| |
| |||||||
Log-Analyse und Auswertung: Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.01.2015, 15:57
| #1 |
 |  Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hallo lieber Helfer , habe seit ein paar Tagen immer wieder , egal mit welchem Programm ich arbeite, Musik und/oder Sportnachrichten , Prominachrichten etc.. im Hintergrund. Da ich nicht gut bewandert bin mit solchen Sachen , bitte ich Sie/Dich mir zu helfen. Habe versucht die checkliste die im Board beschrieben steht abzuarbeiten. Hoffe das ich alles richtig gemacht habe. Gruß und schon mal Danke Warlord |
|
19.01.2015, 16:05
| #2 |
| /// the machine /// TB-Ausbilder    | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.01.2015, 17:22
| #3 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Ok sorry
__________________wie gesagt bin ich keine große Computerleuchte Schau mal obs so richtig ist Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:14 on 19/01/2015 (Florianxxxxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Florianxxxxx (administrator) on FLORIANxxxxxxMA on 19-01-2015 15:19:14
Running from I:\Downloads
Loaded Profiles: UpdatusUser & Florianxxxxx (Available profiles: UpdatusUser & Florianxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
() C:\Users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Florianxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-02] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink)
HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-27] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2837197548-3389339762-311286345-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2837197548-3389339762-311286345-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> {B9DC5AB1-0C72-4353-9965-65DA3DDCAEE2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129
FireFox:
========
FF ProfilePath: C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: aol.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WebSec Fox - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\anti@fish-fox.com [2014-12-04]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\pavel.sherbakov@gmail.com [2015-01-09]
FF Extension: Speed Dial - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-04]
FF Extension: Adblock Plus - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-04]
FF Extension: BetterPrivacy - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-12-04]
FF HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
S3 Origin Client Service; I:\FIFA13\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 Verifies and fixes application compatibility issues; C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 OpenService; C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-20] (Disc Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-09-11] (Seiko Epson Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 15:19 - 2015-01-19 15:19 - 00000000 ____D () C:\FRST
2015-01-19 15:14 - 2015-01-19 15:15 - 00000488 _____ () C:\Users\Florianxxxx\Desktop\defogger_disable.log
2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 _____ () C:\Users\Florianxxxxx\defogger_reenable
2015-01-19 09:56 - 2015-01-19 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 11:38 - 2015-01-14 11:38 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-01-14 11:38 - 2015-01-14 11:38 - 00003176 _____ () C:\Windows\system32\persistent_q.db-wal
2015-01-14 11:38 - 2015-01-14 11:38 - 00001024 _____ () C:\Windows\system32\persistent_q.db
2015-01-14 07:21 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:20 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:18 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:18 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:18 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:18 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:18 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:18 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:18 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 08:09 - 2015-01-19 14:51 - 00000112 _____ () C:\ProgramData\2q7dX8.dat
2015-01-09 14:44 - 2015-01-09 14:45 - 00001340 _____ () C:\DelFix.txt
2015-01-09 09:50 - 2015-01-09 09:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-08 20:35 - 2015-01-08 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 20:26 - 2015-01-08 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-08 16:10 - 2015-01-08 16:16 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 16:10 - 2015-01-08 16:10 - 00000332 _____ () C:\Start_.cmd
2015-01-08 15:57 - 2015-01-09 14:44 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 15:16 - 2015-01-08 20:35 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 15:16 - 2015-01-08 20:35 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 15:16 - 2015-01-08 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-08 15:16 - 2015-01-08 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 15:16 - 2015-01-08 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-08 15:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 14:07 - 2010-03-08 11:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxx\AppData\Local\EmieUserList
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxx\AppData\Local\EmieSiteList
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxx\AppData\Local\EmieBrowserModeList
2015-01-08 06:33 - 2015-01-08 06:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 06:32 - 2015-01-19 07:56 - 00000000 ____D () C:\Users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier
2014-12-24 12:36 - 2014-12-24 13:13 - 00000000 ____D () C:\ProgramData\FarmFrenzy3
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GT Interactive
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Program Files (x86)\GT Interactive
2014-12-21 19:46 - 2014-12-21 19:52 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Local\Bluestacks
2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-21 19:41 - 2014-12-21 19:42 - 00000000 ____D () C:\Users\Florianxxxxx\Documents\Command and Conquer Generals Data
2014-12-21 16:19 - 2014-12-21 16:23 - 00000000 ____D () C:\Users\Florianxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 14:05 - 2014-12-20 14:05 - 00018476 _____ () C:\Windows\moraff.set
2014-12-20 14:05 - 2014-12-20 14:05 - 00000000 ____D () C:\Moraff
2014-12-20 13:51 - 2014-12-20 14:04 - 00000000 ____D () C:\Users\Florianxxxxx\AppData\Roaming\DAEMON Tools Lite
2014-12-20 13:51 - 2014-12-20 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-12-20 13:51 - 2014-12-20 13:51 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-12-20 13:51 - 2014-12-20 13:51 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-12-20 13:50 - 2014-12-20 14:04 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 15:14 - 2014-12-04 16:00 - 00000000 ____D () C:\Users\Florianxxxxx
2015-01-19 14:21 - 2013-01-22 08:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 12:07 - 2014-12-04 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 10:01 - 2014-12-04 15:56 - 01951653 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 09:47 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-19 09:47 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-19 09:47 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 06:54 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 06:54 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 06:47 - 2014-12-04 15:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-19 06:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 06:46 - 2009-07-14 05:51 - 00149208 _____ () C:\Windows\setupact.log
