| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop verpilztWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.01.2015, 16:13
| #1 |
 |  Laptop verpilzt Wie es passiert ist - keine Ahnung Es fing damit an, dass bei einzelne Internetadressen nicht funktionierten und sich Laptop auf der Stelle vom Internet trennt Avira und Malwarebytes zeigen keinen Befall an Üblich beginnt es damit, dass der Bildaufbau extrem langsam Zeile für Zeile von oben nach unten erfolgt. Ab dann ist Schluß und der Curser springt beim Bewegen gottweiswohin - z.B. im Abgesicherten Modus mit Netzwerktreibern nachdem Trendmicro Housecall 420 min gelaufen ist, so dass man zwar noch sieht, was angeblich los ist aber nicht mehr löschen oder in Quarantäne schicken kann. Dort tauchte neben den bekannten Seuchen in den *.eml Dateien (Spam und Gelöscht Folder) ein neues Gesicht auf, "EXPL CVE20130431, dass sich angeblich im Java rt.jar verbergen soll - Virus Total zeigt aber nichts Avira lässt sich nicht mehr installieren - und auch das eine oder andere Tool geht nicht mehr. Java lässt sich nicht deinstallieren. Was soll ich tun? Kann mir jemand hälfen? Bitte, bitte Freundlich grüßt Mischa |
|
12.01.2015, 16:14
| #2 |
| /// the machine /// TB-Ausbilder    | Laptop verpilzt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.01.2015, 17:56
| #3 |
| | Files von FRST hi,
__________________Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread A votre service FRST.TXT FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01
Ran by Dagobert (administrator) on DAGOBERT-PC on 12-01-2015 17:29:20
Running from C:\Users\Dagobert\Desktop
Loaded Profile: Dagobert (Available profiles: Dagobert)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)
HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis)
HKLM\...\Run: [UIExec] => C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\RunOnce: [{e7c7c227-b742-4878-9425-f09bbf9951db}] => C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe [770368 2014-12-15] (Avira Operations & Co. KG) <===== ATTENTION
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE ()
Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: HTTPS-Everywhere - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-23]
FF Extension: Cookie Monster - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-23]
FF Extension: DownloadHelper - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-23]
FF Extension: JonDoFox - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19]
FF Extension: NoScript - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19]
FF Extension: Adblock Plus - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google-Suche) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Security Plus) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2014-12-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Ghostery) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis)
S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-07-04] (Acronis)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [547968 2012-06-14] (SEIKO EPSON CORPORATION)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]
S2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-11] (Emsisoft GmbH)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-25] (NewTech Infosystems, Inc.) [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-07-04] (Acronis)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Bulk3052i; System32\Drivers\Bulk3052.sys [X]
S3 catchme; \??\C:\Users\Dagobert\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pmem; \??\C:\Users\Dagobert\AppData\Local\Temp\_MEI11282\drivers\winpmem32.sys [X]
S2 pmp3052v; System32\Drivers\pmp3052v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 17:29 - 2015-01-12 17:29 - 00021079 _____ () C:\Users\Dagobert\Desktop\FRST.txt
2015-01-12 17:29 - 2015-01-12 17:29 - 00000000 ____D () C:\FRST
2015-01-12 17:25 - 2015-01-12 17:25 - 01115648 _____ (Farbar) C:\Users\Dagobert\Desktop\FRST.exe
2015-01-12 15:53 - 2015-01-12 15:53 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(6).exe
2015-01-12 15:47 - 2015-01-12 15:48 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(5).exe
2015-01-12 15:12 - 2015-01-12 15:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws(2).exe
2015-01-12 15:09 - 2015-01-12 15:09 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws.exe
2015-01-12 15:09 - 2015-01-12 15:09 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws(1).exe
2015-01-11 17:06 - 2015-01-11 17:06 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(4).exe
2015-01-11 17:05 - 2015-01-11 17:05 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(3).exe
2015-01-11 13:58 - 2015-01-11 15:55 - 00000000 ____D () C:\EEK
2015-01-11 13:58 - 2015-01-11 14:01 - 00000695 _____ () C:\Users\Dagobert\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-11 13:52 - 2015-01-11 13:57 - 165801680 _____ () C:\Users\Dagobert\Downloads\EmsisoftEmergencyKit(1).exe
2015-01-11 11:47 - 2015-01-11 11:54 - 00002303 _____ () C:\rapport.txt
2015-01-11 11:47 - 2015-01-11 11:50 - 00004812 _____ () C:\Windows\system32\tmp.reg
2015-01-11 11:47 - 2015-01-11 11:50 - 00000000 _____ () C:\Windows\system32\tmp.txt
2015-01-11 11:46 - 2009-06-02 11:17 - 00075776 _____ () C:\Windows\system32\WS2Fix.exe
2015-01-11 11:46 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2015-01-11 11:46 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2015-01-11 11:46 - 2008-10-01 15:51 - 00087552 _____ (S!Ri.URZ) C:\Windows\system32\VACFix.exe
2015-01-11 11:46 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2015-01-11 11:46 - 2008-08-18 12:19 - 00082432 _____ (S!Ri.URZ) C:\Windows\system32\404Fix.exe
2015-01-11 11:46 - 2008-05-18 21:40 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.exe
2015-01-11 11:46 - 2007-09-06 00:22 - 00289144 _____ (S!Ri) C:\Windows\system32\VCCLSID.exe
2015-01-11 11:46 - 2006-12-01 06:20 - 00079360 _____ (SteelWerX) C:\Windows\system32\swxcacls.exe
2015-01-11 11:46 - 2006-08-29 19:43 - 00135168 _____ (SteelWerX) C:\Windows\system32\swreg.exe
2015-01-11 11:46 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2015-01-11 11:46 - 2006-01-09 10:36 - 00040960 _____ () C:\Windows\system32\swsc.exe
2015-01-11 11:46 - 2004-07-31 18:50 - 00051200 _____ () C:\Windows\system32\dumphive.exe
2015-01-11 11:46 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2015-01-10 21:07 - 2015-01-10 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-10 18:50 - 2015-01-10 18:50 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(2).exe
2015-01-10 18:49 - 2015-01-10 18:49 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(1).exe
2014-12-15 15:30 - 2014-12-15 15:30 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 17:24 - 2013-03-23 04:22 - 00000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat
2015-01-12 17:18 - 2013-03-23 13:31 - 03736216 _____ () C:\Windows\PFRO.log
2015-01-12 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 17:15 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 15:13 - 2013-03-23 10:27 - 01213732 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 15:02 - 2014-07-16 12:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 06:58 - 2014-08-08 11:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 15:47 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-11 13:38 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-11 13:25 - 2010-05-22 23:22 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Skype
2015-01-11 13:17 - 2010-06-19 23:45 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\VSO
2015-01-11 11:46 - 2011-03-10 19:59 - 00000000 ___RD () C:\Users\Dagobert\Desktop\Michael
2015-01-11 06:17 - 2012-08-23 23:08 - 00482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache
2015-01-11 06:17 - 2012-08-23 23:07 - 00233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache
2015-01-10 17:49 - 2014-07-16 12:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 17:49 - 2014-02-21 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 22:17 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 23:44 - 2012-06-26 21:17 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\vlc
2014-12-31 23:37 - 2012-02-04 21:19 - 00006144 _____ () C:\Users\Dagobert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 14:31 - 2014-06-15 12:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\Adobe
2014-12-25 14:31 - 2013-02-26 21:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-25 14:31 - 2013-02-26 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-15 15:30 - 2014-08-06 10:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 15:30 - 2013-04-06 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 15:30 - 2013-03-29 13:58 - 00000000 ____D () C:\Program Files\Avira
Files to move or delete:
====================
C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe
Some content of TEMP:
====================
C:\Users\Dagobert\AppData\Local\temp\avgnt.exe
C:\Users\Dagobert\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-12 15:29
==================== End Of Log ============================
--- --- --- ADDITION.TXTFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 01
Ran by Dagobert at 2015-01-12 17:30:44
Running from C:\Users\Dagobert\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1&1 Surf-Stick (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)
Acronis*True*Image*Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Benutzerhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Useg) (Version: - )
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Cisco WebEx Meetings (HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EKEN PC Driver (HKLM\...\InstallShield_{73861999-F41B-4DCE-8984-30BB3DD6EF12}) (Version: 1.0.1.0 - SunPlus)
EKEN PC Driver (Version: 1.0.1.0 - SunPlus) Hidden
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.50.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Jitsi (HKLM\...\{BB36EA7B-6361-40AD-A628-C63012FA3909}) (Version: 1.0.0.0 - Jitsi)
Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.3.0 ESR (x86 de) (HKLM\...\Mozilla Firefox 31.3.0 ESR (x86 de)) (Version: 31.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Netzwerkhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Netg) (Version: - )
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8625 - TeamViewer GmbH)
Tradesignal Web Edition (HKLM\...\{BF8C49DF-64D5-459A-8790-69479C60F49B}) (Version: 5.6.409 - Tradesignal GmbH)
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Image Resizer 4.0.0.30 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.30 - VSO-Software)
Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
==================== Restore Points =========================
11-12-2014 13:43:12 Geplanter Prüfpunkt
19-12-2014 12:28:06 Geplanter Prüfpunkt
28-12-2014 12:41:42 Geplanter Prüfpunkt
04-01-2015 16:30:19 Geplanter Prüfpunkt
08-01-2015 12:42:15 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2015-01-11 11:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1AEE07DE-1B70-46AD-B6E3-2DCDA1D50C89} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dagobert
Task: {2B548729-D73A-48CC-B763-15FCC7732B33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {49D13FFE-2EB4-415A-9F22-C04AB0C00A96} - System32\Tasks\{64B4FB71-4775-4CC6-954D-A73E1E3510D7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/de/abandoninstall?page=tsMain
Task: {4A21B647-8052-4FA2-ADF1-91F3CDEDB070} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {50F8028C-8656-499B-808F-777D9128DC46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {55770358-E1D3-49CA-8FE3-A9EE7C93A750} - System32\Tasks\{B0896588-5BAD-4463-B646-1807337888D0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {93586B2A-49B5-4FC4-90C1-11BD792CAD87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ECBC6B65-3458-4866-A21D-1441DC310C4C} - System32\Tasks\{C263384A-D8B5-42AF-B77C-81AA509BB1A3} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {F47FA0E6-2E4C-4028-B22E-ECEAEF16B513} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-10 21:07 - 2015-01-10 21:07 - 03801200 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: EpsonCustomerResearchParticipation => 2
MSCONFIG\Services: Netzmanager Service => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Dagobert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Scan Buttons => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSB.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WarReg_PopUp => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
========================= Accounts: ==========================
Administrator (S-1-5-21-3480060575-1528594488-178791877-500 - Administrator - Disabled)
Dagobert (S-1-5-21-3480060575-1528594488-178791877-1000 - Administrator - Enabled) => C:\Users\Dagobert
Gast (S-1-5-21-3480060575-1528594488-178791877-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Anwenderinfrarotgeräte
Description: Anwenderinfrarotgeräte
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (01/12/2015 05:19:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/12/2015 04:07:07 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/12/2015 03:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung avira_de_av___ws(2).exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600,
Prozess-ID 0x698, Anwendungsstartzeit avira_de_av___ws(2).exe0.
