
00:01:16.0752 0x032c netprofm - ok
00:01:16.0752 0x032c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:01:16.0768 0x032c NetTcpActivator - ok
00:01:16.0768 0x032c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:01:16.0783 0x032c NetTcpPortSharing - ok
00:01:16.0799 0x032c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:01:16.0814 0x032c nfrd960 - ok
00:01:16.0846 0x032c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:01:16.0861 0x032c NlaSvc - ok
00:01:16.0877 0x032c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:01:16.0908 0x032c Npfs - ok
00:01:16.0908 0x032c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
00:01:16.0939 0x032c nsi - ok
00:01:16.0970 0x032c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:01:17.0002 0x032c nsiproxy - ok
00:01:17.0080 0x032c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:01:17.0142 0x032c Ntfs - ok
00:01:17.0158 0x032c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
00:01:17.0204 0x032c Null - ok
00:01:17.0236 0x032c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:01:17.0236 0x032c nvraid - ok
00:01:17.0267 0x032c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:01:17.0267 0x032c nvstor - ok
00:01:17.0282 0x032c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:01:17.0298 0x032c nv_agp - ok
00:01:17.0376 0x032c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:01:17.0407 0x032c odserv - ok
00:01:17.0438 0x032c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:01:17.0438 0x032c ohci1394 - ok
00:01:17.0485 0x032c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:01:17.0485 0x032c ose - ok
00:01:17.0501 0x032c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:01:17.0548 0x032c p2pimsvc - ok
00:01:17.0579 0x032c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
00:01:17.0594 0x032c p2psvc - ok
00:01:17.0610 0x032c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
00:01:17.0641 0x032c Parport - ok
00:01:17.0672 0x032c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:01:17.0688 0x032c partmgr - ok
00:01:17.0719 0x032c [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:01:17.0750 0x032c PcaSvc - ok
00:01:17.0766 0x032c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
00:01:17.0782 0x032c pci - ok
00:01:17.0828 0x032c [ B0B1F1F117B9AA14ECE9DF979176520F, FA59D95935639AF910C07874B962D0B66E252C5BA66D5A387B87916EB9F0EEE6 ] PciDumpr C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys
00:01:17.0844 0x032c PciDumpr - detected UnsignedFile.Multi.Generic ( 1 )
00:01:20.0246 0x032c Detect skipped due to KSN trusted
00:01:20.0246 0x032c PciDumpr - ok
00:01:20.0293 0x032c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
00:01:20.0293 0x032c pciide - ok
00:01:20.0309 0x032c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:01:20.0324 0x032c pcmcia - ok
00:01:20.0356 0x032c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
00:01:20.0371 0x032c pcw - ok
00:01:20.0387 0x032c [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:01:20.0418 0x032c PEAUTH - ok
00:01:20.0480 0x032c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:01:20.0480 0x032c PerfHost - ok
00:01:20.0543 0x032c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
00:01:20.0636 0x032c pla - ok
00:01:20.0668 0x032c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:01:20.0714 0x032c PlugPlay - ok
00:01:20.0746 0x032c [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:01:20.0777 0x032c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
00:01:23.0179 0x032c Detect skipped due to KSN trusted
00:01:23.0179 0x032c Pml Driver HPZ12 - ok
00:01:23.0179 0x032c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:01:23.0210 0x032c PNRPAutoReg - ok
00:01:23.0242 0x032c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:01:23.0257 0x032c PNRPsvc - ok
00:01:23.0288 0x032c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:01:23.0335 0x032c PolicyAgent - ok
00:01:23.0366 0x032c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
00:01:23.0382 0x032c Power - ok
00:01:23.0413 0x032c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:01:23.0444 0x032c PptpMiniport - ok
00:01:23.0476 0x032c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
00:01:23.0491 0x032c Processor - ok
00:01:23.0538 0x032c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
00:01:23.0554 0x032c ProfSvc - ok
00:01:23.0569 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:01:23.0585 0x032c ProtectedStorage - ok
00:01:23.0600 0x032c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:01:23.0632 0x032c Psched - ok
00:01:23.0647 0x032c [ CD33CB6FECF65520466F95AB89CC4AF5, 928F192AC554A2CF0BFC80FA08ACF207BB8286661695DB424808EAAA3EE29358 ] PSSDK42 C:\Windows\system32\Drivers\pssdk42.sys
00:01:23.0647 0x032c PSSDK42 - ok
00:01:23.0663 0x032c [ 07A3500CF1C3325568D1B85683CE4517, 7824B81BE1B5DB79D4C4A9AB53ACF4749E54F0AE3C7D2DD3B535BFA87A85E76B ] PSSDKLBF C:\Windows\system32\Drivers\pssdklbf.sys
00:01:23.0663 0x032c PSSDKLBF - ok
00:01:23.0725 0x032c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:01:23.0772 0x032c ql2300 - ok
00:01:23.0788 0x032c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:01:23.0788 0x032c ql40xx - ok
00:01:23.0803 0x032c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
00:01:23.0819 0x032c QWAVE - ok
00:01:23.0834 0x032c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:01:23.0866 0x032c QWAVEdrv - ok
00:01:23.0881 0x032c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:01:23.0912 0x032c RasAcd - ok
00:01:23.0912 0x032c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:01:23.0928 0x032c RasAgileVpn - ok
00:01:23.0944 0x032c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
00:01:23.0975 0x032c RasAuto - ok
00:01:23.0990 0x032c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:01:24.0022 0x032c Rasl2tp - ok
00:01:24.0037 0x032c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
00:01:24.0068 0x032c RasMan - ok
00:01:24.0084 0x032c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:01:24.0115 0x032c RasPppoe - ok
00:01:24.0115 0x032c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:01:24.0146 0x032c RasSstp - ok
00:01:24.0178 0x032c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:01:24.0209 0x032c rdbss - ok
00:01:24.0224 0x032c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
00:01:24.0224 0x032c rdpbus - ok
00:01:24.0240 0x032c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:01:24.0271 0x032c RDPCDD - ok
00:01:24.0287 0x032c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:01:24.0318 0x032c RDPENCDD - ok