2015-01-14 19:43 - 2014-12-04 17:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:43 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:07 - 2014-12-04 16:02 - 00000000 ____D () C:\Users\Florianxxxx\AppData\Roaming\Adobe
2015-01-14 07:22 - 2013-01-22 08:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 07:22 - 2012-07-13 09:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 07:22 - 2012-07-13 09:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 14:48 - 2014-12-04 17:39 - 00000000 ____D () C:\Users\Florianxxxxx\AppData\Local\Adobe
2015-01-09 12:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 20:34 - 2014-12-04 16:56 - 00000000 ___RD () C:\Users\Florianxxxx\Desktop\Programme
2015-01-08 16:22 - 2010-11-21 04:47 - 00231752 _____ () C:\Windows\PFRO.log
2015-01-08 16:16 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-08 14:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 20:37 - 2014-12-04 16:39 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-01-01 14:19 - 2014-12-07 09:39 - 00000000 ___RD () C:\Users\Florianxxxx\Desktop\Schule
2014-12-27 12:40 - 2014-12-11 17:02 - 00000000 ____D () C:\ProgramData\Origin
2014-12-27 12:39 - 2014-12-11 17:23 - 00000000 ____D () C:\Users\Florianxxxxx\Documents\FIFA 13
2014-12-27 10:50 - 2014-12-05 17:08 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-27 10:33 - 2014-12-04 16:19 - 00004170 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-12-27 10:33 - 2014-12-04 16:19 - 00003522 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-12-27 10:33 - 2014-12-04 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-12-26 18:45 - 2014-12-04 19:04 - 00000000 ____D () C:\Users\Florianxxxx\AppData\Roaming\vlc
2014-12-26 11:16 - 2013-01-21 16:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-24 09:24 - 2014-12-09 16:54 - 00000000 ___RD () C:\Users\Florianxxxx\Desktop\FOTOS
2014-12-22 06:12 - 2009-07-14 06:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-20 14:06 - 2014-12-04 17:07 - 00000000 ___RD () C:\Users\Florianxxxxx\Desktop\Spiele
2014-12-20 13:11 - 2014-12-06 18:43 - 00000000 ____D () C:\ProgramData\FarmFrenzy3_Russia
==================== Files in the root of some directories =======
2015-01-13 08:09 - 2015-01-19 14:51 - 0000112 _____ () C:\ProgramData\2q7dX8.dat
2014-12-06 14:48 - 2014-12-06 14:48 - 0001534 _____ () C:\ProgramData\ss.ini
Files to move or delete:
====================
C:\ProgramData\2q7dX8.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-06 16:38
==================== End Of Log ============================
--- --- --- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-19 15:46:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC4G 931,51GB
Running: zs694nfh.exe; Driver: C:\Users\FLORIA~1\AppData\Local\Temp\kfadrpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80003df3000 45 bytes [00, 00, 09, 02, 4B, 4C, 73, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff80003df302f 16 bytes [00, 60, 97, 5B, 0B, 80, FA, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4176] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[9528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b011f5 8 bytes {JMP 0xd}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b01390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b0143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b0158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b0191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b01b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b01bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b01d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b01eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b01edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b01f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b01fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b01fd7 8 bytes {JMP 0xb}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b02272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b02301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b02792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b027d2 8 bytes {JMP 0x10}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b0282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b02890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b02d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b02d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b03023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b0323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b033c0 16 bytes {JMP 0x4e}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b03a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b03ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b03b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b03d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b04190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077b51380 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077b51500 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b51530 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b51650 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51700 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d30 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b51f80 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b527e0 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8580] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b011f5 8 bytes {JMP 0xd}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b01390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b0143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b0158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b0191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b01b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b01bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b01d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b01eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b01edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b01f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b01fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b01fd7 8 bytes {JMP 0xb}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b02272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b02301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b02792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b027d2 8 bytes {JMP 0x10}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b0282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b02890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b02d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b02d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b03023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b0323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b033c0 16 bytes {JMP 0x4e}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b03a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b03ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b03b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b03d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b04190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077b51380 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077b51500 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b51530 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b51650 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51700 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d30 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b51f80 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b527e0 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b011f5 8 bytes {JMP 0xd}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b01390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b0143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b0158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b0191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b01b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b01bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b01d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b01eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b01edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b01f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b01fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b01fd7 8 bytes {JMP 0xb}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b02272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b02301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b02792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b027d2 8 bytes {JMP 0x10}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b0282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b02890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b02d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b02d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b03023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b0323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b033c0 16 bytes {JMP 0x4e}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b03a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b03ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b03b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b03d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b04190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077b51380 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077b51500 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b51530 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b51650 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51700 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d30 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b51f80 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b527e0 8 bytes JMP 3f3f3f3f
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe[4452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077b011f5 8 bytes {JMP 0xd}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077b01390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077b0143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077b0158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077b0191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077b01b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077b01bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077b01d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077b01eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077b01edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077b01f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077b01fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077b01fd7 8 bytes {JMP 0xb}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077b02272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077b02301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077b02792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077b027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077b027d2 8 bytes {JMP 0x10}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077b0282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077b02890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077b02d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077b02d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077b03023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077b0323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077b033c0 16 bytes {JMP 0x4e}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077b03a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077b03ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077b03b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077b03d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077b04190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077b51380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077b51500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b51530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b51650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b51f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b527e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007367146b 8 bytes {JMP 0xffffffffffffffb0}
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000736716e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073671a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073671a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073671a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text I:\Downloads\zs694nfh.exe[9560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073671a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [708:2168] 000007fef81384d8
Thread C:\Windows\system32\svchost.exe [708:2268] 000007fef80f23a8
Thread C:\Windows\system32\svchost.exe [708:2340] 000007fef8170d00
Thread C:\Windows\system32\svchost.exe [708:2348] 000007fef7d69498
Thread C:\Windows\system32\svchost.exe [708:4372] 000007fef445506c
Thread C:\Windows\system32\svchost.exe [708:4376] 000007fef7c21c20
Thread C:\Windows\system32\svchost.exe [708:4380] 000007fef7c21c20
Thread C:\Windows\system32\svchost.exe [708:9516] 000007fef4434164
Thread C:\Windows\system32\svchost.exe [708:8732] 000007fefb051ab0
Thread C:\Windows\system32\svchost.exe [708:10576] 000007fef5e5e1c4
Thread C:\Windows\system32\svchost.exe [708:6280] 000007fef86e17f8
Thread C:\Windows\system32\svchost.exe [1080:1612] 000007fefbf08274
Thread C:\Windows\system32\svchost.exe [1080:3800] 000007fefbf08274
Thread C:\Windows\system32\svchost.exe [1176:2216] 000007fef7f23f1c
Thread C:\Windows\system32\svchost.exe [1176:2232] 000007fef80c1a38
Thread C:\Windows\system32\svchost.exe [1176:2236] 000007fef7e35388
Thread C:\Windows\system32\svchost.exe [1176:2244] 000007fef7da7738
Thread C:\Windows\system32\svchost.exe [1176:2264] 000007fef7d91f90
Thread C:\Windows\system32\svchost.exe [1176:4124] 000007fef6515170
Thread C:\Windows\System32\spoolsv.exe [1332:3880] 000007fefaae10c8
Thread C:\Windows\System32\spoolsv.exe [1332:3928] 000007fef6ee6144
Thread C:\Windows\System32\spoolsv.exe [1332:3936] 000007fef6775fd0
Thread C:\Windows\System32\spoolsv.exe [1332:3940] 000007fef6f83438
Thread C:\Windows\System32\spoolsv.exe [1332:3944] 000007fef67763ec
Thread C:\Windows\System32\spoolsv.exe [1332:3960] 000007fefab45e5c
Thread C:\Windows\System32\spoolsv.exe [1332:3964] 000007fef6a15074
Thread C:\Windows\System32\spoolsv.exe [1332:4004] 000007fefab1e088
Thread C:\Windows\System32\spoolsv.exe [1332:11452] 000007fefab18230
Thread C:\Windows\System32\spoolsv.exe [1332:9016] 000007fefc012060
Thread C:\Windows\system32\taskhost.exe [3792:1388] 000007fef6515170
Thread C:\Windows\system32\svchost.exe [3464:272] 000007fef6775fd0
Thread C:\Windows\system32\svchost.exe [3464:2368] 000007fef67763ec
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
19.01.2015, 19:56
| #4 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Fehlt noch die Addition.txt von FRST 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2015, 19:59
| #5 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Auh Mann Sry - bin echt zu doof für sowas Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Florianxxxxxxx at 2015-01-08 19:02:54