Error: (01/12/2015 03:05:28 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/12/2015 07:26:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
bei System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
bei System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
bei Avira.OE.WinCore.NetworkStatusListener..ctor()
bei Avira.OE.WinCore.InternetConnectionMonitor..ctor()
bei Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow, Avira.OE.WinCore.Interface.IProcessController)
bei Avira.OE.Systray.SystrayIcon..ctor()
bei Avira.OE.Systray.Program.Main(System.String[])
Error: (01/12/2015 01:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000409, Fehleroffset 0x000723d6,
Prozess-ID 0x564, Anwendungsstartzeit gmer_2.1.19163.exe0.
Error: (01/12/2015 01:06:56 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/11/2015 05:04:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1216
Error: (01/11/2015 05:04:21 PM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1180) Catalog Database: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (01/11/2015 05:04:21 PM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (1180) Catalog Database: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
System errors:
=============
Error: (01/12/2015 05:20:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
avkmgr
spldr
ssmdrv
Wanarpv6
Error: (01/12/2015 05:20:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ComputerbrowserServer%%1068
Error: (01/12/2015 05:19:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (01/12/2015 05:19:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/12/2015 05:19:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (01/12/2015 05:19:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/12/2015 05:19:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (01/12/2015 05:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Video Camera Device(EKEN)%%2
Error: (01/12/2015 05:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (01/12/2015 05:15:51 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B7774C41C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Microsoft Office Sessions:
=========================
Error: (03/04/2013 01:54:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 749 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-12 07:05:57.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:57.148
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:56.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:56.446
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:55.634
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:55.198
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:54.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 07:05:54.402
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 23:24:30.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 23:24:30.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 26%
Total physical RAM: 2037.68 MB
Available physical RAM: 1496.27 MB
Total Pagefile: 4308.66 MB
Available Pagefile: 3931.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.34 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:67.27 GB) (Free:3.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:63.77 GB) (Free:16.5 GB) NTFS
Drive f: (OHL) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 4251E684)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=12)
Partition 2: (Active) - (Size=67.3 GB) - (Type=06)
Partition 3: (Not Active) - (Size=63.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.4 GB) - (Type=12)
==================== End Of Log ============================
|
|
12.01.2015, 18:04
| #4 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2015, 16:34
| #5 |
| | Laptop verpilzt Hallo Schrauber, ich habe Mist gebaut und aus Versehen mit "Ja" geantwortet, als der Rechner fragte. Danach ging nichts mehr mit Internet. Ich hatte aber vorher den Anti Rootkit ergebnislos und TDSS laufen lassen. Danach habe ich mit einem Wiederhehrstellungspunkt das alte System wieder hergestellt damit das Internet läuft und nochmal den Antirootkit laufen lassen, ohne Ergebnis, und schicke daher das TDSS Log: 00:10:31.0938 0x0438 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20 00:10:37.0039 0x0438 ============================================================ 00:10:37.0039 0x0438 Current date / time: 2015/01/13 00:10:37.0039 00:10:37.0039 0x0438 SystemInfo: 00:10:37.0039 0x0438 00:10:37.0039 0x0438 OS Version: 6.0.6002 ServicePack: 2.0 00:10:37.0039 0x0438 Product type: Workstation 00:10:37.0039 0x0438 ComputerName: DAGOBERT-PC 00:10:37.0039 0x0438 UserName: Dagobert 00:10:37.0039 0x0438 Windows directory: C:\Windows 00:10:37.0039 0x0438 System windows directory: C:\Windows 00:10:37.0039 0x0438 Processor architecture: Intel x86 00:10:37.0039 0x0438 Number of processors: 2 00:10:37.0039 0x0438 Page size: 0x1000 00:10:37.0039 0x0438 Boot type: Safe boot 00:10:37.0039 0x0438 ============================================================ 00:10:37.0850 0x0438 KLMD registered as C:\Windows\system32\drivers\90765352.sys 00:10:38.0100 0x0438 System UUID: {AB7CB255-2CD5-C7F3-65D8-B324967E4984} 00:10:38.0708 0x0438 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:10:38.0708 0x0438 ============================================================ 00:10:38.0708 0x0438 \Device\Harddisk0\DR0: 00:10:38.0708 0x0438 MBR partitions: 00:10:38.0708 0x0438 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1D4B800, BlocksNum 0x868C000 00:10:38.0708 0x0438 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA3D7800, BlocksNum 0x7F8C800 00:10:38.0708 0x0438 ============================================================ 00:10:38.0755 0x0438 C: <-> \Device\Harddisk0\DR0\Partition1 00:10:38.0786 0x0438 D: <-> \Device\Harddisk0\DR0\Partition2 00:10:38.0786 0x0438 ============================================================ 00:10:38.0786 0x0438 Initialize success 00:10:38.0786 0x0438 ============================================================ 00:13:16.0299 0x0588 ============================================================ 00:13:16.0299 0x0588 Scan started 00:13:16.0299 0x0588 Mode: Manual; SigCheck; TDLFS; 00:13:16.0299 0x0588 ============================================================ 00:13:16.0299 0x0588 KSN ping started 00:13:16.0736 0x0588 KSN ping finished: false 00:13:17.0329 0x0588 ================ Scan system memory ======================== 00:13:17.0329 0x0588 System memory - ok 00:13:17.0329 0x0588 ================ Scan services ============================= 00:13:17.0532 0x0588 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys 00:13:17.0656 0x0588 ACPI - ok 00:13:17.0844 0x0588 [ 6482C272F92EC589B14F9D1756F00641, 3F5F5D9A896B36D6401E69B487534E95CEF84486FBAA13101C51754113CE3DCE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 00:13:17.0906 0x0588 AcrSch2Svc - ok 00:13:18.0015 0x0588 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 00:13:18.0046 0x0588 AdobeARMservice - ok 00:13:18.0124 0x0588 [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:13:18.0171 0x0588 AdobeFlashPlayerUpdateSvc - ok 00:13:18.0265 0x0588 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 00:13:18.0312 0x0588 adp94xx - ok 00:13:18.0343 0x0588 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys 00:13:18.0390 0x0588 adpahci - ok 00:13:18.0405 0x0588 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 00:13:18.0421 0x0588 adpu160m - ok 00:13:18.0452 0x0588 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 00:13:18.0468 0x0588 adpu320 - ok 00:13:18.0530 0x0588 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:13:18.0686 0x0588 AeLookupSvc - ok 00:13:18.0748 0x0588 [ F132D0BFDE7C5EA1AB42325C5694A969, 5BDAB6D6D390C7C65A3075B749D304449AC6F9E8A2DF54516B8C57A0ACE01B5F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys 00:13:18.0764 0x0588 afcdp - ok 00:13:18.0936 0x0588 [ 986A134B1A1770599B7AF9354CBB066F, 5F61A40685DB300C1807D220C0CAC7B0295635942DFB758C1131B131F91EE3D3 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe 00:13:19.0076 0x0588 afcdpsrv - ok 00:13:19.0201 0x0588 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys 00:13:19.0279 0x0588 AFD - ok 00:13:19.0326 0x0588 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:13:19.0341 0x0588 agp440 - ok 00:13:19.0372 0x0588 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 00:13:19.0388 0x0588 aic78xx - ok 00:13:19.0419 0x0588 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe 00:13:19.0606 0x0588 ALG - ok 00:13:19.0622 0x0588 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys 00:13:19.0638 0x0588 aliide - ok 00:13:19.0684 0x0588 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys 00:13:19.0700 0x0588 amdagp - ok 00:13:19.0716 0x0588 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys 00:13:19.0731 0x0588 amdide - ok 00:13:19.0747 0x0588 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 00:13:19.0809 0x0588 AmdK7 - ok 00:13:19.0840 0x0588 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 00:13:19.0887 0x0588 AmdK8 - ok 00:13:19.0996 0x0588 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 00:13:20.0106 0x0588 AntiVirSchedulerService - ok 00:13:20.0199 0x0588 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 00:13:20.0262 0x0588 AntiVirService - ok 00:13:20.0308 0x0588 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll 00:13:20.0371 0x0588 Appinfo - ok 00:13:20.0418 0x0588 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys 00:13:20.0433 0x0588 arc - ok 00:13:20.0480 0x0588 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys 00:13:20.0496 0x0588 arcsas - ok 00:13:20.0620 0x0588 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 00:13:20.0683 0x0588 aspnet_state - ok 00:13:20.0730 0x0588 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:13:20.0792 0x0588 AsyncMac - ok 00:13:20.0823 0x0588 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys 00:13:20.0839 0x0588 atapi - ok 00:13:20.0917 0x0588 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:13:20.0995 0x0588 AudioEndpointBuilder - ok 00:13:21.0042 0x0588 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll 00:13:21.0088 0x0588 Audiosrv - ok 00:13:21.0120 0x0588 [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 00:13:21.0135 0x0588 avgntflt - ok 00:13:21.0182 0x0588 [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 00:13:21.0198 0x0588 avipbb - ok 00:13:21.0322 0x0588 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe 00:13:21.0354 0x0588 Avira.OE.ServiceHost - ok 00:13:21.0385 0x0588 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 00:13:21.0400 0x0588 avkmgr - ok 00:13:21.0478 0x0588 [ 0B92CCF7BFCBE2B33838434F2F50CB61, 021FE5FA53F9208A19B737D1F8F3ED835BB68CE23E4EEDB2CB4F3E433985F9B6 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 00:13:21.0541 0x0588 b57nd60x - ok 00:13:21.0603 0x0588 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys 00:13:21.0650 0x0588 Beep - ok 00:13:21.0728 0x0588 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll 00:13:21.0806 0x0588 BFE - ok 00:13:21.0900 0x0588 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll 00:13:22.0071 0x0588 BITS - ok 00:13:22.0102 0x0588 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 00:13:22.0149 0x0588 blbdrive - ok 00:13:22.0196 0x0588 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:13:22.0227 0x0588 bowser - ok 00:13:22.0290 0x0588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 00:13:22.0336 0x0588 BrFiltLo - ok 00:13:22.0368 0x0588 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 00:13:22.0414 0x0588 BrFiltUp - ok 00:13:22.0446 0x0588 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll 00:13:22.0492 0x0588 Browser - ok 00:13:22.0524 0x0588 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys 00:13:22.0695 0x0588 Brserid - ok 00:13:22.0804 0x0588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 00:13:22.0851 0x0588 BrSerWdm - ok 00:13:22.0882 0x0588 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 00:13:22.0945 0x0588 BrUsbMdm - ok 00:13:22.0976 0x0588 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 00:13:23.0054 0x0588 BrUsbSer - ok 00:13:23.0085 0x0588 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 00:13:23.0163 0x0588 BTHMODEM - ok 00:13:23.0179 0x0588 Bulk3052i - ok 00:13:23.0288 0x0588 catchme - ok 00:13:23.0335 0x0588 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:13:23.0382 0x0588 cdfs - ok 00:13:23.0460 0x0588 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 00:13:23.0506 0x0588 cdrom - ok 00:13:23.0538 0x0588 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll 00:13:23.0584 0x0588 CertPropSvc - ok 00:13:23.0600 0x0588 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:13:23.0662 0x0588 circlass - ok 00:13:23.0709 0x0588 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys 00:13:23.0725 0x0588 CLFS - ok 00:13:23.0772 0x0588 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:13:23.0803 0x0588 clr_optimization_v2.0.50727_32 - ok 00:13:23.0865 0x0588 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:13:23.0959 0x0588 clr_optimization_v4.0.30319_32 - ok 00:13:24.0006 0x0588 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:13:24.0037 0x0588 CmBatt - ok 00:13:24.0068 0x0588 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:13:24.0084 0x0588 cmdide - ok 00:13:24.0099 0x0588 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:13:24.0115 0x0588 Compbatt - ok 00:13:24.0115 0x0588 COMSysApp - ok 00:13:24.0130 0x0588 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 00:13:24.0146 0x0588 crcdisk - ok 00:13:24.0177 0x0588 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys 00:13:24.0224 0x0588 Crusoe - ok 00:13:24.0286 0x0588 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:13:24.0333 0x0588 CryptSvc - ok 00:13:24.0427 0x0588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:13:24.0520 0x0588 DcomLaunch - ok 00:13:24.0552 0x0588 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:13:24.0583 0x0588 DfsC - ok 00:13:24.0739 0x0588 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe 00:13:24.0942 0x0588 DFSR - ok 00:13:25.0035 0x0588 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 00:13:25.0082 0x0588 Dhcp - ok 00:13:25.0129 0x0588 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys 00:13:25.0144 0x0588 disk - ok 00:13:25.0207 0x0588 [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 00:13:25.0207 0x0588 DKbFltr - ok 00:13:25.0285 0x0588 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:13:25.0332 0x0588 Dnscache - ok 00:13:25.0378 0x0588 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll 00:13:25.0425 0x0588 dot3svc - ok 00:13:25.0488 0x0588 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll 00:13:25.0550 0x0588 DPS - ok 00:13:25.0566 0x0588 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:13:25.0612 0x0588 drmkaud - ok 00:13:25.0690 0x0588 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:13:25.0768 0x0588 DXGKrnl - ok 00:13:25.0815 0x0588 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 00:13:25.0878 0x0588 E1G60 - ok 00:13:25.0909 0x0588 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll 00:13:25.0940 0x0588 EapHost - ok 00:13:26.0002 0x0588 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys 00:13:26.0034 0x0588 Ecache - ok 00:13:26.0174 0x0588 [ B84E1ADEC9618ABD328AB6F8C9C7DC90, 965079FD5DF38FBDFE541AE81BD2DDB6128F6F80612494FA42FE0155FF1613CA ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 00:13:26.0236 0x0588 eDataSecurity Service - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:26.0346 0x0588 eDataSecurity Service ( UnsignedFile.Multi.Generic ) - warning 00:13:26.0408 0x0588 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:13:26.0470 0x0588 ehRecvr - ok 00:13:26.0486 0x0588 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe 00:13:26.0564 0x0588 ehSched - ok 00:13:26.0580 0x0588 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll 00:13:26.0611 0x0588 ehstart - ok 00:13:26.0689 0x0588 [ E28516FED46251119ADDAF4CF33BA401, 6CB6436F3214760C414D8897ED0A90EFF2F38C498271F3BC7E05D8414409286B ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 00:13:26.0720 0x0588 eLockService - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:26.0720 0x0588 eLockService ( UnsignedFile.Multi.Generic ) - warning 00:13:26.0782 0x0588 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys 00:13:26.0829 0x0588 elxstor - ok 00:13:26.0907 0x0588 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 00:13:27.0048 0x0588 EMDMgmt - ok 00:13:27.0079 0x0588 [ 44E8E86CEEB0D9F0F934B5EDC21E0444, 516C5B8A921131692AB456ED3D892463CE3FA500E6FB57718183C8B4E892A6AE ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe 00:13:27.0094 0x0588 eNet Service - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:27.0094 0x0588 eNet Service ( UnsignedFile.Multi.Generic ) - warning 00:13:27.0172 0x0588 [ A14644165086B9D9BEC1461F90A4423B, 9DA9AB8E3F80505D3678BAF206FA941EDD2A9BF2E77439765927C966C08F5751 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe 00:13:27.0219 0x0588 EpsonCustomerResearchParticipation - ok 00:13:27.0313 0x0588 [ 59FCCAF915BA89DD98CADF08DA91AFEE, 1286481DF42EBBE13C0FC18ABA514393544CDA17420E71518EF87ADD82D224CB ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 00:13:27.0344 0x0588 eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:27.0344 0x0588 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning 00:13:27.0375 0x0588 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:13:27.0406 0x0588 ErrDev - ok 00:13:27.0484 0x0588 [ A9745687A57CDD71237915859ABA8DAC, DE21C397EBC822622B61189EC6CCF720C76AB6A249188987A10086252A9F26FD ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 00:13:27.0484 0x0588 eSettingsService - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:27.0484 0x0588 eSettingsService ( UnsignedFile.Multi.Generic ) - warning 00:13:27.0484 0x0588 Force sending object to P2P due to detect: eSettingsService 00:13:27.0484 0x0588 Object send P2P result: false 00:13:27.0547 0x0588 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll 00:13:27.0609 0x0588 EventSystem - ok 00:13:27.0687 0x0588 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys 00:13:27.0750 0x0588 exfat - ok 00:13:27.0781 0x0588 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:13:27.0843 0x0588 fastfat - ok 00:13:27.0874 0x0588 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:13:27.0921 0x0588 fdc - ok 00:13:27.0952 0x0588 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll 00:13:27.0984 0x0588 fdPHost - ok 00:13:27.0999 0x0588 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll 00:13:28.0077 0x0588 FDResPub - ok 00:13:28.0124 0x0588 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:13:28.0140 0x0588 FileInfo - ok 00:13:28.0155 0x0588 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:13:28.0202 0x0588 Filetrace - ok 00:13:28.0233 0x0588 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:13:28.0280 0x0588 flpydisk - ok 00:13:28.0311 0x0588 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:13:28.0342 0x0588 FltMgr - ok 00:13:28.0420 0x0588 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll 00:13:28.0545 0x0588 FontCache - ok 00:13:28.0608 0x0588 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 00:13:28.0623 0x0588 FontCache3.0.0.0 - ok 00:13:28.0670 0x0588 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:13:28.0732 0x0588 Fs_Rec - ok 00:13:28.0795 0x0588 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 00:13:28.0810 0x0588 gagp30kx - ok 00:13:28.0857 0x0588 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll 00:13:28.0951 0x0588 gpsvc - ok 00:13:29.0060 0x0588 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 00:13:29.0076 0x0588 gupdate - ok 00:13:29.0076 0x0588 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 00:13:29.0091 0x0588 gupdatem - ok 00:13:29.0154 0x0588 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:13:29.0232 0x0588 HdAudAddService - ok 00:13:29.0310 0x0588 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 00:13:29.0388 0x0588 HDAudBus - ok 00:13:29.0419 0x0588 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys 00:13:29.0481 0x0588 HidBth - ok 00:13:29.0512 0x0588 [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:13:29.0575 0x0588 HidIr - ok 00:13:29.0590 0x0588 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll 00:13:29.0653 0x0588 hidserv - ok 00:13:29.0700 0x0588 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:13:29.0746 0x0588 HidUsb - ok 00:13:29.0778 0x0588 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll 00:13:29.0824 0x0588 hkmsvc - ok 00:13:29.0887 0x0588 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 00:13:29.0902 0x0588 HpCISSs - ok 00:13:29.0949 0x0588 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 00:13:30.0043 0x0588 HSFHWAZL - ok 00:13:30.0121 0x0588 [ 347385D69C15E3D045AA1CB46E4CB86D, 53DA5E5F92F10DB485507398A5F9BBD5E712C1FFF386B119F958CE9E3F6B87AC ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 00:13:30.0261 0x0588 HSF_DPV - ok 00:13:30.0324 0x0588 [ 919337D853703267DA203E79A0AC1F2B, D0EE1BB20CF3671C3F68A709E14901E0820828E27F24D5E83B607E6CF8B7C8EB ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 00:13:30.0355 0x0588 HSXHWAZL - ok 00:13:30.0417 0x0588 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:13:30.0511 0x0588 HTTP - ok 00:13:30.0558 0x0588 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 00:13:30.0573 0x0588 i2omp - ok 00:13:30.0651 0x0588 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 00:13:30.0667 0x0588 i8042prt - ok 00:13:30.0745 0x0588 [ 681EF6E0CC7BBAA0C09ACABEB91F669E, 2E0BD4CF3B669922666F9D89D0F47FFB7E850BFF569DE01156C71F76D560A17B ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 00:13:30.0792 0x0588 IAANTMON - ok 00:13:30.0854 0x0588 [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:13:30.0885 0x0588 iaStor - ok 00:13:30.0916 0x0588 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 00:13:30.0932 0x0588 iaStorV - ok 00:13:31.0010 0x0588 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:13:31.0088 0x0588 idsvc - ok 00:13:31.0213 0x0588 [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 00:13:31.0431 0x0588 igfx - ok 00:13:31.0447 0x0588 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys 00:13:31.0462 0x0588 iirsp - ok 00:13:31.0525 0x0588 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll 00:13:31.0572 0x0588 IKEEXT - ok 00:13:31.0603 0x0588 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys 00:13:31.0618 0x0588 int15 - ok 00:13:31.0743 0x0588 [ 9F5898EBD3BBE82EADF2EFA595F02A72, A9A8CEE12F968C35D88443099875A8F96F42547F1991F1DB2E0F14FD423A411D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 00:13:31.0915 0x0588 IntcAzAudAddService - ok 00:13:31.0977 0x0588 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys 00:13:31.0993 0x0588 intelide - ok 00:13:32.0024 0x0588 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:13:32.0071 0x0588 intelppm - ok 00:13:32.0118 0x0588 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:13:32.0164 0x0588 IPBusEnum - ok 00:13:32.0196 0x0588 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:13:32.0242 0x0588 IpFilterDriver - ok 00:13:32.0274 0x0588 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:13:32.0352 0x0588 iphlpsvc - ok 