00:01:24.0318 0x032c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:01:24.0349 0x032c RDPREFMP - ok
00:01:24.0412 0x032c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:01:24.0458 0x032c RdpVideoMiniport - ok
00:01:24.0490 0x032c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:01:24.0505 0x032c RDPWD - ok
00:01:24.0521 0x032c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:01:24.0536 0x032c rdyboost - ok
00:01:24.0583 0x032c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:01:24.0614 0x032c RemoteAccess - ok
00:01:24.0630 0x032c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:01:24.0692 0x032c RemoteRegistry - ok
00:01:24.0692 0x032c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:01:24.0739 0x032c RpcEptMapper - ok
00:01:24.0755 0x032c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
00:01:24.0770 0x032c RpcLocator - ok
00:01:24.0817 0x032c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
00:01:24.0864 0x032c RpcSs - ok
00:01:24.0880 0x032c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:01:24.0911 0x032c rspndr - ok
00:01:24.0942 0x032c [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:01:24.0973 0x032c RTL8167 - ok
00:01:25.0020 0x032c [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
00:01:25.0036 0x032c RTL8192su - ok
00:01:25.0051 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
00:01:25.0067 0x032c SamSs - ok
00:01:25.0098 0x032c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:01:25.0098 0x032c sbp2port - ok
00:01:25.0114 0x032c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:01:25.0145 0x032c SCardSvr - ok
00:01:25.0160 0x032c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:01:25.0192 0x032c scfilter - ok
00:01:25.0223 0x032c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
00:01:25.0270 0x032c Schedule - ok
00:01:25.0301 0x032c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:01:25.0316 0x032c SCPolicySvc - ok
00:01:25.0348 0x032c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:01:25.0363 0x032c SDRSVC - ok
00:01:25.0379 0x032c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:01:25.0410 0x032c secdrv - ok
00:01:25.0410 0x032c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
00:01:25.0441 0x032c seclogon - ok
00:01:25.0441 0x032c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
00:01:25.0472 0x032c SENS - ok
00:01:25.0488 0x032c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:01:25.0519 0x032c SensrSvc - ok
00:01:25.0535 0x032c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:01:25.0550 0x032c Serenum - ok
00:01:25.0566 0x032c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
00:01:25.0597 0x032c Serial - ok
00:01:25.0613 0x032c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:01:25.0628 0x032c sermouse - ok
00:01:25.0644 0x032c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
00:01:25.0675 0x032c SessionEnv - ok
00:01:25.0691 0x032c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:01:25.0706 0x032c sffdisk - ok
00:01:25.0706 0x032c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:01:25.0722 0x032c sffp_mmc - ok
00:01:25.0722 0x032c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:01:25.0738 0x032c sffp_sd - ok
00:01:25.0769 0x032c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:01:25.0800 0x032c sfloppy - ok
00:01:25.0847 0x032c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:01:25.0878 0x032c SharedAccess - ok
00:01:25.0925 0x032c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:01:25.0956 0x032c ShellHWDetection - ok
00:01:25.0972 0x032c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:01:25.0987 0x032c SiSRaid2 - ok
00:01:25.0987 0x032c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:01:26.0003 0x032c SiSRaid4 - ok
00:01:26.0050 0x032c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:01:26.0081 0x032c Smb - ok
00:01:26.0081 0x032c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:01:26.0112 0x032c SNMPTRAP - ok
00:01:26.0128 0x032c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
00:01:26.0143 0x032c spldr - ok
00:01:26.0190 0x032c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
00:01:26.0206 0x032c Spooler - ok
00:01:26.0299 0x032c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
00:01:26.0408 0x032c sppsvc - ok
00:01:26.0440 0x032c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:01:26.0471 0x032c sppuinotify - ok
00:01:26.0502 0x032c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:01:26.0533 0x032c srv - ok
00:01:26.0564 0x032c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:01:26.0596 0x032c srv2 - ok
00:01:26.0611 0x032c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:01:26.0627 0x032c srvnet - ok
00:01:26.0658 0x032c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:01:26.0674 0x032c SSDPSRV - ok
00:01:26.0689 0x032c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:01:26.0720 0x032c SstpSvc - ok
00:01:26.0752 0x032c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:01:26.0767 0x032c stexstor - ok
00:01:26.0798 0x032c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
00:01:26.0830 0x032c stisvc - ok
00:01:26.0861 0x032c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
00:01:26.0861 0x032c swenum - ok
00:01:26.0892 0x032c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
00:01:26.0923 0x032c swprv - ok
00:01:26.0970 0x032c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
00:01:27.0048 0x032c SysMain - ok
00:01:27.0048 0x032c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:01:27.0064 0x032c TabletInputService - ok
00:01:27.0079 0x032c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
00:01:27.0126 0x032c TapiSrv - ok
00:01:27.0142 0x032c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
00:01:27.0173 0x032c TBS - ok
00:01:27.0251 0x032c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:01:27.0313 0x032c Tcpip - ok
00:01:27.0360 0x032c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:01:27.0407 0x032c TCPIP6 - ok
00:01:27.0438 0x032c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:01:27.0454 0x032c tcpipreg - ok
00:01:27.0485 0x032c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:01:27.0500 0x032c TDPIPE - ok
00:01:27.0578 0x032c [ 1226A953D4FDBDFD570DA5CEE66EAA55, 640922152493057519198A55373A82CD1C7DCF0C219F4ECE7D2C30363FFA1E86 ] TDslMgrService C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
00:01:27.0594 0x032c TDslMgrService - detected UnsignedFile.Multi.Generic ( 1 )
00:01:29.0996 0x032c Detect skipped due to KSN trusted
00:01:29.0996 0x032c TDslMgrService - ok
00:01:30.0028 0x032c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:01:30.0043 0x032c TDTCP - ok