Running from I:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{4C3B5AEC-2EBE-4BB9-A7E1-F61E3E244465}) (Version: 2.12.0 - Kovid Goyal)
Command and Conquer - Complete German Uncut Edition Deinstallation (HKLM-x32\...\Command and Conquer - Complete German Uncut Edition Deinstallation) (Version: 1.0 - Shadow Eagle)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.5310 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Epson Benutzerhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
FUJIFILM Fotoservice 5.3 (HKLM-x32\...\FujiFilm Fotoservice_is1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GT Interactive - Driver (HKLM-x32\...\GT Interactive - Driver) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Graphics Driver 301.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 4.6.0.6) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.0.6 - Wondershare Software Co.,Ltd.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {42DC8FF4-0908-43E7-8A40-77E6ADDCB398} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMIMHMMJGMIMOJJJCNMJMJIMGMCNLMOJLJKJCNHMNMJJHMCNMMIMPMLMIMJJGMNJLMGMJMMMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMNMJNHICMOMNMLJPMOMJNBJCMJLDJAJNIGJOJBJNKKJGJLIKJNIJNKJCMJNNICMJNDJCMLJKJJNMJCMPMFMOMOMKMFMOMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {54B1B88F-473E-443D-90C6-77B2C9137DAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {8B347801-3BE9-46A3-AD04-02C280073785} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-27] (Siber Systems)
Task: {ACFAD88E-CD5A-4AF3-86C2-7378A040D4CC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA953588-A1BC-43C0-9543-23E4B284C24F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-21 15:38 - 2012-07-10 13:59 - 00085864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-04 19:04 - 2014-11-18 08:02 - 00626688 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-01-08 06:32 - 2014-12-31 16:27 - 00087208 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2015-01-08 06:32 - 2015-01-08 06:36 - 51251880 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-04 19:04 - 2014-12-04 19:04 - 00374272 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\sub\default.dll
2015-01-08 06:32 - 2014-12-30 11:17 - 01360552 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 06:32 - 2014-12-30 11:17 - 00214184 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 06:32 - 2014-12-30 11:17 - 00985768 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 06:32 - 2014-12-15 21:02 - 16827048 _____ () C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-12-04 16:14 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-12-04 16:32 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2837197548-3389339762-311286345-500 - Administrator - Disabled)
Florianxxxxxxx (S-1-5-21-2837197548-3389339762-311286345-1001 - Administrator - Enabled) => C:\Users\Florianxxxxxxx
Gast (S-1-5-21-2837197548-3389339762-311286345-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2837197548-3389339762-311286345-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2015 07:02:56 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 07:02:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 04:11:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80042302).
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Error: (01/08/2015 05:55:22 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 05:55:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2015 04:43:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 04:43:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2015 04:43:37 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 04:43:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 04:43:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/08/2015 04:43:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 04:30:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/08/2015 04:30:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Microsoft Office Sessions:
=========================
Error: (01/08/2015 07:02:56 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 07:02:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 04:11:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/08/2015 04:11:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2015-01-08 16:15:32.587
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-08 16:15:32.509
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-11 20:27:42.061
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:27:42.039
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.573
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.513
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 83%
Total physical RAM: 4077.64 MB
Available physical RAM: 664.99 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 3528.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:819.39 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:33.01 GB) NTFS
Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:301.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FA6E1023)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4C182D31)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
==================== End Of Log ============================
|
|
19.01.2015, 20:44
| #6 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft |
|
20.01.2015, 07:53
| #7 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft hi Danke für die schnelle Hilfe erstmal  Nach dem Scan mit mbar musste nichts gereignet werden. Der computer wurde nicht neu gestartet , daher habe ich keinen zweiten Durchgang gemacht. Hoffe das war richtig Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.20.03
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Florianxxxxxxx :: FLORIANxxxxxxxMA [administrator]
20.01.2015 07:10:22
mbar-log-2015-01-20 (07-10-22).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 398304
Time elapsed: 23 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 07:43:50.0858 0x2bc0 TDSS rootkit removing tool 3.0.0.43 Jan 19 2015 18:43:19
07:44:03.0477 0x2bc0 ============================================================
07:44:03.0477 0x2bc0 Current date / time: 2015/01/20 07:44:03.0477
07:44:03.0477 0x2bc0 SystemInfo:
07:44:03.0478 0x2bc0
07:44:03.0478 0x2bc0 OS Version: 6.1.7601 ServicePack: 1.0
07:44:03.0478 0x2bc0 Product type: Workstation
07:44:03.0478 0x2bc0 ComputerName: FLORIANxxxxxxxMA
07:44:03.0478 0x2bc0 UserName: Florianxxxxxxx
07:44:03.0478 0x2bc0 Windows directory: C:\Windows
07:44:03.0478 0x2bc0 System windows directory: C:\Windows
07:44:03.0478 0x2bc0 Running under WOW64
07:44:03.0478 0x2bc0 Processor architecture: Intel x64
07:44:03.0478 0x2bc0 Number of processors: 4
07:44:03.0478 0x2bc0 Page size: 0x1000
07:44:03.0478 0x2bc0 Boot type: Normal boot
07:44:03.0478 0x2bc0 ============================================================
07:44:06.0069 0x2bc0 KLMD registered as C:\Windows\system32\drivers\40435910.sys
07:44:07.0510 0x2bc0 System UUID: {493787B6-8DB6-0E8B-9B82-70BF6D51BF07}
07:44:08.0578 0x2bc0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:44:08.0615 0x2bc0 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:44:08.0859 0x2bc0 ============================================================
07:44:08.0859 0x2bc0 \Device\Harddisk0\DR0:
07:44:08.0859 0x2bc0 MBR partitions:
07:44:08.0859 0x2bc0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:44:08.0859 0x2bc0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
07:44:08.0859 0x2bc0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
07:44:08.0859 0x2bc0 \Device\Harddisk4\DR4:
07:44:08.0867 0x2bc0 MBR partitions:
07:44:08.0867 0x2bc0 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0x74705980