00:13:32.0352 0x0588 IpInIp - ok 00:13:32.0367 0x0588 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 00:13:32.0430 0x0588 IPMIDRV - ok 00:13:32.0461 0x0588 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 00:13:32.0492 0x0588 IPNAT - ok 00:13:32.0523 0x0588 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:13:32.0570 0x0588 IRENUM - ok 00:13:32.0586 0x0588 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:13:32.0617 0x0588 isapnp - ok 00:13:32.0664 0x0588 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 00:13:32.0679 0x0588 iScsiPrt - ok 00:13:32.0710 0x0588 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 00:13:32.0726 0x0588 iteatapi - ok 00:13:32.0742 0x0588 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys 00:13:32.0757 0x0588 iteraid - ok 00:13:32.0788 0x0588 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 00:13:32.0804 0x0588 kbdclass - ok 00:13:32.0820 0x0588 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 00:13:32.0835 0x0588 kbdhid - ok 00:13:32.0898 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe 00:13:32.0944 0x0588 KeyIso - ok 00:13:33.0007 0x0588 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:13:33.0069 0x0588 KSecDD - ok 00:13:33.0132 0x0588 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll 00:13:33.0210 0x0588 KtmRm - ok 00:13:33.0256 0x0588 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll 00:13:33.0319 0x0588 LanmanServer - ok 00:13:33.0366 0x0588 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:13:33.0459 0x0588 LanmanWorkstation - ok 00:13:33.0568 0x0588 [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 00:13:33.0584 0x0588 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:33.0584 0x0588 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 00:13:33.0631 0x0588 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:13:33.0678 0x0588 lltdio - ok 00:13:33.0724 0x0588 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:13:33.0771 0x0588 lltdsvc - ok 00:13:33.0802 0x0588 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:13:33.0865 0x0588 lmhosts - ok 00:13:33.0896 0x0588 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 00:13:33.0912 0x0588 LSI_FC - ok 00:13:33.0927 0x0588 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 00:13:33.0943 0x0588 LSI_SAS - ok 00:13:33.0958 0x0588 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 00:13:33.0990 0x0588 LSI_SCSI - ok 00:13:34.0005 0x0588 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys 00:13:34.0068 0x0588 luafv - ok 00:13:34.0130 0x0588 [ 59A2783ABA6019BED0C843C706E10A6A, EE9F5D846169DCE44B59528AC5104D4CBA94575031528E413C4F5DA058B7059C ] massfilter C:\Windows\system32\drivers\massfilter.sys 00:13:34.0177 0x0588 massfilter - ok 00:13:34.0333 0x0588 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe 00:13:34.0458 0x0588 MBAMScheduler - ok 00:13:34.0520 0x0588 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 00:13:34.0536 0x0588 MBAMSwissArmy - ok 00:13:34.0567 0x0588 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:13:34.0598 0x0588 Mcx2Svc - ok 00:13:34.0723 0x0588 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 00:13:34.0738 0x0588 MDM - ok 00:13:34.0785 0x0588 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 00:13:34.0816 0x0588 mdmxsdk - ok 00:13:34.0863 0x0588 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys 00:13:34.0879 0x0588 megasas - ok 00:13:34.0957 0x0588 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys 00:13:34.0988 0x0588 MegaSR - ok 00:13:35.0050 0x0588 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll 00:13:35.0097 0x0588 MMCSS - ok 00:13:35.0144 0x0588 MobilityService - ok 00:13:35.0160 0x0588 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys 00:13:35.0206 0x0588 Modem - ok 00:13:35.0253 0x0588 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:13:35.0300 0x0588 monitor - ok 00:13:35.0331 0x0588 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 00:13:35.0347 0x0588 mouclass - ok 00:13:35.0362 0x0588 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:13:35.0425 0x0588 mouhid - ok 00:13:35.0456 0x0588 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 00:13:35.0472 0x0588 MountMgr - ok 00:13:35.0550 0x0588 [ 382B05D37573BB69EDD135D499776DAD, 32E45F46980FAC84FA1E5A093EFFC75EE818172BC4258DE8699390B4325A8117 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 00:13:35.0565 0x0588 MozillaMaintenance - ok 00:13:35.0612 0x0588 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys 00:13:35.0628 0x0588 mpio - ok 00:13:35.0659 0x0588 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:13:35.0690 0x0588 mpsdrv - ok 00:13:35.0752 0x0588 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:13:35.0830 0x0588 MpsSvc - ok 00:13:35.0893 0x0588 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 00:13:35.0908 0x0588 Mraid35x - ok 00:13:35.0955 0x0588 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:13:35.0986 0x0588 MRxDAV - ok 00:13:36.0033 0x0588 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:13:36.0096 0x0588 mrxsmb - ok 00:13:36.0142 0x0588 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:13:36.0174 0x0588 mrxsmb10 - ok 00:13:36.0189 0x0588 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:13:36.0236 0x0588 mrxsmb20 - ok 00:13:36.0283 0x0588 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys 00:13:36.0298 0x0588 msahci - ok 00:13:36.0330 0x0588 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:13:36.0345 0x0588 msdsm - ok 00:13:36.0376 0x0588 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe 00:13:36.0423 0x0588 MSDTC - ok 00:13:36.0454 0x0588 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:13:36.0517 0x0588 Msfs - ok 00:13:36.0532 0x0588 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:13:36.0548 0x0588 msisadrv - ok 00:13:36.0595 0x0588 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:13:36.0642 0x0588 MSiSCSI - ok 00:13:36.0642 0x0588 msiserver - ok 00:13:36.0673 0x0588 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:13:36.0735 0x0588 MSKSSRV - ok 00:13:36.0766 0x0588 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:13:36.0798 0x0588 MSPCLOCK - ok 00:13:36.0860 0x0588 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:13:36.0907 0x0588 MSPQM - ok 00:13:36.0954 0x0588 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:13:36.0969 0x0588 MsRPC - ok 00:13:36.0985 0x0588 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 00:13:37.0000 0x0588 mssmbios - ok 00:13:37.0016 0x0588 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:13:37.0078 0x0588 MSTEE - ok 00:13:37.0094 0x0588 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys 00:13:37.0110 0x0588 Mup - ok 00:13:37.0156 0x0588 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll 00:13:37.0203 0x0588 napagent - ok 00:13:37.0266 0x0588 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:13:37.0297 0x0588 NativeWifiP - ok 00:13:37.0359 0x0588 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:13:37.0422 0x0588 NDIS - ok 00:13:37.0468 0x0588 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:13:37.0484 0x0588 NdisTapi - ok 00:13:37.0515 0x0588 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:13:37.0562 0x0588 Ndisuio - ok 00:13:37.0593 0x0588 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:13:37.0624 0x0588 NdisWan - ok 00:13:37.0640 0x0588 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:13:37.0671 0x0588 NDProxy - ok 00:13:37.0687 0x0588 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:13:37.0749 0x0588 NetBIOS - ok 00:13:37.0796 0x0588 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys 00:13:37.0843 0x0588 netbt - ok 00:13:37.0874 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe 00:13:37.0890 0x0588 Netlogon - ok 00:13:37.0936 0x0588 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll 00:13:37.0999 0x0588 Netman - ok 00:13:38.0046 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 00:13:38.0092 0x0588 NetMsmqActivator - ok 00:13:38.0108 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 00:13:38.0124 0x0588 NetPipeActivator - ok 00:13:38.0170 0x0588 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll 00:13:38.0217 0x0588 netprofm - ok 00:13:38.0233 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 00:13:38.0248 0x0588 NetTcpActivator - ok 00:13:38.0264 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 00:13:38.0280 0x0588 NetTcpPortSharing - ok 00:13:38.0451 0x0588 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 00:13:38.0638 0x0588 NETw3v32 - ok 00:13:38.0794 0x0588 [ 38D720E0C8B0ECB9A019980265679798, 38A3CCB0AC7A70481B98E29637E6CE2A3B20737E6FF17AF885AE2229EDF08581 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 00:13:39.0028 0x0588 NETw4v32 - ok 00:13:39.0200 0x0588 [ 82FFC84EC3AFC2F2D38DB880F50157C0, 4D37A44A5BBD3ECA2B29FE8565FC5840093E5BB41D197BEDA406BCE4A7C3479A ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe 00:13:39.0403 0x0588 Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:39.0403 0x0588 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning 00:13:39.0434 0x0588 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 00:13:39.0450 0x0588 nfrd960 - ok 00:13:39.0512 0x0588 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll 00:13:39.0574 0x0588 NlaSvc - ok 00:13:39.0606 0x0588 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:13:39.0652 0x0588 Npfs - ok 00:13:39.0699 0x0588 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll 00:13:39.0730 0x0588 nsi - ok 00:13:39.0746 0x0588 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:13:39.0808 0x0588 nsiproxy - ok 00:13:39.0886 0x0588 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:13:39.0964 0x0588 Ntfs - ok 00:13:39.0996 0x0588 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 00:13:40.0027 0x0588 NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:40.0027 0x0588 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning 00:13:40.0042 0x0588 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 00:13:40.0105 0x0588 ntrigdigi - ok 00:13:40.0120 0x0588 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys 00:13:40.0183 0x0588 Null - ok 00:13:40.0604 0x0588 [ 9E8222B2EF8130DB3EA6669FDA358453, D9DD89EAE671F6E7648054AB0F3A9F33A4A1435006B94D3C959FC6C4999330A6 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 00:13:41.0290 0x0588 nvlddmkm - ok 00:13:41.0337 0x0588 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:13:41.0353 0x0588 nvraid - ok 00:13:41.0400 0x0588 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:13:41.0415 0x0588 nvstor - ok 00:13:41.0446 0x0588 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:13:41.0462 0x0588 nv_agp - ok 00:13:41.0462 0x0588 NwlnkFlt - ok 00:13:41.0478 0x0588 NwlnkFwd - ok 00:13:41.0587 0x0588 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:13:41.0634 0x0588 odserv - ok 00:13:41.0696 0x0588 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 00:13:41.0743 0x0588 ohci1394 - ok 00:13:41.0774 0x0588 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:13:41.0790 0x0588 ose - ok 00:13:41.0852 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll 00:13:41.0977 0x0588 p2pimsvc - ok 00:13:42.0024 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll 00:13:42.0070 0x0588 p2psvc - ok 00:13:42.0133 0x0588 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys 00:13:42.0180 0x0588 Parport - ok 00:13:42.0226 0x0588 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:13:42.0242 0x0588 partmgr - ok 00:13:42.0273 0x0588 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 00:13:42.0336 0x0588 Parvdm - ok 00:13:42.0382 0x0588 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll 00:13:42.0414 0x0588 PcaSvc - ok 00:13:42.0460 0x0588 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys 00:13:42.0476 0x0588 pci - ok 00:13:42.0507 0x0588 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys 00:13:42.0523 0x0588 pciide - ok 00:13:42.0554 0x0588 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 00:13:42.0570 0x0588 pcmcia - ok 00:13:42.0648 0x0588 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:13:42.0788 0x0588 PEAUTH - ok 00:13:42.0897 0x0588 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll 00:13:43.0053 0x0588 pla - ok 00:13:43.0116 0x0588 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:13:43.0147 0x0588 PlugPlay - ok 00:13:43.0272 0x0588 pmem - ok 00:13:43.0303 0x0588 pmp3052v - ok 00:13:43.0365 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 00:13:43.0412 0x0588 PNRPAutoReg - ok 00:13:43.0459 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll 00:13:43.0506 0x0588 PNRPsvc - ok 00:13:43.0568 0x0588 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:13:43.0630 0x0588 PolicyAgent - ok 00:13:43.0693 0x0588 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:13:43.0724 0x0588 PptpMiniport - ok 00:13:43.0740 0x0588 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys 00:13:43.0802 0x0588 Processor - ok 00:13:43.0833 0x0588 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll 00:13:43.0896 0x0588 ProfSvc - ok 00:13:43.0911 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe 00:13:43.0942 0x0588 ProtectedStorage - ok 00:13:43.0958 0x0588 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 00:13:44.0005 0x0588 PSched - ok 00:13:44.0036 0x0588 [ 18DE162F9B83079C24CD96F59292F5ED, 9832289F2F7C8DC3A8B4C7FBD90E0FDDFD41D0A0E6E40D90F98CFD6E8E93C974 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 00:13:44.0052 0x0588 PSDFilter - ok 00:13:44.0067 0x0588 [ BC1457A28E76AB3106D43802AC22A627, 450F7E8D6990A7089905E23F9B0BA239A25E45778C57FB4E8909E15196D09A26 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys 00:13:44.0083 0x0588 PSDNServ - ok 00:13:44.0098 0x0588 [ AC151E5B0943304E368C98EC78B5FC4F, 6CFC7668BE7632FC72C9D8FF45F061557F768EE23FDF7AD63CA82035E03E5F1B ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys 00:13:44.0114 0x0588 psdvdisk - ok 00:13:44.0208 0x0588 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys 00:13:44.0286 0x0588 ql2300 - ok 00:13:44.0332 0x0588 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 00:13:44.0348 0x0588 ql40xx - ok 00:13:44.0379 0x0588 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll 00:13:44.0442 0x0588 QWAVE - ok 00:13:44.0473 0x0588 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:13:44.0520 0x0588 QWAVEdrv - ok 00:13:44.0535 0x0588 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:13:44.0566 0x0588 RasAcd - ok 00:13:44.0598 0x0588 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll 00:13:44.0644 0x0588 RasAuto - ok 00:13:44.0660 0x0588 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:13:44.0722 0x0588 Rasl2tp - ok 00:13:44.0769 0x0588 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll 00:13:44.0800 0x0588 RasMan - ok 00:13:44.0847 0x0588 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:13:44.0863 0x0588 RasPppoe - ok 00:13:44.0878 0x0588 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:13:44.0925 0x0588 RasSstp - ok 00:13:44.0988 0x0588 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:13:45.0034 0x0588 rdbss - ok 00:13:45.0066 0x0588 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:13:45.0112 0x0588 RDPCDD - ok 00:13:45.0175 0x0588 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 00:13:45.0222 0x0588 rdpdr - ok 00:13:45.0222 0x0588 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:13:45.0268 0x0588 RDPENCDD - ok 00:13:45.0315 0x0588 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:13:45.0378 0x0588 RDPWD - ok 00:13:45.0440 0x0588 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll 00:13:45.0487 0x0588 RemoteAccess - ok 00:13:45.0534 0x0588 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:13:45.0565 0x0588 RemoteRegistry - ok 00:13:45.0612 0x0588 [ 0A468612A19FEB657D127E7C4810F6FC, B31A083FA10051BE5132D759A904E131E9DD1C4CE79310A75213B9C48247739B ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 00:13:45.0658 0x0588 RichVideo - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:45.0658 0x0588 RichVideo ( UnsignedFile.Multi.Generic ) - warning 00:13:45.0705 0x0588 [ A5B12A4B3B774432DB9B9FA221190E59, 1DAAB43A2429035BAB8403E5D24F50F82BD41B5B478B344C3C58D49F1E15C2AE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 00:13:45.0768 0x0588 rimmptsk - ok 00:13:45.0783 0x0588 [ C398BCA91216755B098679A8DA8A2300, 1FDDC3D927509AB10C3B0B7900DCE78DEC6B1C3CAE80F78EFCFBB628673B2143 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 00:13:45.0814 0x0588 rimsptsk - ok 00:13:45.0830 0x0588 [ 2A2554CB24506E0A0508FC395C4A1B42, B989AE65727C971D508E7284707258FCCC9213B510F4C2A257D3069A3DABE20B ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 00:13:45.0846 0x0588 rismxdp - ok 00:13:45.0877 0x0588 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe 00:13:45.0908 0x0588 RpcLocator - ok 00:13:45.0955 0x0588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll 00:13:46.0002 0x0588 RpcSs - ok 00:13:46.0033 0x0588 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:13:46.0064 0x0588 rspndr - ok 00:13:46.0095 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe 00:13:46.0111 0x0588 SamSs - ok 00:13:46.0142 0x0588 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:13:46.0158 0x0588 sbp2port - ok 00:13:46.0189 0x0588 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:13:46.0251 0x0588 SCardSvr - ok 00:13:46.0298 0x0588 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll 00:13:46.0423 0x0588 Schedule - ok 00:13:46.0438 0x0588 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll 00:13:46.0470 0x0588 SCPolicySvc - ok 00:13:46.0485 0x0588 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 00:13:46.0532 0x0588 sdbus - ok 00:13:46.0579 0x0588 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:13:46.0641 0x0588 SDRSVC - ok 00:13:46.0672 0x0588 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:13:46.0750 0x0588 secdrv - ok 00:13:46.0766 0x0588 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll 00:13:46.0813 0x0588 seclogon - ok 00:13:46.0860 0x0588 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll 00:13:46.0906 0x0588 SENS - ok 00:13:46.0922 0x0588 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys 00:13:47.0000 0x0588 Serenum - ok 00:13:47.0016 0x0588 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys 00:13:47.0094 0x0588 Serial - ok 00:13:47.0140 0x0588 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys 00:13:47.0172 0x0588 sermouse - ok 00:13:47.0218 0x0588 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll 00:13:47.0250 0x0588 SessionEnv - ok 00:13:47.0265 0x0588 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:13:47.0312 0x0588 sffdisk - ok 00:13:47.0328 0x0588 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:13:47.0374 0x0588 sffp_mmc - ok 00:13:47.0421 0x0588 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:13:47.0468 0x0588 sffp_sd - ok 00:13:47.0499 0x0588 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 00:13:47.0577 0x0588 sfloppy - ok 00:13:47.0640 0x0588 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:13:47.0686 0x0588 SharedAccess - ok 00:13:47.0733 0x0588 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:13:47.0796 0x0588 ShellHWDetection - ok 00:13:47.0811 0x0588 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys 00:13:47.0842 0x0588 sisagp - ok 00:13:47.0858 0x0588 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 00:13:47.0874 0x0588 SiSRaid2 - ok 00:13:47.0889 0x0588 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 00:13:47.0905 0x0588 SiSRaid4 - ok 00:13:48.0123 0x0588 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe 00:13:48.0404 0x0588 slsvc - ok 00:13:48.0466 0x0588 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll 00:13:48.0498 0x0588 SLUINotify - ok 00:13:48.0544 0x0588 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:13:48.0591 0x0588 Smb - ok 00:13:48.0638 0x0588 [ FFD9B64DB2CD7B74B766C3A8452A5816, 48842988977E57C57989B7AF73A9A23A93595085E3ED78C472E323716C2F819B ] snapman C:\Windows\system32\DRIVERS\snapman.sys 00:13:48.0669 0x0588 snapman - ok 00:13:48.0685 0x0588 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:13:48.0700 0x0588 SNMPTRAP - ok 00:13:48.0841 0x0588 [ 1C550748F896E53B7B0FE7717845132B, B745D22DCB6AFFCC9B5E0BF38B68440B54080B17ED9DF7EB414F84EB035E1F30 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 00:13:49.0012 0x0588 SNP2UVC - ok 00:13:49.0044 0x0588 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys 00:13:49.0059 0x0588 spldr - ok 00:13:49.0106 0x0588 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe 00:13:49.0168 0x0588 Spooler - ok 00:13:49.0215 0x0588 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys 00:13:49.0293 0x0588 srv - ok 00:13:49.0324 0x0588 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:13:49.0402 0x0588 srv2 - ok 00:13:49.0418 0x0588 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:13:49.0465 0x0588 srvnet - ok 00:13:49.0512 0x0588 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:13:49.0543 0x0588 SSDPSRV - ok 00:13:49.0605 0x0588 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 00:13:49.0621 0x0588 ssmdrv - ok 00:13:49.0668 0x0588 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:13:49.0714 0x0588 SstpSvc - ok 00:13:49.0777 0x0588 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll 00:13:49.0824 0x0588 stisvc - ok 00:13:49.0870 0x0588 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys 00:13:49.0886 0x0588 swenum - ok 00:13:49.0917 0x0588 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll 00:13:49.0995 0x0588 swprv - ok 00:13:50.0011 0x0588 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 00:13:50.0026 0x0588 Symc8xx - ok 00:13:50.0042 0x0588 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 00:13:50.0058 0x0588 Sym_hi - ok 00:13:50.0089 0x0588 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 00:13:50.0104 0x0588 Sym_u3 - ok 00:13:50.0136 0x0588 [ C5F25D490D0915732508FD421BF76D93, 9DDF1CBC69C3A1D157073F897AE797ECA257F1CC9659A75F6DFF0C30594C06DD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 00:13:50.0151 0x0588 SynTP - ok 00:13:50.0198 0x0588 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll 00:13:50.0307 0x0588 SysMain - ok 00:13:50.0338 0x0588 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:13:50.0370 0x0588 TabletInputService - ok 00:13:50.0401 0x0588 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:13:50.0448 0x0588 TapiSrv - ok 00:13:50.0463 0x0588 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll 00:13:50.0526 0x0588 TBS - ok 00:13:50.0604 0x0588 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:13:50.0666 0x0588 Tcpip - ok 00:13:50.0744 0x0588 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 00:13:50.0806 0x0588 Tcpip6 - ok 00:13:50.0853 0x0588 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:13:50.0947 0x0588 tcpipreg - ok 00:13:50.0978 0x0588 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:13:51.0025 0x0588 TDPIPE - ok 00:13:51.0103 0x0588 [ 3630F5B8181554DEECFE2E4252BC4C4C, 4C827CD4C3880854DE1CE232118F21E09A8731441D7203D5CA1ACBF8CDDF8B70 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys 00:13:51.0165 0x0588 tdrpman251 - ok 00:13:51.0212 0x0588 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:13:51.0259 0x0588 TDTCP - ok 00:13:51.0306 0x0588 