00:01:30.0059 0x032c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:01:30.0090 0x032c tdx - ok
00:01:30.0106 0x032c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
00:01:30.0106 0x032c TermDD - ok
00:01:30.0152 0x032c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
00:01:30.0184 0x032c TermService - ok
00:01:30.0215 0x032c [ 21AC1FFD8F59B0EBFBBB2C3467E9F2CF, A8FA51AACA3652331DF1F94F9A3C4190500F212CBA0D528FF40D0D414EEB5BBE ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
00:01:30.0230 0x032c TfFsMon - ok
00:01:30.0246 0x032c [ B0EBE0CE99E4751CF7637A09FEAD7EDA, B672B84F743C1CF0646006A2D180F6AF7DF645236CA27432FE240C7A08E0BB0C ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
00:01:30.0246 0x032c TfNetMon - ok
00:01:30.0277 0x032c [ D6E991DCDD91323D979878025F0CEAEA, 1D04E33009BCD017898B9E1387E40B5C04279C02EBC110F12E4A724CCDB9E4FB ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys
00:01:30.0293 0x032c TfSysMon - ok
00:01:30.0308 0x032c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
00:01:30.0340 0x032c Themes - ok
00:01:30.0371 0x032c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
00:01:30.0386 0x032c THREADORDER - ok
00:01:30.0418 0x032c ThreatFire - ok
00:01:30.0433 0x032c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
00:01:30.0464 0x032c TrkWks - ok
00:01:30.0511 0x032c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:01:30.0558 0x032c TrustedInstaller - ok
00:01:30.0589 0x032c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:01:30.0605 0x032c tssecsrv - ok
00:01:30.0636 0x032c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:01:30.0667 0x032c TsUsbFlt - ok
00:01:30.0683 0x032c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:01:30.0698 0x032c TsUsbGD - ok
00:01:30.0730 0x032c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:01:30.0761 0x032c tunnel - ok
00:01:30.0808 0x032c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:01:30.0808 0x032c uagp35 - ok
00:01:30.0839 0x032c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:01:30.0854 0x032c udfs - ok
00:01:30.0886 0x032c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:01:30.0917 0x032c UI0Detect - ok
00:01:30.0932 0x032c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:01:30.0932 0x032c uliagpkx - ok
00:01:30.0964 0x032c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:01:30.0979 0x032c umbus - ok
00:01:30.0995 0x032c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:01:30.0995 0x032c UmPass - ok
00:01:31.0120 0x032c [ FC43877B4625F6EB773C98233EB625C5, 2294E1981A3323606FBD8FC9B35EEC85F47C6E0F6F73C1F6346B5A3492D53F40 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:01:31.0198 0x032c UNS - ok
00:01:31.0229 0x032c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
00:01:31.0260 0x032c upnphost - ok
00:01:31.0276 0x032c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:01:31.0291 0x032c usbccgp - ok
00:01:31.0338 0x032c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:01:31.0369 0x032c usbcir - ok
00:01:31.0416 0x032c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:01:31.0447 0x032c usbehci - ok
00:01:31.0463 0x032c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:01:31.0478 0x032c usbhub - ok
00:01:31.0510 0x032c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:01:31.0510 0x032c usbohci - ok
00:01:31.0525 0x032c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:01:31.0541 0x032c usbprint - ok
00:01:31.0556 0x032c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:01:31.0588 0x032c usbscan - ok
00:01:31.0588 0x032c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:01:31.0603 0x032c USBSTOR - ok
00:01:31.0634 0x032c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:01:31.0650 0x032c usbuhci - ok
00:01:31.0666 0x032c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
00:01:31.0697 0x032c UxSms - ok
00:01:31.0728 0x032c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
00:01:31.0759 0x032c VaultSvc - ok
00:01:31.0775 0x032c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:01:31.0775 0x032c vdrvroot - ok
00:01:31.0806 0x032c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
00:01:31.0837 0x032c vds - ok
00:01:31.0868 0x032c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:01:31.0884 0x032c vga - ok
00:01:31.0900 0x032c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:01:31.0915 0x032c VgaSave - ok
00:01:31.0931 0x032c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:01:31.0946 0x032c vhdmp - ok
00:01:31.0978 0x032c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
00:01:31.0978 0x032c viaide - ok
00:01:32.0009 0x032c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:01:32.0024 0x032c volmgr - ok
00:01:32.0040 0x032c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:01:32.0056 0x032c volmgrx - ok
00:01:32.0071 0x032c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:01:32.0087 0x032c volsnap - ok
00:01:32.0102 0x032c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:01:32.0102 0x032c vsmraid - ok
00:01:32.0149 0x032c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
00:01:32.0243 0x032c VSS - ok
00:01:32.0258 0x032c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:01:32.0274 0x032c vwifibus - ok
00:01:32.0290 0x032c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:01:32.0305 0x032c vwififlt - ok
00:01:32.0321 0x032c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
00:01:32.0368 0x032c W32Time - ok
00:01:32.0368 0x032c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:01:32.0399 0x032c WacomPen - ok
00:01:32.0399 0x032c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:01:32.0430 0x032c WANARP - ok
00:01:32.0446 0x032c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:01:32.0477 0x032c Wanarpv6 - ok
00:01:32.0539 0x032c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:01:32.0602 0x032c WatAdminSvc - ok
00:01:32.0648 0x032c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
00:01:32.0711 0x032c wbengine - ok
00:01:32.0726 0x032c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:01:32.0758 0x032c WbioSrvc - ok
00:01:32.0773 0x032c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:01:32.0804 0x032c wcncsvc - ok
00:01:32.0804 0x032c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:01:32.0836 0x032c WcsPlugInService - ok
00:01:32.0867 0x032c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
00:01:32.0867 0x032c Wd - ok
00:01:32.0914 0x032c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:01:32.0945 0x032c Wdf01000 - ok
00:01:32.0976 0x032c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:01:33.0038 0x032c WdiServiceHost - ok