07:44:08.0867 0x2bc0 ============================================================
07:44:08.0907 0x2bc0 C: <-> \Device\Harddisk0\DR0\Partition2
07:44:08.0937 0x2bc0 D: <-> \Device\Harddisk0\DR0\Partition3
07:44:08.0937 0x2bc0 I: <-> \Device\Harddisk4\DR4\Partition1
07:44:08.0965 0x2bc0 ============================================================
07:44:08.0965 0x2bc0 Initialize success
07:44:08.0965 0x2bc0 ============================================================
07:44:42.0587 0x1fbc ============================================================
07:44:42.0587 0x1fbc Scan started
07:44:42.0587 0x1fbc Mode: Manual; SigCheck; TDLFS;
07:44:42.0587 0x1fbc ============================================================
07:44:42.0587 0x1fbc KSN ping started
07:44:45.0608 0x1fbc KSN ping finished: true
07:44:52.0033 0x1fbc ================ Scan system memory ========================
07:44:52.0033 0x1fbc System memory - ok
07:44:52.0033 0x1fbc ================ Scan services =============================
07:44:53.0205 0x1fbc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:44:53.0767 0x1fbc 1394ohci - ok
07:44:53.0814 0x1fbc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:44:53.0830 0x1fbc ACPI - ok
07:44:53.0868 0x1fbc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:44:53.0981 0x1fbc AcpiPmi - ok
07:44:54.0104 0x1fbc [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:44:54.0123 0x1fbc AdobeARMservice - ok
07:44:54.0288 0x1fbc [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:44:54.0301 0x1fbc AdobeFlashPlayerUpdateSvc - ok
07:44:54.0332 0x1fbc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:44:54.0350 0x1fbc adp94xx - ok
07:44:54.0385 0x1fbc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:44:54.0399 0x1fbc adpahci - ok
07:44:54.0422 0x1fbc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:44:54.0433 0x1fbc adpu320 - ok
07:44:54.0453 0x1fbc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:44:54.0585 0x1fbc AeLookupSvc - ok
07:44:54.0693 0x1fbc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
07:44:54.0848 0x1fbc AFD - ok
07:44:54.0867 0x1fbc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
07:44:54.0879 0x1fbc agp440 - ok
07:44:54.0896 0x1fbc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
07:44:54.0981 0x1fbc ALG - ok
07:44:55.0003 0x1fbc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
07:44:55.0017 0x1fbc aliide - ok
07:44:55.0049 0x1fbc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
07:44:55.0057 0x1fbc amdide - ok
07:44:55.0096 0x1fbc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:44:55.0124 0x1fbc AmdK8 - ok
07:44:55.0148 0x1fbc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:44:55.0166 0x1fbc AmdPPM - ok
07:44:55.0188 0x1fbc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:44:55.0198 0x1fbc amdsata - ok
07:44:55.0251 0x1fbc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:44:55.0262 0x1fbc amdsbs - ok
07:44:55.0280 0x1fbc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:44:55.0288 0x1fbc amdxata - ok
07:44:55.0338 0x1fbc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
07:44:55.0469 0x1fbc AppID - ok
07:44:55.0472 0x1fbc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:44:55.0513 0x1fbc AppIDSvc - ok
07:44:55.0600 0x1fbc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
07:44:55.0686 0x1fbc Appinfo - ok
07:44:55.0774 0x1fbc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
07:44:55.0786 0x1fbc arc - ok
07:44:55.0802 0x1fbc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:44:55.0811 0x1fbc arcsas - ok
07:44:55.0836 0x1fbc [ D6D2BB2F4F5868549DDE75F3146BC84E, FE2965649FF62696D30A4A7C377064EA2A27F03511DAF781913AA055A5FED323 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
07:44:55.0926 0x1fbc asmthub3 - ok
07:44:55.0997 0x1fbc [ 1E758172367DC2A3653F16586D62A3F0, 5395781F2B71CD9050F6CF75779D661F98E816A263ABA51153D14E21B73D4BC4 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
07:44:56.0096 0x1fbc asmtxhci - ok
07:44:56.0669 0x1fbc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:44:56.0833 0x1fbc aspnet_state - ok
07:44:56.0877 0x1fbc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:44:56.0930 0x1fbc AsyncMac - ok
07:44:57.0003 0x1fbc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
07:44:57.0012 0x1fbc atapi - ok
07:44:57.0072 0x1fbc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:44:57.0196 0x1fbc AudioEndpointBuilder - ok
07:44:57.0232 0x1fbc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:44:57.0263 0x1fbc AudioSrv - ok
07:44:57.0321 0x1fbc [ 058734C95991F6BEBF3D3075B8776234, D94A0E5893723C0F30D8215F001039AE9D903BF8EC3782D9583DEFD9B304B0CA ] AVP15.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
07:44:57.0334 0x1fbc AVP15.0.0 - ok
07:44:57.0393 0x1fbc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:44:57.0477 0x1fbc AxInstSV - ok
07:44:57.0504 0x1fbc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:44:57.0590 0x1fbc b06bdrv - ok
07:44:57.0650 0x1fbc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:44:57.0709 0x1fbc b57nd60a - ok
07:44:57.0747 0x1fbc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
07:44:57.0830 0x1fbc BDESVC - ok
07:44:57.0918 0x1fbc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
07:44:57.0958 0x1fbc Beep - ok
07:44:58.0030 0x1fbc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
07:44:58.0121 0x1fbc BFE - ok
07:44:58.0151 0x1fbc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
07:44:58.0325 0x1fbc BITS - ok
07:44:58.0360 0x1fbc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:44:58.0428 0x1fbc blbdrive - ok
07:44:58.0490 0x1fbc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:44:58.0538 0x1fbc bowser - ok
07:44:58.0575 0x1fbc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:44:58.0796 0x1fbc BrFiltLo - ok
07:44:58.0838 0x1fbc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:44:58.0859 0x1fbc BrFiltUp - ok
07:44:58.0931 0x1fbc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:44:58.0965 0x1fbc BridgeMP - ok
07:44:59.0038 0x1fbc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
07:44:59.0064 0x1fbc Browser - ok
07:44:59.0080 0x1fbc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:44:59.0163 0x1fbc Brserid - ok
07:44:59.0182 0x1fbc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:44:59.0195 0x1fbc BrSerWdm - ok
07:44:59.0214 0x1fbc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:44:59.0245 0x1fbc BrUsbMdm - ok
07:44:59.0270 0x1fbc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:44:59.0287 0x1fbc BrUsbSer - ok
07:44:59.0354 0x1fbc [ FE2EB0B2A4128251E0B8E3DAA86267B5, C666AD4D7A77BAD9BB6461A0FF099F07F404467901B1532F7734BD904B5BC992 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
07:44:59.0372 0x1fbc BstHdAndroidSvc - ok
07:44:59.0421 0x1fbc [ DD275B81B72C41DA26BECCBFB131B17B, DFCB2A1246EFF6186F8D1D88D25390DA310EC3AC021EE6AE5551C8D684022CF6 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
07:44:59.0431 0x1fbc BstHdDrv - ok
07:44:59.0515 0x1fbc [ 721B05BF298C2F96BDDEA8DD2CCF66A4, 2AA3528B1E22654A41EE8659D1802B962BF5F80C4993F902DF4BD79C7F7B0FE9 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
07:44:59.0540 0x1fbc BstHdLogRotatorSvc - ok
07:44:59.0570 0x1fbc [ E5CC74B9B4369DF42D3895D45B0EC062, C870736A85EA9F170163C8DABB7335CADEA525302CAF2C4575BD659B462D34B6 ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
07:44:59.0595 0x1fbc BstHdUpdaterSvc - ok
07:44:59.0620 0x1fbc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:44:59.0638 0x1fbc BTHMODEM - ok
07:44:59.0659 0x1fbc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