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:13:51.0337 0x0588 tdx - ok 00:13:51.0430 0x0588 [ 9993A46795FEE757D418119A00FA2FDC, EB0E8D230D99C6ADBBC04A50A9E44C37BF06881FF0E2A2620BE8CC87CA72A8EB ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 00:13:51.0446 0x0588 TeamViewer5 - ok 00:13:51.0477 0x0588 [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys 00:13:51.0493 0x0588 teamviewervpn - ok 00:13:51.0555 0x0588 [ 5D528200679C3B4595B4237E02C077D5, 48496E4FA2FFF68B69B8E11244D749040ABDAE92B9ACF7F7E131BBA82114282D ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys 00:13:51.0571 0x0588 TelekomNM3 - ok 00:13:51.0602 0x0588 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 00:13:51.0618 0x0588 TermDD - ok 00:13:51.0664 0x0588 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll 00:13:51.0758 0x0588 TermService - ok 00:13:51.0789 0x0588 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll 00:13:51.0820 0x0588 Themes - ok 00:13:51.0836 0x0588 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll 00:13:51.0867 0x0588 THREADORDER - ok 00:13:51.0930 0x0588 [ C820BFC70FEB25EC877C49E81CD477C1, 5830A2A028C30CF3331832056A698C9B35B0765CAE82EB916AD603CF15B7C03C ] timounter C:\Windows\system32\DRIVERS\timntr.sys 00:13:51.0976 0x0588 timounter - ok 00:13:52.0023 0x0588 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll 00:13:52.0054 0x0588 TrkWks - ok 00:13:52.0117 0x0588 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:13:52.0164 0x0588 TrustedInstaller - ok 00:13:52.0195 0x0588 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:13:52.0242 0x0588 tssecsrv - ok 00:13:52.0304 0x0588 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 00:13:52.0335 0x0588 tunmp - ok 00:13:52.0351 0x0588 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:13:52.0382 0x0588 tunnel - ok 00:13:52.0398 0x0588 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 00:13:52.0413 0x0588 uagp35 - ok 00:13:52.0444 0x0588 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:13:52.0491 0x0588 udfs - ok 00:13:52.0569 0x0588 [ 13BFF97E926BF8D9C1230CECC371A0C0, 2A15D85E41D3986401D74CBCA36E190E82A61F99EECE0AB85A1CF2A57C60FD85 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe 00:13:52.0585 0x0588 UI Assistant Service - ok 00:13:52.0616 0x0588 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:13:52.0663 0x0588 UI0Detect - ok 00:13:52.0678 0x0588 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:13:52.0694 0x0588 uliagpkx - ok 00:13:52.0725 0x0588 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys 00:13:52.0741 0x0588 uliahci - ok 00:13:52.0772 0x0588 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys 00:13:52.0788 0x0588 UlSata - ok 00:13:52.0819 0x0588 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 00:13:52.0834 0x0588 ulsata2 - ok 00:13:52.0850 0x0588 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 00:13:52.0897 0x0588 umbus - ok 00:13:52.0912 0x0588 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll 00:13:52.0975 0x0588 upnphost - ok 00:13:53.0037 0x0588 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:13:53.0100 0x0588 usbccgp - ok 00:13:53.0131 0x0588 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:13:53.0209 0x0588 usbcir - ok 00:13:53.0256 0x0588 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 00:13:53.0271 0x0588 usbehci - ok 00:13:53.0318 0x0588 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:13:53.0349 0x0588 usbhub - ok 00:13:53.0380 0x0588 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:13:53.0458 0x0588 usbohci - ok 00:13:53.0474 0x0588 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys 00:13:53.0536 0x0588 usbprint - ok 00:13:53.0568 0x0588 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:13:53.0599 0x0588 USBSTOR - ok 00:13:53.0646 0x0588 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 00:13:53.0677 0x0588 usbuhci - ok 00:13:53.0724 0x0588 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll 00:13:53.0770 0x0588 UxSms - ok 00:13:53.0817 0x0588 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe 00:13:53.0911 0x0588 vds - ok 00:13:53.0942 0x0588 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:13:54.0004 0x0588 vga - ok 00:13:54.0020 0x0588 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys 00:13:54.0067 0x0588 VgaSave - ok 00:13:54.0114 0x0588 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys 00:13:54.0129 0x0588 viaagp - ok 00:13:54.0145 0x0588 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 00:13:54.0176 0x0588 ViaC7 - ok 00:13:54.0207 0x0588 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys 00:13:54.0223 0x0588 viaide - ok 00:13:54.0238 0x0588 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:13:54.0254 0x0588 volmgr - ok 00:13:54.0285 0x0588 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:13:54.0316 0x0588 volmgrx - ok 00:13:54.0348 0x0588 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:13:54.0379 0x0588 volsnap - ok 00:13:54.0426 0x0588 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 00:13:54.0441 0x0588 vsmraid - ok 00:13:54.0519 0x0588 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe 00:13:54.0644 0x0588 VSS - ok 00:13:54.0691 0x0588 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll 00:13:54.0738 0x0588 W32Time - ok 00:13:54.0800 0x0588 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 00:13:54.0862 0x0588 WacomPen - ok 00:13:54.0894 0x0588 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 00:13:54.0925 0x0588 Wanarp - ok 00:13:54.0925 0x0588 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:13:54.0956 0x0588 Wanarpv6 - ok 00:13:55.0003 0x0588 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:13:55.0081 0x0588 wcncsvc - ok 00:13:55.0128 0x0588 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:13:55.0159 0x0588 WcsPlugInService - ok 00:13:55.0174 0x0588 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys 00:13:55.0190 0x0588 Wd - ok 00:13:55.0252 0x0588 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:13:55.0315 0x0588 Wdf01000 - ok 00:13:55.0346 0x0588 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:13:55.0377 0x0588 WdiServiceHost - ok 00:13:55.0377 0x0588 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:13:55.0424 0x0588 WdiSystemHost - ok 00:13:55.0455 0x0588 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll 00:13:55.0518 0x0588 WebClient - ok 00:13:55.0564 0x0588 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:13:55.0627 0x0588 Wecsvc - ok 00:13:55.0658 0x0588 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:13:55.0705 0x0588 wercplsupport - ok 00:13:55.0736 0x0588 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll 00:13:55.0798 0x0588 WerSvc - ok 00:13:55.0861 0x0588 [ 3344B5C3209E538291398FF12F895155, 7F725285347D73C28B522CF38F78C7C5F7ED360948133E58D14D71D45DB71720 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 00:13:55.0954 0x0588 winachsf - ok 00:13:56.0001 0x0588 [ 3FA87D56769838AAC82FAFC3E78FC732, E1D942D59A7EDB1768D39D87D637C6F87C84711D0776FF2C69161350D037663B ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys 00:13:56.0017 0x0588 winbondcir - ok 00:13:56.0079 0x0588 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 00:13:56.0110 0x0588 WinDefend - ok 00:13:56.0110 0x0588 WinHttpAutoProxySvc - ok 00:13:56.0188 0x0588 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:13:56.0220 0x0588 Winmgmt - ok 00:13:56.0298 0x0588 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll 00:13:56.0500 0x0588 WinRM - ok 00:13:56.0578 0x0588 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll 00:13:56.0672 0x0588 Wlansvc - ok 00:13:56.0672 0x0588 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 00:13:56.0703 0x0588 WmiAcpi - ok 00:13:56.0750 0x0588 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:13:56.0797 0x0588 wmiApSrv - ok 00:13:56.0890 0x0588 [ C8F8AAC50B5B0BF821AB7D7126056B30, 9E392A6198B941FEBF3AE509626887C68457C7349866AB9B719B15FE52659C29 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 00:13:56.0922 0x0588 WMIService - detected UnsignedFile.Multi.Generic ( 1 ) 00:13:56.0922 0x0588 WMIService ( UnsignedFile.Multi.Generic ) - warning 00:13:57.0000 0x0588 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 00:13:57.0140 0x0588 WMPNetworkSvc - ok 00:13:57.0171 0x0588 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:13:57.0234 0x0588 WPCSvc - ok 00:13:57.0265 0x0588 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:13:57.0327 0x0588 WPDBusEnum - ok 00:13:57.0499 0x0588 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 00:13:57.0592 0x0588 WPFFontCache_v0400 - ok 00:13:57.0624 0x0588 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:13:57.0670 0x0588 ws2ifsl - ok 00:13:57.0733 0x0588 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll 00:13:57.0764 0x0588 wscsvc - ok 00:13:57.0764 0x0588 WSearch - ok 00:13:57.0811 0x0588 [ 2584DF81CC9F7E7BD3545691106F8CAE, 1278F9727730075BAC87BB76800BB3533B9C929F66CDFEAC669931A3F4211A48 ] WSVD C:\Windows\system32\drivers\WSVD.sys 00:13:57.0826 0x0588 WSVD - ok 00:13:57.0951 0x0588 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll 00:13:58.0076 0x0588 wuauserv - ok 00:13:58.0138 0x0588 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:13:58.0154 0x0588 WudfPf - ok 00:13:58.0216 0x0588 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:13:58.0232 0x0588 WUDFRd - ok 00:13:58.0310 0x0588 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:13:58.0341 0x0588 wudfsvc - ok 00:13:58.0372 0x0588 [ 2E579520E114A9CA309F13BF40AD8292, A7C926AD8E126E90F83799D907AD51F8F3C2C2799E2E2D005357DEE58B73B333 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 00:13:58.0372 0x0588 XAudio - ok 00:13:58.0419 0x0588 [ F82FC2C30A19442B95AE554215837C46, 7CAD611D660264BB22069148DC16601D3458D1372FC1DE85BD004906E19D05B4 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 00:13:58.0466 0x0588 XAudioService - ok 00:13:58.0544 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 00:13:58.0575 0x0588 ZTEusbmdm6k - ok 00:13:58.0591 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 00:13:58.0606 0x0588 ZTEusbnmea - ok 00:13:58.0653 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 00:13:58.0669 0x0588 ZTEusbser6k - ok 00:13:58.0716 0x0588 [ 5867CE254625645345C833510D24F124, 72808936B15373DDB3B3DAD46D0368A9CBD5CF0829F0FE2D63F3A0731102277C ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 00:13:58.0731 0x0588 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 00:13:58.0747 0x0588 ================ Scan global =============================== 00:13:58.0778 0x0588 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll 00:13:58.0825 0x0588 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll 00:13:58.0887 0x0588 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll 00:13:58.0934 0x0588 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe 00:13:58.0965 0x0588 [ Global ] - ok 00:13:58.0965 0x0588 ================ Scan MBR ================================== 00:13:58.0981 0x0588 [ 7188A7A9747B3170479FE1B3850FCD15 ] \Device\Harddisk0\DR0 00:14:00.0073 0x0588 \Device\Harddisk0\DR0 - ok 00:14:00.0073 0x0588 ================ Scan VBR ================================== 00:14:00.0073 0x0588 [ 202F2A264FF621C88400E9EA5EFB1C2C ] \Device\Harddisk0\DR0\Partition1 00:14:00.0135 0x0588 \Device\Harddisk0\DR0\Partition1 - ok 00:14:00.0135 0x0588 [ 6BD4749A5583B5D1490C9FBDB9FF48A7 ] \Device\Harddisk0\DR0\Partition2 00:14:00.0151 0x0588 \Device\Harddisk0\DR0\Partition2 - ok 00:14:00.0151 0x0588 ================ Scan generic autorun ====================== 00:14:00.0166 0x0588 NvSvc - ok 00:14:00.0166 0x0588 NvCplDaemon - ok 00:14:00.0166 0x0588 NvMediaCenter - ok 00:14:00.0229 0x0588 [ EED2120454E74AA5C257947986B4D068, 1E68F6DF831941B8F3C5F2B0A67AB5F9A9C94901DD37B31654D91DE38110B9E0 ] C:\Program Files\Synaptics\SynTP\SynTPStart.exe 00:14:00.0260 0x0588 SynTPStart - ok 00:14:00.0322 0x0588 [ C7D5F71489FA92A6D2069E0C9862799F, D7B66F480F572EB0795ED2496C7BCF56E5FE73372DBE13A2BE4221BA9D7F55AB ] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe 00:14:00.0400 0x0588 eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 ) 00:14:00.0400 0x0588 eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - warning 00:14:00.0494 0x0588 [ 20F0D48EA1631579D84157658A59C5CD, AD3039FF96C7147CBE3FBB3DC7F87F7957B70BDFC6DF1F087FA2DB96B0C6B568 ] C:\Acer\Empowering Technology\eAudio\eAudio.exe 00:14:00.0603 0x0588 eAudio - detected UnsignedFile.Multi.Generic ( 1 ) 00:14:00.0603 0x0588 eAudio ( UnsignedFile.Multi.Generic ) - warning 00:14:00.0681 0x0588 [ C2C80A16DF3C72B331333B8C01E7731C, 50A157DEE57A491A776F1208FEEC92A34A13B995FE7C9AF1E7C933F1A069B568 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 00:14:00.0697 0x0588 IAAnotif - ok 00:14:00.0931 0x0588 [ D6136DEFFF8EB6AD98F401ED43853EB9, EE82FE47A09EA532C796CC3E399C9D4577FDA06C1E7D52479FA9B74C6B407810 ] C:\Windows\RtHDVCpl.exe 00:14:01.0368 0x0588 RtHDVCpl - ok 00:14:01.0477 0x0588 [ 1AFA1CBBB859A9F335FEC2F8CF3D5D0B, 129F2BDB93E7D06F01B066285D94F61AE54C99133B8063C655315E3210137F6C ] C:\Windows\Skytel.exe 00:14:01.0617 0x0588 Skytel - ok 00:14:01.0695 0x0588 [ 806DB5F4FC5185AFC608E881979CC25F, B4991488DB86C84D5B2EB7F900541CBB094A87877DD82CB39411B59DA174B3F2 ] C:\Windows\system32\igfxtray.exe 00:14:01.0711 0x0588 IgfxTray - ok 00:14:01.0742 0x0588 [ D4975555E91636FCF4809E51731F80D8, 5A24C4C38B3ADD25F04A9E327314B23F1A7C63C44C4EB78AC234049FBFB60217 ] C:\Windows\system32\hkcmd.exe 00:14:01.0758 0x0588 HotKeysCmds - ok 00:14:01.0773 0x0588 [ CD12A46AE81306C2F14B19A58E1058B0, 699573D9C5C109813EFDA73283F9274300888002239831073FB164F91640EF65 ] C:\Windows\system32\igfxpers.exe 00:14:01.0789 0x0588 Persistence - ok 00:14:01.0867 0x0588 [ 5927ADDBD2819585B7AC3BC95009619C, A7E7049CE32CFDE02B592A55970653A74B9CEB64F6ECA542944CEA2283BDAD34 ] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE 00:14:01.0929 0x0588 LManager - ok 00:14:01.0960 0x0588 [ C53545EEBCA33339313EEC5D00AEF648, DD0C3FDBB7ED4257D765F770D656229754CEE2357FF3EAC8E4648CF26321BB48 ] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe 00:14:01.0992 0x0588 PlayMovie - detected UnsignedFile.Multi.Generic ( 1 ) 00:14:01.0992 0x0588 PlayMovie ( UnsignedFile.Multi.Generic ) - warning 00:14:01.0992 0x0588 Force sending object to P2P due to detect: C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe 00:14:02.0007 0x0588 Object send P2P result: false 00:14:02.0007 0x0588 PLFSet - ok 00:14:02.0288 0x0588 [ 120B482E4A0333ED3C7D6159DCAA3F4B, 887A63E33D0927240732EF1A6C445366BC91C96EC2EF794132CB4325D737CBBA ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 00:14:02.0647 0x0588 TrueImageMonitor.exe - ok 00:14:02.0803 0x0588 [ C0FB9C45E749EAD86588755CE263AB4C, 2F819CE88F306DEA3DADE6CDA3BA5C9D903F0A99ACCC9E987C118A3E176D72FE ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 00:14:02.0834 0x0588 Acronis Scheduler2 Service - ok 00:14:02.0881 0x0588 [ 79DE5E0997A94ED1D336B314005C4543, 8637F483CC2C1F181B23CC3A0BAB010D7B9F82661FFE6202BCECF1E6CA2F7EAA ] C:\Program Files\1&1 Surf-Stick\UIExec.exe 00:14:02.0896 0x0588 UIExec - ok 00:14:02.0990 0x0588 [ 7FA30B0DE75D61B4E8E8734B2BB6CA6C, C545C83A6F7B6CDFA2C0393553AE3CCCE6FCC11CCB4026470D414B06EC679581 ] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe 00:14:03.0037 0x0588 FUFAXRCV - detected UnsignedFile.Multi.Generic ( 1 ) 00:14:03.0037 0x0588 FUFAXRCV ( UnsignedFile.Multi.Generic ) - warning 00:14:03.0099 0x0588 [ E476F00C910C1A96978FB30859E10919, 3F0DDF6DC7DB346BFB8AD9DD76F53143415FEED620A49B35A16168606A1942B4 ] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe 00:14:03.0162 0x0588 FUFAXSTM - detected UnsignedFile.Multi.Generic ( 1 ) 00:14:03.0162 0x0588 FUFAXSTM ( UnsignedFile.Multi.Generic ) - warning 00:14:03.0302 0x0588 [ D3AC38E80E928CC61A22650E04423BB8, 8DB324E5BCC2A721EB0C48F0F3ECC21E49D6172A3BF8ACC55244C08FAEB3101C ] C:\Program Files\Epson Software\Event Manager\EEventManager.exe 00:14:03.0380 0x0588 EEventManager - ok 00:14:03.0520 0x0588 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 00:14:03.0598 0x0588 Adobe ARM - ok 00:14:03.0723 0x0588 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 00:14:03.0786 0x0588 avgnt - ok 00:14:03.0879 0x0588 [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe 00:14:03.0910 0x0588 Avira Systray - ok 00:14:04.0004 0x0588 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe 00:14:04.0144 0x0588 Sidebar - ok 00:14:04.0191 0x0588 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe 00:14:04.0238 0x0588 ehTray.exe - ok 00:14:04.0300 0x0588 Skype - ok 00:14:04.0378 0x0588 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated ) 00:14:04.0378 0x0588 Win FW state via NFP2: enabled 00:14:04.0378 0x0588 ============================================================ 00:14:04.0378 0x0588 Scan finished 00:14:04.0378 0x0588 ============================================================ 00:14:04.0394 0x055c Detected object count: 15 00:14:04.0394 0x055c Actual detected object count: 15 00:38:49.0467 0x055c eDataSecurity Service ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0467 0x055c eDataSecurity Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0467 0x055c eLockService ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0467 0x055c eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0467 0x055c eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0467 0x055c eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0467 0x055c eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0467 0x055c eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0498 0x055c eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0498 0x055c eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0498 0x055c LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0498 0x055c LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0514 0x055c Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0514 0x055c Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0514 0x055c NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0514 0x055c NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0530 0x055c RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0530 0x055c RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0545 0x055c WMIService ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0545 0x055c WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0576 0x055c eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0576 0x055c eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0576 0x055c eAudio ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0576 0x055c eAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0576 0x055c PlayMovie ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0576 0x055c PlayMovie ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0576 0x055c FUFAXRCV ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0576 0x055c FUFAXRCV ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:38:49.0576 0x055c FUFAXSTM ( UnsignedFile.Multi.Generic ) - skipped by user 00:38:49.0576 0x055c FUFAXSTM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:56:38.0488 0x0390 Deinitialize success Freundlich grüßt Mischa |
|
13.01.2015, 17:47
| #6 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ --> Laptop verpilzt |
|
16.01.2015, 19:27
| #7 |
| | Oh Hallo Schrauber, sorry es gab Probleme AVIRA war nicht zu stoppen und nicht zu deinstallieren obwohl combofix es verlangte Habe auch erfolglos versucht manuell zu lõschen Dann habe ich Avira im Startup lahmgelegt Seitdem ging Abgesicherter Modus nicht Screen black und frozen beim Start habe normal starten können Jetzt poppte Avira Deinstalfenster auf und funktionierte Habe dann Combofix im Normalmodus laufen lassen Lief bis Stufe 10 Dann Blackscreen und Rechner ist frozen Habe Sorge auszuschalten Was tun? Bitte Hilfe schreibe vom Notepad |
|
16.01.2015, 19:48
| #8 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt Hart rebooten, dann nochmal Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 20:44
| #9 |
| | Laptop verpilzt Danke, hat funktioniert Code:
ATTFilter ComboFix 15-01-08.01 - Dagobert 16.01.2015 20:15:38.3.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.1634 [GMT 1:00]
ausgeführt von:: c:\users\Dagobert\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dagobert\4.0
c:\users\Dagobert\AppData\Roaming\.#
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-16 bis 2015-01-16 ))))))))))))))))))))))))))))))
.
.
2015-01-16 19:27 . 2015-01-16 19:34 -------- d-----w- c:\users\Dagobert\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\TxR\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\RegBack\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\Journal\AppData\Local\temp
2015-01-16 19:27 . 2015-01-16 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-16 15:43 . 2015-01-16 17:33 -------- d-----w- C:\OETemp
2015-01-15 12:19 . 2015-01-15 12:19 -------- d-----w- c:\users\Dagobert\AppData\Local\CyberLink
2015-01-15 12:19 . 2015-01-15 12:19 -------- d-----w- c:\users\Dagobert\AppData\Local\HomeMedia
2015-01-13 19:23 . 2008-01-24 02:25 192512 ----a-w- c:\windows\system32\igfxres.dll
2015-01-12 19:03 . 2015-01-12 19:03 -------- d-----w- C:\Dagobert
2015-01-12 16:29 . 2015-01-12 16:31 -------- d-----w- C:\FRST
2015-01-11 12:58 . 2015-01-11 14:55 -------- d-----w- C:\EEK
2015-01-10 20:07 . 2015-01-10 20:07 -------- d-----w- c:\program files\Mozilla Firefox(29)
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 15:49 . 2013-02-26 20:19 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 15:49 . 2013-02-26 20:19 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-13 13:29 . 2014-08-08 10:03 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-13 13:28 . 2014-07-20 12:19 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-08-08 10:02 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2013-03-29 12:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-3-25 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Dagobert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk]
path=c:\users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
backup=c:\windows\pss\Netzmanager.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 19:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 01:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-11 00:39 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-04 2326920]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-07-04 159168]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 14:48 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:49]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-16 11:30]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-16 11:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} - hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab
FF - ProfilePath - c:\users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Avira Systray - c:\program files\Avira\My Avira\Avira.OE.Systray.exe
MSConfigStartUp-Scan Buttons - c:\program files\NewSoft\Presto! PageManager 9.03\PMSB.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-16 20:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2015-01-16 20:37:26
ComboFix-quarantined-files.txt 2015-01-16 19:37
ComboFix2.txt 2013-04-08 14:30
.
Vor Suchlauf: 5.543.333.888 Bytes frei
Nach Suchlauf: 7.324.979.200 Bytes frei
.