00:01:33.0054 0x032c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:01:33.0070 0x032c WdiSystemHost - ok
00:01:33.0116 0x032c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
00:01:33.0148 0x032c WebClient - ok
00:01:33.0163 0x032c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:01:33.0194 0x032c Wecsvc - ok
00:01:33.0241 0x032c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:01:33.0288 0x032c wercplsupport - ok
00:01:33.0304 0x032c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
00:01:33.0335 0x032c WerSvc - ok
00:01:33.0350 0x032c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:01:33.0382 0x032c WfpLwf - ok
00:01:33.0382 0x032c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:01:33.0397 0x032c WIMMount - ok
00:01:33.0428 0x032c WinDefend - ok
00:01:33.0428 0x032c WinHttpAutoProxySvc - ok
00:01:33.0475 0x032c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:01:33.0506 0x032c Winmgmt - ok
00:01:33.0584 0x032c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
00:01:33.0647 0x032c WinRM - ok
00:01:33.0694 0x032c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:01:33.0694 0x032c WinUsb - ok
00:01:33.0725 0x032c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:01:33.0787 0x032c Wlansvc - ok
00:01:33.0865 0x032c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:01:33.0865 0x032c wlcrasvc - ok
00:01:33.0959 0x032c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:01:34.0021 0x032c wlidsvc - ok
00:01:34.0037 0x032c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:01:34.0052 0x032c WmiAcpi - ok
00:01:34.0068 0x032c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:01:34.0099 0x032c wmiApSrv - ok
00:01:34.0115 0x032c WMPNetworkSvc - ok
00:01:34.0115 0x032c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:01:34.0146 0x032c WPCSvc - ok
00:01:34.0162 0x032c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:01:34.0193 0x032c WPDBusEnum - ok
00:01:34.0208 0x032c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:01:34.0240 0x032c ws2ifsl - ok
00:01:34.0255 0x032c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
00:01:34.0271 0x032c wscsvc - ok
00:01:34.0271 0x032c WSearch - ok
00:01:34.0302 0x032c [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
00:01:34.0302 0x032c wsvd - ok
00:01:34.0380 0x032c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
00:01:34.0458 0x032c wuauserv - ok
00:01:34.0489 0x032c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:01:34.0536 0x032c WudfPf - ok
00:01:34.0567 0x032c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:01:34.0598 0x032c WUDFRd - ok
00:01:34.0598 0x032c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:01:34.0614 0x032c wudfsvc - ok
00:01:34.0645 0x032c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
00:01:34.0692 0x032c WwanSvc - ok
00:01:34.0692 0x032c ================ Scan global ===============================
00:01:34.0723 0x032c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:01:34.0754 0x032c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:01:34.0770 0x032c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:01:34.0786 0x032c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:01:34.0817 0x032c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:01:34.0817 0x032c [ Global ] - ok
00:01:34.0817 0x032c ================ Scan MBR ==================================
00:01:34.0832 0x032c [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
00:01:36.0720 0x032c \Device\Harddisk0\DR0 - ok
00:01:36.0720 0x032c ================ Scan VBR ==================================
00:01:36.0720 0x032c [ 619A03A875D85497D559FA3E19E9DE27 ] \Device\Harddisk0\DR0\Partition1
00:01:36.0782 0x032c \Device\Harddisk0\DR0\Partition1 - ok
00:01:36.0845 0x032c [ 15FCB7696F9781F3D444EFA81B211B8E ] \Device\Harddisk0\DR0\Partition2
00:01:37.0110 0x032c \Device\Harddisk0\DR0\Partition2 - ok
00:01:37.0110 0x032c [ 8C388701BCB65458EB596041841A9CB8 ] \Device\Harddisk0\DR0\Partition3
00:01:37.0110 0x032c \Device\Harddisk0\DR0\Partition3 - ok
00:01:37.0110 0x032c ================ Scan generic autorun ======================
00:01:37.0235 0x032c [ 7E25F1EFFDF50F702DE3D9E8F6B8CC47, F1857D2966D2A31DD067A7E8015842FC2757E4BFFEC961726D3C14947824C5C9 ] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
00:01:37.0250 0x032c MedionReminder - ok
00:01:37.0344 0x032c [ 7BDA05509585396989E523BEDE832E9B, 27590FF2A468F977FC834FF30AA7C39C9062173A6B4B14671D1FFB84DCF2042F ] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
00:01:37.0375 0x032c Malwarebytes Anti-Malware (cleanup) - ok
00:01:37.0453 0x032c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:01:37.0531 0x032c Sidebar - ok
00:01:37.0562 0x032c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:01:37.0578 0x032c mctadmin - ok
00:01:37.0609 0x032c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:01:37.0640 0x032c Sidebar - ok
00:01:37.0640 0x032c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:01:37.0656 0x032c mctadmin - ok
00:01:37.0952 0x032c [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe
00:01:38.0171 0x032c CCleaner Monitoring - ok
00:01:38.0186 0x032c Adobe Speed Launcher - ok
00:01:38.0186 0x032c Waiting for KSN requests completion. In queue: 168
00:01:39.0200 0x032c Waiting for KSN requests completion. In queue: 168
00:01:40.0214 0x032c Waiting for KSN requests completion. In queue: 7
00:01:41.0369 0x032c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
00:01:41.0384 0x032c AV detected via SS2: ThreatFire, C:\Program Files (x86)\ThreatFire\TFWSC.exe ( 4.7.0.17 ), 0x71010 ( enabled : outofdate )
00:01:41.0447 0x032c Win FW state via NFP2: enabled
00:01:43.0880 0x032c ============================================================
00:01:43.0880 0x032c Scan finished
00:01:43.0880 0x032c ============================================================
00:01:43.0880 0x1268 Detected object count: 0
00:01:43.0880 0x1268 Actual detected object count: 0
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.11.18.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Jörn-Friedrich :: JF29 [administrator]
10.01.2015 00:10:23
mbar-log-2015-01-10 (00-10-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 366906
Time elapsed: 13 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
10.01.2015, 00:33
| #19 |
| | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht und noch eine Frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by Jörn-Friedrich (administrator) on JF29 on 10-01-2015 00:31:59 Running from C:\Users\Jörn-Friedrich\Downloads Loaded Profiles: Jörn-Friedrich & (Available profiles: Jörn-Friedrich) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Browser7) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ThreatFire] => C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\RunOnce: [Adobe Speed Launcher] => 1420792403 HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\MountPoints2: {d2adaa84-1e8f-11e3-9abf-8c89a59bac48} - G:\laucher.exe HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] => 1420792403 HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d2adaa84-1e8f-11e3-9abf-8c89a59bac48} - G:\laucher.exe HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Adobe Speed Launcher] => 1420792403 HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {d2adaa84-1e8f-11e3-9abf-8c89a59bac48} - G:\laucher.exe HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * ᔃ]߾뿰ι CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {28D88AB1-AA93-19B9-8FCD-48FA7FA69FE5} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> DefaultScope {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {49A9EC78-0083-4AA6-9FE3-0B76A933572A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {83D23A4C-ADA1-4D5E-B1F2-49E8841CAEEE} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {906BF378-A14E-4DC3-9A7D-DFEC2F12607D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {A1503A9B-A574-4D9A-BEF4-613485148BF2} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {B8DA2ED1-CA3D-48F5-A46E-10CE29D43091} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {49A9EC78-0083-4AA6-9FE3-0B76A933572A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {83D23A4C-ADA1-4D5E-B1F2-49E8841CAEEE} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {906BF378-A14E-4DC3-9A7D-DFEC2F12607D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A1503A9B-A574-4D9A-BEF4-613485148BF2} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B8DA2ED1-CA3D-48F5-A46E-10CE29D43091} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {49A9EC78-0083-4AA6-9FE3-0B76A933572A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {83D23A4C-ADA1-4D5E-B1F2-49E8841CAEEE} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {906BF378-A14E-4DC3-9A7D-DFEC2F12607D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A1503A9B-A574-4D9A-BEF4-613485148BF2} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {B8DA2ED1-CA3D-48F5-A46E-10CE29D43091} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Boostyb.Core.BHO -> {42ad2408-abba-2408-1972-4706560e817b} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {42ad2408-baaa-408d-b13e-4706560e817b} - No File Toolbar: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File Toolbar: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File Toolbar: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\searchplugins\avira-safesearch.xml FF Extension: Avira Browser Safety - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\abs@avira.com [2014-12-11] FF Extension: Avira SafeSearch - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\safesearch@avira.com [2014-12-04] FF Extension: Cliqz Beta - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\cliqz@cliqz.com.xpi [2014-09-15] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-04-05] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-04-05] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-21] FF HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF StartMenuInternet: FIREFOX.EXE - C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: Default -> www.google.com CHR StartupUrls: Default -> "www.google.com" CHR DefaultSearchKeyword: Default -> search.snapdo.com CHR DefaultSearchURL: Default -> hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=0c975f8c-e63d-a644-8ea0-7138087bdbf4&searchtype=ds&q={searchTerms}&installDate=17/11/2013 CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (Avira Browserschutz) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-07] CHR Extension: (Norton Security Toolbar) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-26] CHR Extension: (Google Wallet) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\JRN-FR~1\AppData\Local\funmoods.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [107008 2014-11-16] (Deutsche Telekom AG) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed] R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG) U0 cysfdu; C:\Windows\System32\drivers\hjvjkj.sys [79064 2015-01-09] (Malwarebytes Corporation) R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] () [File not signed] R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-04-16] (microOLAP Technologies LTD) R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools) R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools) R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools) U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-10 00:08 - 2015-01-10 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-10 00:08 - 2015-01-10 00:08 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-10 00:05 - 2015-01-10 00:28 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\mbar 2015-01-10 00:05 - 2015-01-10 00:05 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-10 00:04 - 2015-01-10 00:05 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Jörn-Friedrich\Downloads\mbar-1.08.2.1001.exe 2015-01-09 23:59 - 2015-01-09 23:59 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Jörn-Friedrich\Downloads\tdsskiller.exe 2015-01-09 18:25 - 2015-01-09 18:25 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\hjvjkj.sys 2015-01-09 17:39 - 2015-01-09 23:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-09 17:38 - 2015-01-09 17:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jörn-Friedrich\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 23:25 - 2015-01-08 23:25 - 00000082 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150108_232512.reg 2015-01-08 16:27 - 2015-01-08 16:27 - 00001272 _____ () C:\Users\Jörn-Friedrich\Desktop\Revo Uninstaller.lnk 2015-01-08 16:27 - 2015-01-08 16:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-08 16:26 - 2015-01-08 16:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jörn-Friedrich\Downloads\revosetup95.exe 2015-01-08 16:18 - 2015-01-08 16:20 - 165285920 _____ () C:\Users\Jörn-Friedrich\Downloads\EmsisoftEmergencyKit.exe 2015-01-08 15:38 - 2015-01-08 15:38 - 00031525 _____ () C:\Users\Jörn-Friedrich\Downloads\Addition.txt 2015-01-08 15:37 - 2015-01-10 00:32 - 00000000 ____D () C:\FRST 2015-01-08 15:37 - 2015-01-10 00:31 - 00025364 _____ () C:\Users\Jörn-Friedrich\Downloads\FRST.txt 