07:44:59.0695 0x1fbc bthserv - ok
07:44:59.0733 0x1fbc catchme - ok
07:44:59.0762 0x1fbc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:44:59.0801 0x1fbc cdfs - ok
07:44:59.0822 0x1fbc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:44:59.0844 0x1fbc cdrom - ok
07:44:59.0890 0x1fbc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
07:44:59.0930 0x1fbc CertPropSvc - ok
07:44:59.0951 0x1fbc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
07:44:59.0963 0x1fbc circlass - ok
07:44:59.0978 0x1fbc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
07:44:59.0994 0x1fbc CLFS - ok
07:45:00.0087 0x1fbc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:45:00.0113 0x1fbc clr_optimization_v2.0.50727_32 - ok
07:45:00.0133 0x1fbc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:45:00.0153 0x1fbc clr_optimization_v2.0.50727_64 - ok
07:45:00.0226 0x1fbc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:45:00.0309 0x1fbc clr_optimization_v4.0.30319_32 - ok
07:45:00.0336 0x1fbc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:45:00.0448 0x1fbc clr_optimization_v4.0.30319_64 - ok
07:45:00.0461 0x1fbc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
07:45:00.0484 0x1fbc CmBatt - ok
07:45:00.0491 0x1fbc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:45:00.0499 0x1fbc cmdide - ok
07:45:00.0530 0x1fbc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
07:45:00.0562 0x1fbc CNG - ok
07:45:00.0577 0x1fbc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:45:00.0584 0x1fbc Compbatt - ok
07:45:00.0601 0x1fbc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:45:00.0631 0x1fbc CompositeBus - ok
07:45:00.0637 0x1fbc COMSysApp - ok
07:45:00.0654 0x1fbc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:45:00.0661 0x1fbc crcdisk - ok
07:45:00.0678 0x1fbc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:45:00.0751 0x1fbc CryptSvc - ok
07:45:00.0923 0x1fbc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:45:00.0961 0x1fbc DcomLaunch - ok
07:45:01.0008 0x1fbc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
07:45:01.0071 0x1fbc defragsvc - ok
07:45:01.0077 0x1fbc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:45:01.0117 0x1fbc DfsC - ok
07:45:01.0147 0x1fbc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:45:01.0274 0x1fbc Dhcp - ok
07:45:01.0278 0x1fbc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
07:45:01.0317 0x1fbc discache - ok
07:45:01.0339 0x1fbc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
07:45:01.0347 0x1fbc Disk - ok
07:45:01.0372 0x1fbc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:45:01.0435 0x1fbc Dnscache - ok
07:45:01.0464 0x1fbc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
07:45:01.0501 0x1fbc dot3svc - ok
07:45:01.0531 0x1fbc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
07:45:01.0560 0x1fbc DPS - ok
07:45:01.0587 0x1fbc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:45:01.0620 0x1fbc drmkaud - ok
07:45:01.0663 0x1fbc [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:45:01.0677 0x1fbc dtsoftbus01 - ok
07:45:01.0709 0x1fbc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:45:01.0739 0x1fbc DXGKrnl - ok
07:45:01.0763 0x1fbc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
07:45:01.0798 0x1fbc EapHost - ok
07:45:01.0903 0x1fbc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:45:02.0044 0x1fbc ebdrv - ok
07:45:02.0088 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
07:45:02.0163 0x1fbc EFS - ok
07:45:02.0344 0x1fbc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:45:02.0430 0x1fbc ehRecvr - ok
07:45:02.0448 0x1fbc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
07:45:02.0470 0x1fbc ehSched - ok
07:45:02.0510 0x1fbc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:45:02.0531 0x1fbc elxstor - ok
07:45:02.0554 0x1fbc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:45:02.0576 0x1fbc ErrDev - ok
07:45:02.0614 0x1fbc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
07:45:02.0650 0x1fbc EventSystem - ok
07:45:02.0681 0x1fbc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
07:45:02.0719 0x1fbc exfat - ok
07:45:02.0741 0x1fbc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:45:02.0773 0x1fbc fastfat - ok
07:45:02.0800 0x1fbc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
07:45:02.0854 0x1fbc Fax - ok
07:45:02.0876 0x1fbc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
07:45:02.0916 0x1fbc fdc - ok
07:45:02.0923 0x1fbc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
07:45:02.0953 0x1fbc fdPHost - ok
07:45:02.0965 0x1fbc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
07:45:02.0997 0x1fbc FDResPub - ok
07:45:03.0007 0x1fbc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:45:03.0016 0x1fbc FileInfo - ok
07:45:03.0024 0x1fbc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:45:03.0073 0x1fbc Filetrace - ok
07:45:03.0085 0x1fbc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:45:03.0094 0x1fbc flpydisk - ok
07:45:03.0111 0x1fbc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:45:03.0125 0x1fbc FltMgr - ok
07:45:03.0168 0x1fbc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
07:45:03.0267 0x1fbc FontCache - ok
07:45:03.0315 0x1fbc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:45:03.0336 0x1fbc FontCache3.0.0.0 - ok
07:45:03.0348 0x1fbc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:45:03.0365 0x1fbc FsDepends - ok
07:45:03.0393 0x1fbc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:45:03.0414 0x1fbc Fs_Rec - ok
07:45:03.0447 0x1fbc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:45:03.0463 0x1fbc fvevol - ok
07:45:03.0489 0x1fbc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:45:03.0501 0x1fbc gagp30kx - ok
07:45:03.0531 0x1fbc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
07:45:03.0585 0x1fbc gpsvc - ok
07:45:03.0616 0x1fbc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:45:03.0676 0x1fbc hcw85cir - ok
07:45:03.0699 0x1fbc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:45:03.0737 0x1fbc HdAudAddService - ok
07:45:03.0802 0x1fbc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:45:03.0822 0x1fbc HDAudBus - ok
07:45:03.0832 0x1fbc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:45:03.0853 0x1fbc HidBatt - ok
07:45:03.0870 0x1fbc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:45:03.0888 0x1fbc HidBth - ok
07:45:03.0905 0x1fbc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
07:45:03.0918 0x1fbc HidIr - ok
07:45:03.0927 0x1fbc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
07:45:03.0964 0x1fbc hidserv - ok
07:45:03.0994 0x1fbc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:45:04.0039 0x1fbc HidUsb - ok
07:45:04.0054 0x1fbc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:45:04.0090 0x1fbc hkmsvc - ok
07:45:04.0116 0x1fbc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:45:04.0179 0x1fbc HomeGroupListener - ok
07:45:04.0201 0x1fbc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:45:04.0233 0x1fbc HomeGroupProvider - ok
07:45:04.0254 0x1fbc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:45:04.0265 0x1fbc HpSAMD - ok
07:45:04.0305 0x1fbc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:45:04.0354 0x1fbc HTTP - ok
07:45:04.0383 0x1fbc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:45:04.0393 0x1fbc hwpolicy - ok
07:45:04.0416 0x1fbc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:45:04.0429 0x1fbc i8042prt - ok
07:45:04.0442 0x1fbc [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
07:45:04.0459 0x1fbc iaStor - ok
07:45:04.0510 0x1fbc [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:45:04.0526 0x1fbc IAStorDataMgrSvc - ok