- - End Of File - - 39D76EE4E93EC87D5ED27DEC23609805
7188A7A9747B3170479FE1B3850FCD15
|
|
17.01.2015, 12:30
| #10 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2015, 18:37
| #11 |
| | Laptop verpilzt Hallo Schrauber, erstens kommt es anders - zweitens als man denkt Malwarebytes war nicht mehr zu starten - habe es neu geladen und installiert, nachdem ich die alte Version erstmal nicht mehr deinstallieren und auch nicht mehr öffnen konnte. Mit der uninst000.exe der neuen Version hats dann geklappt, ich bin aber nicht sicher ob es sich nicht mit Resten des alten vermischt hat, denn in der directory sind immer noch ein paar files des alten Malwarebytes - erkennbar am alten Datum. Zero Ergebnis - aber ich kann das Textfile des Logs nicht erzeugen, weil im Normalmodus das entsprechende Feld nach dem Anzeigen des Logfiles nicht aktiv ist, d.h. anklicken bringt null Reaktion. Im abgesicherten Modus gehts auch nicht. AdwCleaner zeigte auch nichts Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 17/01/2015 um 17:53:01
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dagobert - DAGOBERT-PC
# Gestartet von : C:\Users\Dagobert\Desktop\AdwCleaner_4.108.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Convesoft
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v24.6.0 (de)
[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-tab", false);
[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-win", false);
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [940 octets] - [17/01/2015 17:53:01]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [999 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dagobert on 17.01.2015 at 18:15:02,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Dagobert\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\prefs.js
user_pref("pttl.menu-search-groups-tab", false);
user_pref("pttl.menu-search-groups-win", false);
Emptied folder: C:\Users\Dagobert\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2015 at 18:18:02,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich bin ratlos Grüße Mischa |
|
17.01.2015, 23:31
| #12 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt Das frische FRST log fehlt noch.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 18:23
| #13 |
| | Laptop verpilzt Sorry - im Eifer des Gefechts vergessen FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01
Ran by Dagobert (administrator) on DAGOBERT-PC on 18-01-2015 18:18:45
Running from C:\Users\Dagobert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XH2K1DG
Loaded Profiles: Dagobert (Available profiles: Dagobert)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)
HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis)
HKLM\...\Run: [UIExec] => C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE ()
Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> DefaultScope {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: HTTPS-Everywhere - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-23]
FF Extension: Cookie Monster - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-23]
FF Extension: DownloadHelper - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-23]
FF Extension: JonDoFox - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19]
FF Extension: NoScript - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19]
FF Extension: Adblock Plus - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google-Suche) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Security Plus) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2014-12-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Ghostery) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis)
S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-07-04] (Acronis)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [547968 2012-06-14] (SEIKO EPSON CORPORATION)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]
S2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-25] (NewTech Infosystems, Inc.) [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-07-04] (Acronis)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Bulk3052i; System32\Drivers\Bulk3052.sys [X]
S3 catchme; \??\C:\Users\Dagobert\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pmem; \??\C:\Users\Dagobert\AppData\Local\Temp\_MEI11282\drivers\winpmem32.sys [X]
S2 pmp3052v; System32\Drivers\pmp3052v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 18:18 - 2015-01-17 18:18 - 00000983 _____ () C:\Users\Dagobert\Desktop\JRT.txt
2015-01-17 18:14 - 2015-01-17 18:14 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 18:10 - 2015-01-17 18:12 - 01707939 _____ (Thisisu) C:\Users\Dagobert\Desktop\JRT.exe
2015-01-17 17:52 - 2015-01-17 17:55 - 00000000 ____D () C:\AdwCleaner
2015-01-17 17:51 - 2015-01-17 17:51 - 02186752 _____ () C:\Users\Dagobert\Desktop\AdwCleaner_4.108.exe
2015-01-17 15:21 - 2015-01-17 17:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 15:21 - 2015-01-17 15:21 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-01-17 15:21 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 15:21 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 15:21 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 14:14 - 2015-01-17 14:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dagobert\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 20:37 - 2015-01-16 20:37 - 00010805 _____ () C:\ComboFix.txt
2015-01-16 16:43 - 2015-01-16 18:33 - 00000000 ____D () C:\OETemp
2015-01-16 16:29 - 2015-01-16 16:29 - 05609736 ____R (Swearware) C:\Users\Dagobert\Downloads\ComboFix.exe
2015-01-15 21:27 - 2015-01-15 21:27 - 05609736 ____R (Swearware) C:\Users\Dagobert\Desktop\ComboFix.exe
2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\HomeMedia
2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\CyberLink
2015-01-13 20:25 - 2015-01-13 20:25 - 00000013 _____ () C:\Users\Dagobert\Desktop\Michael\Documents\o2 Telefonnummer.txt
2015-01-13 20:23 - 2008-01-24 03:25 - 00192512 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll
2015-01-13 14:03 - 2015-01-13 15:46 - 00000000 ____D () C:\Users\Dagobert\Desktop\mbar
2015-01-13 14:02 - 2015-01-13 14:03 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dagobert\Downloads\mbar-1.08.2.1001.exe
2015-01-12 20:03 - 2015-01-12 20:03 - 00000000 ____D () C:\Dagobert
2015-01-12 17:30 - 2015-01-12 17:31 - 00033279 _____ () C:\Users\Dagobert\Desktop\Addition.txt
2015-01-12 17:29 - 2015-01-18 18:18 - 00000000 ____D () C:\FRST
2015-01-12 17:29 - 2015-01-12 17:31 - 00028647 _____ () C:\Users\Dagobert\Desktop\FRST.txt
2015-01-11 13:58 - 2015-01-11 15:55 - 00000000 ____D () C:\EEK
2015-01-11 11:47 - 2015-01-11 11:54 - 00002303 _____ () C:\rapport.txt
2015-01-10 21:07 - 2015-01-10 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox(29)
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 17:18 - 2013-03-23 13:31 - 03770140 _____ () C:\Windows\PFRO.log
2015-01-18 17:16 - 2013-03-23 10:27 - 01716500 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 17:16 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-18 17:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 17:15 - 2010-05-22 23:22 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Skype
2015-01-18 16:49 - 2014-02-21 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 16:48 - 2014-07-16 12:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 16:39 - 2011-03-10 19:59 - 00000000 ___RD () C:\Users\Dagobert\Desktop\Michael
2015-01-18 15:02 - 2014-07-16 12:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 01:34 - 2013-03-23 04:22 - 00000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat
2015-01-16 20:37 - 2013-04-08 14:36 - 00000000 ____D () C:\Qoobox
2015-01-16 20:34 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 20:26 - 2010-04-03 14:56 - 00000000 ____D () C:\Users\Dagobert
2015-01-16 18:36 - 2012-07-11 10:59 - 00000000 ____D () C:\ProgramData\Avira
2015-01-16 15:52 - 2014-07-16 12:32 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 21:22 - 2013-04-04 23:35 - 00000000 ____D () C:\Program Files\Virusbefall Helpkit
2015-01-14 16:49 - 2013-02-26 21:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 16:49 - 2013-02-26 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 15:46 - 2014-07-20 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-13 02:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-13 02:20 - 2006-11-02 11:22 - 47448064 _____ () C:\Windows\system32\config\software_previous
2015-01-13 02:20 - 2006-11-02 11:22 - 30932992 _____ () C:\Windows\system32\config\components_previous
2015-01-13 02:20 - 2006-11-02 11:22 - 19398656 _____ () C:\Windows\system32\config\system_previous
2015-01-13 02:20 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-01-13 02:19 - 2014-07-20 13:18 - 00000000 ____D () C:\Users\Dagobert\Mbam Anti Rootkit
2015-01-13 02:19 - 2014-07-16 14:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-13 02:19 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 02:19 - 2012-06-26 21:17 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\vlc
2015-01-13 02:19 - 2011-10-19 17:31 - 00000000 ____D () C:\Program Files\1&1 Surf-Stick
2015-01-13 02:19 - 2010-04-03 15:20 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\PlayMovie
2015-01-13 02:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-01-11 13:17 - 2010-06-19 23:45 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\VSO
2015-01-11 06:17 - 2012-08-23 23:08 - 00482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache
2015-01-11 06:17 - 2012-08-23 23:07 - 00233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache
2014-12-25 14:31 - 2014-06-15 12:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\Adobe
==================== Files in the root of some directories =======
2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link
2012-08-13 10:08 - 2012-08-13 10:08 - 0014217 _____ () C:\Program Files\readme.html
2012-08-13 10:08 - 2012-08-13 10:08 - 0013944 _____ () C:\Program Files\readme.txt
2010-04-03 23:00 - 2014-08-25 13:49 - 0002596 _____ () C:\Users\Dagobert\AppData\Roaming\wklnhst.dat
2012-08-23 23:07 - 2015-01-11 06:17 - 0233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache
2012-08-23 23:08 - 2015-01-11 06:17 - 0482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache
2013-03-23 04:22 - 2015-01-18 01:34 - 0000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat
2012-02-04 21:19 - 2014-03-13 17:51 - 0005120 _____ () C:\Users\Dagobert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-10 15:59 - 2011-07-10 15:59 - 0000036 _____ () C:\Users\Dagobert\AppData\Local\housecall.guid.cache
2010-05-22 23:33 - 2010-05-22 23:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Dagobert\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-18 17:33
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015 01
Ran by Dagobert at 2015-01-18 18:20:01
Running from C:\Users\Dagobert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XH2K1DG
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1&1 Surf-Stick (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)
Acronis*True*Image*Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Benutzerhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Useg) (Version: - )
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Cisco WebEx Meetings (HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EKEN PC Driver (HKLM\...\InstallShield_{73861999-F41B-4DCE-8984-30BB3DD6EF12}) (Version: 1.0.1.0 - SunPlus)
EKEN PC Driver (Version: 1.0.1.0 - SunPlus) Hidden
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.50.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Jitsi (HKLM\...\{BB36EA7B-6361-40AD-A628-C63012FA3909}) (Version: 1.0.0.0 - Jitsi)
Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 24.6.0 (x86 de) (HKLM\...\Mozilla Firefox 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Netzwerkhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Netg) (Version: - )
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8625 - TeamViewer GmbH)
Tradesignal Web Edition (HKLM\...\{BF8C49DF-64D5-459A-8790-69479C60F49B}) (Version: 5.6.409 - Tradesignal GmbH)
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Image Resizer 4.0.0.30 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.30 - VSO-Software)
Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
==================== Restore Points =========================
08-01-2015 12:42:15 Geplanter Prüfpunkt
13-01-2015 02:10:52 Wiederherstellungsvorgang
16-01-2015 18:49:54 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-04-08 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
|
|
18.01.2015, 21:28
| #14 |
| /// the machine /// TB-Ausbilder | Laptop verpilzt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2015, 22:11
| #15 |
| | Laptop verpilzt Hallo Schrauber, Sorry für die Tage ohne response, musste beruflich weg und konnte mir nicht die Zeit abzwacken die Sachn zu erledigen. Aber jetzt: 1. Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Dagobert at 2015-01-25 17:19:28 Run:1
Running from C:\Users\Dagobert\Desktop
Loaded Profiles: Dagobert (Available profiles: Dagobert)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Emptytemp:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
==== End of Fixlog 17:19:28 ====
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=743ccfa51c0996499d69f170935e82b4
# engine=22136
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-25 07:45:55
# local_time=2015-01-25 08:45:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 21554999 259747882 0 0
# scanned=273050
# found=8
# cleaned=0
# scan_time=11769
sh=C370A47FB59FF2A33ABB8B4BC34A4226C90041E0 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dagobert\Desktop\Michael\wz185gev-32.msi"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"
sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"
sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"
sh=375BEE5BC7F611D6E62E55887B3EBB1D5A5E2A44 ft=1 fh=5a0cf1bb36df12c0 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\Zone Labs\ZoneAlarm\zlsSetup_70_470_000_en.exe"
sh=3E9C132E0E3CE20A88D25F8B13F4E30C016DBAC2 ft=1 fh=054a16d40353ce25 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\Zone Labs\ZoneAlarm\zlsSetup_70_483_000_en.exe"
sh=ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4 ft=1 fh=9a6331ae9cd907c8 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL"
sh=3601943AF517F1EEE5696B7ACCE323E582B2FDCD ft=1 fh=7e18e4f818129376 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 65
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.296
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Firefox 24.6.0 Firefox out of Date!
Google Chrome (39.0.2171.99)
Google Chrome (40.0.2214.91)
````````Process Check: objlist.exe by Laurent````````
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Freundliche Grüße Mischa |
|
| Themen zu Laptop verpilzt |
| abgesicherten, adresse, angeblich, befall, curser, dateien, einzelne, gelaufen, gelöscht, java, langsam, laptop, löschen, malwarebytes, min, modus, netzwerk, neues, nicht mehr, nichts, quarantäne, spam, tool, total, virus, virus total |
Linear-Darstellung