2015-01-08 15:36 - 2015-01-08 15:46 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Reinigung 2015-01-08 15:36 - 2015-01-08 15:36 - 02124288 _____ (Farbar) C:\Users\Jörn-Friedrich\Downloads\FRST64.exe 2015-01-08 15:36 - 2015-01-08 15:36 - 02124288 _____ (Farbar) C:\Users\Jörn-Friedrich\Downloads\FRST64(1).exe 2015-01-08 10:55 - 2015-01-09 10:14 - 00010388 _____ () C:\Users\Jörn-Friedrich\Desktop\Finanzierung.xlsx 2015-01-07 18:14 - 2015-01-07 18:14 - 00000490 _____ () C:\Users\Jörn-Friedrich\Downloads\defogger_disable.log 2015-01-07 18:14 - 2015-01-07 18:14 - 00000000 _____ () C:\Users\Jörn-Friedrich\defogger_reenable 2015-01-07 18:11 - 2015-01-07 18:11 - 00050477 _____ () C:\Users\Jörn-Friedrich\Downloads\Defogger.exe 2015-01-05 00:12 - 2015-01-05 00:13 - 00001154 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150105_001252.reg 2014-12-27 22:57 - 2014-12-27 22:57 - 00000980 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_225657.reg 2014-12-27 00:09 - 2014-12-27 00:09 - 00005700 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_000935.reg 2014-12-25 11:34 - 2014-12-25 11:34 - 00045586 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_113359.reg 2014-12-25 11:06 - 2014-12-25 11:06 - 00013064 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_110632.reg 2014-12-23 21:53 - 2014-12-23 21:53 - 00000000 ____D () C:\TempDump 2014-12-23 14:36 - 2014-12-23 14:36 - 00000061 _____ () C:\Users\Jörn-Friedrich\Downloads\server.properties 2014-12-21 23:09 - 2014-12-21 23:09 - 00000460 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141221_230858.reg 2014-12-21 23:05 - 2014-12-21 23:05 - 05317104 _____ (Piriform Ltd) C:\Users\Jörn-Friedrich\Downloads\ccsetup501.exe 2014-12-19 21:22 - 2014-12-19 21:23 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8(1).zip 2014-12-19 21:21 - 2014-12-19 21:21 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8.zip 2014-12-18 08:12 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 08:12 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-13 22:47 - 2014-12-13 22:47 - 00000890 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141213_224740.reg 2014-12-13 20:52 - 2014-12-19 21:37 - 00010240 ___SH () C:\Users\Jörn-Friedrich\Downloads\Thumbs.db 2014-12-11 19:07 - 2014-12-11 19:07 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-10 00:18 - 2012-04-07 18:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-10 00:10 - 2014-04-19 10:16 - 01771953 _____ () C:\Windows\WindowsUpdate.log 2015-01-09 23:55 - 2012-08-05 19:19 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2015-01-09 23:54 - 2012-08-05 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-01-09 22:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-01-09 21:18 - 2012-04-07 18:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-09 18:24 - 2014-02-24 17:21 - 00000000 ____D () C:\ProgramData\MovieMode 2015-01-09 17:39 - 2013-12-06 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-09 07:24 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-09 07:24 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-09 07:17 - 2012-06-11 21:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-09 07:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-07 20:43 - 2011-03-11 10:20 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2015-01-07 20:43 - 2011-03-11 10:20 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2015-01-07 20:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-07 18:14 - 2012-04-07 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich 2015-01-05 11:36 - 2014-12-08 12:05 - 00035328 ___SH () C:\Users\Jörn-Friedrich\Desktop\Thumbs.db 2015-01-04 20:54 - 2014-10-29 15:18 - 00000000 ____D () C:\FTBLite2 2015-01-04 20:54 - 2014-10-27 23:12 - 00000000 ____D () C:\Users\Jörn-Friedrich\Downloads\Neuer Ordner 2015-01-04 20:54 - 2012-04-07 19:32 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Daniel 2015-01-04 20:53 - 2014-11-10 16:36 - 00000000 ____D () C:\FTBLite 2015-01-04 20:53 - 2014-10-29 15:25 - 00000000 ____D () C:\Ultimate 2015-01-04 20:51 - 2013-12-23 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-12-28 21:40 - 2009-07-14 05:45 - 00304160 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-28 20:40 - 2012-04-07 18:48 - 00072296 _____ () C:\Users\Jörn-Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-27 00:08 - 2014-04-21 19:26 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-12-27 00:08 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\GlarySoft 2014-12-25 11:32 - 2011-08-22 17:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-25 11:31 - 2013-11-11 20:22 - 00000000 ____D () C:\Users\Jörn-Friedrich\Documents\My Games 2014-12-25 11:31 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-25 11:29 - 2014-09-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2013 2014-12-25 07:51 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\DiskDefrag 2014-12-24 15:48 - 2013-09-16 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\.minecraft 2014-12-23 23:04 - 2013-05-21 17:45 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\CrashDumps 2014-12-22 09:52 - 2014-10-27 10:01 - 00021504 ___SH () C:\Users\Jörn-Friedrich\Documents\Thumbs.db 2014-12-21 23:06 - 2012-04-08 09:27 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-21 23:06 - 2012-04-08 09:27 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-12 18:23 - 2012-04-07 18:46 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-12 17:39 - 2014-09-11 10:00 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Ebay-Bilder 2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-11 17:52 - 2014-08-29 22:01 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\Adobe 2014-12-11 17:52 - 2012-04-30 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-11 17:52 - 2011-08-22 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Jörn-Friedrich\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 12:33 ==================== End Of Log ============================ |
|
10.01.2015, 11:56
| #20 |
| /// the machine /// TB-Ausbilder | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter BootExecute: autocheck autochk * ᔃ]߾뿰ι
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 12:44
| #21 |
| | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht anbei die fixlist.txt Datei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Jörn-Friedrich at 2015-01-10 12:38:51 Run:1
Running from C:\FRST\Logs
Loaded Profile: Jörn-Friedrich (Available profiles: Jörn-Friedrich)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
BootExecute: autocheck autochk * ?]???