07:45:04.0541 0x1fbc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:45:04.0557 0x1fbc iaStorV - ok
07:45:04.0639 0x1fbc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:45:04.0697 0x1fbc idsvc - ok
07:45:04.0734 0x1fbc IEEtwCollectorService - ok
07:45:04.0877 0x1fbc [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:45:05.0142 0x1fbc igfx - ok
07:45:05.0170 0x1fbc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:45:05.0178 0x1fbc iirsp - ok
07:45:05.0300 0x1fbc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
07:45:05.0371 0x1fbc IKEEXT - ok
07:45:05.0491 0x1fbc [ 21F54139C93FC595902B58ED947D47D5, B48FA18BD273AAB965C06D9F6F74EC7A8D318411293E06B407A38AC4A31E3F02 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:45:05.0663 0x1fbc IntcAzAudAddService - ok
07:45:05.0683 0x1fbc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
07:45:05.0683 0x1fbc intelide - ok
07:45:05.0726 0x1fbc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:45:05.0740 0x1fbc intelppm - ok
07:45:05.0760 0x1fbc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:45:05.0790 0x1fbc IPBusEnum - ok
07:45:05.0811 0x1fbc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:45:05.0841 0x1fbc IpFilterDriver - ok
07:45:07.0012 0x1fbc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:45:07.0131 0x1fbc iphlpsvc - ok
07:45:07.0157 0x1fbc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:45:07.0242 0x1fbc IPMIDRV - ok
07:45:07.0247 0x1fbc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:45:07.0303 0x1fbc IPNAT - ok
07:45:07.0322 0x1fbc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:45:07.0354 0x1fbc IRENUM - ok
07:45:07.0494 0x1fbc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:45:07.0519 0x1fbc isapnp - ok
07:45:07.0615 0x1fbc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:45:07.0672 0x1fbc iScsiPrt - ok
07:45:07.0693 0x1fbc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:45:07.0704 0x1fbc kbdclass - ok
07:45:07.0742 0x1fbc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:45:07.0775 0x1fbc kbdhid - ok
07:45:07.0805 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
07:45:07.0825 0x1fbc KeyIso - ok
07:45:07.0911 0x1fbc [ 67D1F7FA1DF9502DE12027D7C7782863, BCB92C1C11A7576FD7E91B160CBC3FB5A0C31FE028305021D7C10EC40C4D5013 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
07:45:07.0924 0x1fbc KL1 - ok
07:45:07.0944 0x1fbc [ 2A88EFE87B5F23BA47FF7AF2DEAEB98F, 8D702249A462F8A233B594DF1B7C843A2C90F8A0D4FA7358B096020FF2C3E115 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
07:45:07.0954 0x1fbc klflt - ok
07:45:08.0019 0x1fbc [ 7ED6B6805B3E1BC9DC2418F1C5C920B4, 7FF90C32C95E2141A3D3B378DDE8035C8C6EB811C087A9AF7D20C735CB74142A ] klhk C:\Windows\system32\DRIVERS\klhk.sys
07:45:08.0029 0x1fbc klhk - ok
07:45:08.0105 0x1fbc [ CD81447AB991F3E7F1FCF59CEA07D1E0, FB6EDDCA703952FAD7FEE24A75DB5C957C45C83B17D4871D1009CA24450CB040 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
07:45:08.0131 0x1fbc KLIF - ok
07:45:08.0140 0x1fbc [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
07:45:08.0150 0x1fbc KLIM6 - ok
07:45:08.0185 0x1fbc [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
07:45:08.0193 0x1fbc klkbdflt - ok
07:45:08.0207 0x1fbc [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
07:45:08.0217 0x1fbc klmouflt - ok
07:45:08.0261 0x1fbc [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
07:45:08.0274 0x1fbc klpd - ok
07:45:08.0283 0x1fbc [ 5BB9E329FE48904108BBBF9C73073920, 402E88770C12C9E8D809D2A8C130CA9E5083CDB1D50C38D4CE2F0D24F2D32E82 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
07:45:08.0292 0x1fbc kltdi - ok
07:45:08.0307 0x1fbc [ D043624FE4AE0A4894A785097C02EF09, 2259CA9BAC73902D291176AB689C101CACE115A8A1C2E6824CC66E928FA27552 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
07:45:08.0317 0x1fbc kneps - ok
07:45:08.0360 0x1fbc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:45:08.0370 0x1fbc KSecDD - ok
07:45:08.0387 0x1fbc [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:45:08.0398 0x1fbc KSecPkg - ok
07:45:08.0414 0x1fbc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:45:08.0434 0x1fbc ksthunk - ok
07:45:08.0464 0x1fbc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
07:45:08.0501 0x1fbc KtmRm - ok
07:45:08.0550 0x1fbc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:45:08.0590 0x1fbc LanmanServer - ok
07:45:08.0620 0x1fbc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:45:08.0664 0x1fbc LanmanWorkstation - ok
07:45:08.0687 0x1fbc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:45:08.0720 0x1fbc lltdio - ok
07:45:08.0739 0x1fbc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:45:08.0770 0x1fbc lltdsvc - ok
07:45:08.0799 0x1fbc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:45:08.0824 0x1fbc lmhosts - ok
07:45:08.0883 0x1fbc [ 1584DEEAE5AA0E3FB045F3D0EAC585EA, 27DE800E2A609827D9D972F7B9D196870E5875F9A09FB0CC3EBBC593294D7BDD ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:45:08.0898 0x1fbc LMS - ok
07:45:08.0924 0x1fbc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:45:08.0934 0x1fbc LSI_FC - ok
07:45:08.0976 0x1fbc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:45:08.0986 0x1fbc LSI_SAS - ok
07:45:09.0006 0x1fbc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:45:09.0015 0x1fbc LSI_SAS2 - ok
07:45:09.0031 0x1fbc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:45:09.0040 0x1fbc LSI_SCSI - ok
07:45:09.0040 0x1fbc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
07:45:09.0086 0x1fbc luafv - ok
07:45:09.0109 0x1fbc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:45:09.0134 0x1fbc Mcx2Svc - ok
07:45:09.0158 0x1fbc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
07:45:09.0166 0x1fbc megasas - ok
07:45:09.0187 0x1fbc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:45:09.0200 0x1fbc MegaSR - ok
07:45:09.0215 0x1fbc [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
07:45:09.0223 0x1fbc MEIx64 - ok
07:45:09.0317 0x1fbc [ 8A43D23ACE2E8C95A2D87B6E9599DEDA, 18683A7CE5AF0A9C5D7E33EB99588AE55FC61103A8894F3F45E2101355966A71 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
07:45:09.0354 0x1fbc MemeoBackgroundService - ok
07:45:09.0371 0x1fbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
07:45:09.0408 0x1fbc MMCSS - ok
07:45:09.0427 0x1fbc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
07:45:09.0481 0x1fbc Modem - ok
07:45:09.0507 0x1fbc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:45:09.0534 0x1fbc monitor - ok
07:45:09.0551 0x1fbc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:45:09.0559 0x1fbc mouclass - ok
07:45:09.0590 0x1fbc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:45:09.0625 0x1fbc mouhid - ok
07:45:09.0630 0x1fbc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:45:09.0639 0x1fbc mountmgr - ok
07:45:09.0681 0x1fbc [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:45:09.0694 0x1fbc MozillaMaintenance - ok
07:45:09.0700 0x1fbc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
07:45:09.0712 0x1fbc mpio - ok
07:45:09.0730 0x1fbc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:45:09.0758 0x1fbc mpsdrv - ok
07:45:09.0833 0x1fbc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:45:09.0887 0x1fbc MpsSvc - ok
07:45:09.0907 0x1fbc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:45:09.0989 0x1fbc MRxDAV - ok
07:45:10.0000 0x1fbc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:45:10.0054 0x1fbc mrxsmb - ok
07:45:10.0062 0x1fbc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:45:10.0084 0x1fbc mrxsmb10 - ok
07:45:10.0100 0x1fbc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:45:10.0121 0x1fbc mrxsmb20 - ok