Emptytemp:
*****************
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
EmptyTemp: => Removed 153.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:38:56 ====
|
|
10.01.2015, 13:29
| #22 |
| /// the machine /// TB-Ausbilder | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht und weiter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 21:18
| #23 |
| | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht die Eset-Datei: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
ThreatFire
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
ThreatFire
Java 7 Update 71
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (33.0)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Jörn-Friedrich (administrator) on JF29 on 10-01-2015 21:17:00
Running from C:\FRST
Loaded Profile: Jörn-Friedrich (Available profiles: Jörn-Friedrich)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\FRST\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ThreatFire] => C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\MountPoints2: {d2adaa84-1e8f-11e3-9abf-8c89a59bac48} - G:\laucher.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {28D88AB1-AA93-19B9-8FCD-48FA7FA69FE5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> DefaultScope {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {07B92A3A-15B7-49DA-B1DC-EABAEFBEE5F9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {49A9EC78-0083-4AA6-9FE3-0B76A933572A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B8DABC5E-C785-46F2-A4FF-C59FF2A0BC47&ind=2014010216&n=780b5b68&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {83D23A4C-ADA1-4D5E-B1F2-49E8841CAEEE} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {906BF378-A14E-4DC3-9A7D-DFEC2F12607D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {A1503A9B-A574-4D9A-BEF4-613485148BF2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> {B8DA2ED1-CA3D-48F5-A46E-10CE29D43091} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Boostyb.Core.BHO -> {42ad2408-abba-2408-1972-4706560e817b} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {42ad2408-baaa-408d-b13e-4706560e817b} - No File
Toolbar: HKU\S-1-5-21-3173901494-1134987012-1569752986-1001 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\searchplugins\avira-safesearch.xml
FF Extension: Avira Browser Safety - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira SafeSearch - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\safesearch@avira.com [2014-12-04]
FF Extension: Cliqz Beta - C:\Users\Jörn-Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\gc244vpd.default\Extensions\cliqz@cliqz.com.xpi [2014-09-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-04-05]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-04-05]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-21]
FF HKU\S-1-5-21-3173901494-1134987012-1569752986-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Jörn-Friedrich\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR DefaultSearchURL: Default -> hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=0c975f8c-e63d-a644-8ea0-7138087bdbf4&searchtype=ds&q={searchTerms}&installDate=17/11/2013
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-26]
CHR Extension: (Google Wallet) - C:\Users\Jörn-Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [107008 2014-11-16] (Deutsche Telekom AG) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] () [File not signed]
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-04-16] (microOLAP Technologies LTD)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
U3 DfSdkS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 21:01 - 2015-01-10 21:01 - 00852505 _____ () C:\Users\Jörn-Friedrich\Downloads\SecurityCheck.exe
2015-01-10 12:45 - 2015-01-10 12:45 - 02347384 _____ (ESET) C:\Users\Jörn-Friedrich\Downloads\esetsmartinstaller_deu.exe
2015-01-10 08:59 - 2015-01-10 21:09 - 00000280 _____ () C:\Windows\setupact.log
2015-01-10 08:59 - 2015-01-10 08:59 - 00000350 _____ () C:\Windows\PFRO.log
2015-01-10 08:59 - 2015-01-10 08:59 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 00:35 - 2015-01-10 00:35 - 00070854 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150110_003529.reg
2015-01-10 00:35 - 2015-01-10 00:35 - 00000580 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150110_003552.reg
2015-01-10 00:08 - 2015-01-10 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-10 00:08 - 2015-01-10 00:08 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 00:05 - 2015-01-10 00:28 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\mbar
2015-01-10 00:05 - 2015-01-10 00:05 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 00:04 - 2015-01-10 00:05 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Jörn-Friedrich\Downloads\mbar-1.08.2.1001.exe
2015-01-09 23:59 - 2015-01-09 23:59 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Jörn-Friedrich\Downloads\tdsskiller.exe
2015-01-09 17:39 - 2015-01-09 23:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-09 17:38 - 2015-01-09 17:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jörn-Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 23:25 - 2015-01-08 23:25 - 00000082 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150108_232512.reg
2015-01-08 16:27 - 2015-01-08 16:27 - 00001272 _____ () C:\Users\Jörn-Friedrich\Desktop\Revo Uninstaller.lnk
2015-01-08 16:27 - 2015-01-08 16:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-08 16:26 - 2015-01-08 16:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jörn-Friedrich\Downloads\revosetup95.exe
2015-01-08 16:18 - 2015-01-08 16:20 - 165285920 _____ () C:\Users\Jörn-Friedrich\Downloads\EmsisoftEmergencyKit.exe
2015-01-08 15:37 - 2015-01-10 21:17 - 00000000 ____D () C:\FRST
2015-01-08 15:37 - 2015-01-10 00:32 - 00035793 _____ () C:\Users\Jörn-Friedrich\Downloads\FRST.txt
2015-01-08 15:36 - 2015-01-10 21:07 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Reinigung
2015-01-08 10:55 - 2015-01-09 10:14 - 00010388 _____ () C:\Users\Jörn-Friedrich\Desktop\Finanzierung.xlsx
2015-01-07 18:14 - 2015-01-07 18:14 - 00000490 _____ () C:\Users\Jörn-Friedrich\Downloads\defogger_disable.log
2015-01-07 18:14 - 2015-01-07 18:14 - 00000000 _____ () C:\Users\Jörn-Friedrich\defogger_reenable
2015-01-07 18:11 - 2015-01-07 18:11 - 00050477 _____ () C:\Users\Jörn-Friedrich\Downloads\Defogger.exe
2015-01-05 00:12 - 2015-01-05 00:13 - 00001154 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20150105_001252.reg
2014-12-27 22:57 - 2014-12-27 22:57 - 00000980 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_225657.reg
2014-12-27 00:09 - 2014-12-27 00:09 - 00005700 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141227_000935.reg
2014-12-25 11:34 - 2014-12-25 11:34 - 00045586 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_113359.reg
2014-12-25 11:06 - 2014-12-25 11:06 - 00013064 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141225_110632.reg
2014-12-23 21:53 - 2014-12-23 21:53 - 00000000 ____D () C:\TempDump
2014-12-23 14:36 - 2014-12-23 14:36 - 00000061 _____ () C:\Users\Jörn-Friedrich\Downloads\server.properties
2014-12-21 23:09 - 2014-12-21 23:09 - 00000460 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141221_230858.reg
2014-12-21 23:05 - 2014-12-21 23:05 - 05317104 _____ (Piriform Ltd) C:\Users\Jörn-Friedrich\Downloads\ccsetup501.exe
2014-12-19 21:22 - 2014-12-19 21:23 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8(1).zip
2014-12-19 21:21 - 2014-12-19 21:21 - 12833197 _____ () C:\Users\Jörn-Friedrich\Downloads\John Smith Legacy 1.8.1 v1.3.8.zip
2014-12-18 08:12 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:12 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 22:47 - 2014-12-13 22:47 - 00000890 _____ () C:\Users\Jörn-Friedrich\Documents\cc_20141213_224740.reg
2014-12-13 20:52 - 2014-12-19 21:37 - 00010240 ___SH () C:\Users\Jörn-Friedrich\Downloads\Thumbs.db
2014-12-11 19:07 - 2014-12-11 19:07 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 21:17 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 21:17 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 21:15 - 2014-04-19 10:16 - 01829216 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 21:10 - 2012-04-07 18:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 21:09 - 2012-06-11 21:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-10 21:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 20:18 - 2012-04-07 18:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 18:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-09 23:55 - 2012-08-05 19:19 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-01-09 23:54 - 2012-08-05 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-01-09 18:24 - 2014-02-24 17:21 - 00000000 ____D () C:\ProgramData\MovieMode
2015-01-09 17:39 - 2013-12-06 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 20:43 - 2011-03-11 10:20 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 20:43 - 2011-03-11 10:20 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 20:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 18:14 - 2012-04-07 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich
2015-01-05 11:36 - 2014-12-08 12:05 - 00035328 ___SH () C:\Users\Jörn-Friedrich\Desktop\Thumbs.db
2015-01-04 20:54 - 2014-10-29 15:18 - 00000000 ____D () C:\FTBLite2
2015-01-04 20:54 - 2014-10-27 23:12 - 00000000 ____D () C:\Users\Jörn-Friedrich\Downloads\Neuer Ordner
2015-01-04 20:54 - 2012-04-07 19:32 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Daniel
2015-01-04 20:53 - 2014-11-10 16:36 - 00000000 ____D () C:\FTBLite
2015-01-04 20:53 - 2014-10-29 15:25 - 00000000 ____D () C:\Ultimate
2015-01-04 20:51 - 2013-12-23 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-12-28 21:40 - 2009-07-14 05:45 - 00304160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 20:40 - 2012-04-07 18:48 - 00072296 _____ () C:\Users\Jörn-Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 00:08 - 2014-04-21 19:26 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-12-27 00:08 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\GlarySoft
2014-12-25 11:32 - 2011-08-22 17:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 11:31 - 2013-11-11 20:22 - 00000000 ____D () C:\Users\Jörn-Friedrich\Documents\My Games
2014-12-25 11:31 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 11:29 - 2014-09-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2013
2014-12-25 07:51 - 2014-04-21 19:06 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\DiskDefrag
2014-12-24 15:48 - 2013-09-16 18:50 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Roaming\.minecraft
2014-12-23 23:04 - 2013-05-21 17:45 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\CrashDumps
2014-12-22 09:52 - 2014-10-27 10:01 - 00021504 ___SH () C:\Users\Jörn-Friedrich\Documents\Thumbs.db
2014-12-21 23:06 - 2012-04-08 09:27 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-21 23:06 - 2012-04-08 09:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-12 18:23 - 2012-04-07 18:46 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 17:39 - 2014-09-11 10:00 - 00000000 ____D () C:\Users\Jörn-Friedrich\Desktop\Ebay-Bilder
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-11 19:07 - 2014-09-07 19:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-11 17:52 - 2014-08-29 22:01 - 00000000 ____D () C:\Users\Jörn-Friedrich\AppData\Local\Adobe
2014-12-11 17:52 - 2012-04-30 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 17:52 - 2011-08-22 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Jörn-Friedrich\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-10 10:42
==================== End Of Log ============================
--- --- --- |
|
10.01.2015, 22:57
| #24 |
| /// the machine /// TB-Ausbilder | Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ständige Werbung trotz AdBlock, Inernet Explorer springt Werbungsseiten werden geöffnet, filepony kann nicht |
| adware/crossrider.103912, adware/crossrider.1953768.43, adware/crossrider.gen, adware/crossrider.gen4, adware/installcore.a.338, adware/multiplug.gen, adware/multiplug.gen4, adware/multiplug.gen7, adware/yontoo.389888, adware/yontoo.76224.34, antivirus, auftrag, computer, explorer, install.exe, installation, microsoft, neustart, programm, software, ständige werbung, tr/agent.566272.136, werbefenster |
Linear-Darstellung