07:45:10.0142 0x1fbc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
07:45:10.0152 0x1fbc msahci - ok
07:45:10.0182 0x1fbc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:45:10.0197 0x1fbc msdsm - ok
07:45:10.0223 0x1fbc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
07:45:10.0243 0x1fbc MSDTC - ok
07:45:10.0243 0x1fbc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:45:10.0285 0x1fbc Msfs - ok
07:45:10.0299 0x1fbc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:45:10.0317 0x1fbc mshidkmdf - ok
07:45:10.0317 0x1fbc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:45:10.0327 0x1fbc msisadrv - ok
07:45:10.0390 0x1fbc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:45:10.0427 0x1fbc MSiSCSI - ok
07:45:10.0427 0x1fbc msiserver - ok
07:45:10.0450 0x1fbc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:45:10.0482 0x1fbc MSKSSRV - ok
07:45:10.0496 0x1fbc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:45:10.0520 0x1fbc MSPCLOCK - ok
07:45:10.0537 0x1fbc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:45:10.0565 0x1fbc MSPQM - ok
07:45:10.0587 0x1fbc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:45:10.0602 0x1fbc MsRPC - ok
07:45:10.0617 0x1fbc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:45:10.0625 0x1fbc mssmbios - ok
07:45:10.0669 0x1fbc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:45:10.0732 0x1fbc MSTEE - ok
07:45:10.0760 0x1fbc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:45:10.0772 0x1fbc MTConfig - ok
07:45:10.0787 0x1fbc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
07:45:10.0794 0x1fbc Mup - ok
07:45:10.0926 0x1fbc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
07:45:10.0984 0x1fbc napagent - ok
07:45:11.0064 0x1fbc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:45:11.0094 0x1fbc NativeWifiP - ok
07:45:11.0167 0x1fbc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
07:45:11.0213 0x1fbc NDIS - ok
07:45:11.0239 0x1fbc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:45:11.0276 0x1fbc NdisCap - ok
07:45:11.0289 0x1fbc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:45:11.0327 0x1fbc NdisTapi - ok
07:45:11.0349 0x1fbc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:45:11.0388 0x1fbc Ndisuio - ok
07:45:11.0395 0x1fbc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:45:11.0423 0x1fbc NdisWan - ok
07:45:11.0427 0x1fbc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:45:11.0470 0x1fbc NDProxy - ok
07:45:11.0516 0x1fbc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:45:11.0574 0x1fbc NetBIOS - ok
07:45:11.0594 0x1fbc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:45:11.0636 0x1fbc NetBT - ok
07:45:11.0646 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
07:45:11.0655 0x1fbc Netlogon - ok
07:45:11.0679 0x1fbc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
07:45:11.0715 0x1fbc Netman - ok
07:45:11.0763 0x1fbc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:45:11.0867 0x1fbc NetMsmqActivator - ok
07:45:11.0872 0x1fbc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:45:11.0883 0x1fbc NetPipeActivator - ok
07:45:11.0912 0x1fbc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
07:45:11.0962 0x1fbc netprofm - ok
07:45:11.0990 0x1fbc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:45:12.0001 0x1fbc NetTcpActivator - ok
07:45:12.0008 0x1fbc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:45:12.0018 0x1fbc NetTcpPortSharing - ok
07:45:12.0074 0x1fbc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:45:12.0082 0x1fbc nfrd960 - ok
07:45:12.0104 0x1fbc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
07:45:12.0135 0x1fbc NlaSvc - ok
07:45:12.0138 0x1fbc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:45:12.0170 0x1fbc Npfs - ok
07:45:12.0202 0x1fbc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
07:45:12.0247 0x1fbc nsi - ok
07:45:12.0250 0x1fbc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:45:12.0299 0x1fbc nsiproxy - ok
07:45:12.0351 0x1fbc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:45:12.0413 0x1fbc Ntfs - ok
07:45:12.0426 0x1fbc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
07:45:12.0451 0x1fbc Null - ok
07:45:12.0499 0x1fbc [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
07:45:12.0518 0x1fbc NVENETFD - ok
07:45:12.0556 0x1fbc [ 102806B360D0E6BC6E55BF47EF655D43, A0571D4B231568E7C977328C4D4633597B47C05E2668ACDBE2DE01BB46FF872F ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
07:45:12.0568 0x1fbc NVHDA - ok
07:45:12.0964 0x1fbc [ 078AD6DDCA7284172B7FE12C4B80ABD5, F528D1389BC1886CB955E538EC0D4AA166A3042D337AB5B0659C423A5BD2A895 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:45:13.0360 0x1fbc nvlddmkm - ok
07:45:13.0404 0x1fbc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:45:13.0415 0x1fbc nvraid - ok
07:45:13.0436 0x1fbc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:45:13.0447 0x1fbc nvstor - ok
07:45:13.0503 0x1fbc [ 5AAC3B44DB1C63B4C10ABD56BCEE23FB, F62C17AB0B4D3F242EDF1FD71DA66BCD457CD458A5A30FD744F0135FCF16EE7A ] nvsvc C:\Windows\system32\nvvsvc.exe
07:45:13.0530 0x1fbc nvsvc - ok
07:45:13.0652 0x1fbc [ BA3F23A2E23FDBFDDA7B74936D56CF2B, 697F8626CE4BFA099E3C58DB2B4BB09A3C01C29ECEF2B1990882A22FE47A524C ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:45:13.0689 0x1fbc nvUpdatusService - ok
07:45:13.0728 0x1fbc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:45:13.0738 0x1fbc nv_agp - ok
07:45:13.0757 0x1fbc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:45:13.0774 0x1fbc ohci1394 - ok
07:45:13.0862 0x1fbc OpenService - ok
07:45:14.0080 0x1fbc [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service I:\FIFA13\Origin\OriginClientService.exe
07:45:14.0205 0x1fbc Origin Client Service - ok
07:45:14.0251 0x1fbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:45:14.0337 0x1fbc p2pimsvc - ok
07:45:14.0358 0x1fbc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
07:45:14.0389 0x1fbc p2psvc - ok
07:45:14.0397 0x1fbc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
07:45:14.0416 0x1fbc Parport - ok
07:45:14.0433 0x1fbc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:45:14.0443 0x1fbc partmgr - ok
07:45:14.0453 0x1fbc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
07:45:14.0484 0x1fbc PcaSvc - ok
07:45:14.0490 0x1fbc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
07:45:14.0501 0x1fbc pci - ok
07:45:14.0523 0x1fbc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
07:45:14.0533 0x1fbc pciide - ok
07:45:14.0567 0x1fbc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:45:14.0580 0x1fbc pcmcia - ok
07:45:14.0594 0x1fbc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
07:45:14.0604 0x1fbc pcw - ok
07:45:14.0644 0x1fbc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:45:14.0696 0x1fbc PEAUTH - ok
07:45:14.0806 0x1fbc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:45:14.0936 0x1fbc PerfHost - ok
07:45:14.0986 0x1fbc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
07:45:15.0044 0x1fbc pla - ok
07:45:15.0090 0x1fbc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:45:15.0127 0x1fbc PlugPlay - ok
07:45:15.0147 0x1fbc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:45:15.0160 0x1fbc PNRPAutoReg - ok
07:45:15.0187 0x1fbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:45:15.0203 0x1fbc PNRPsvc - ok
07:45:15.0227 0x1fbc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:45:15.0274 0x1fbc PolicyAgent - ok
07:45:15.0307 0x1fbc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
07:45:15.0336 0x1fbc Power - ok
07:45:15.0354 0x1fbc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:45:15.0402 0x1fbc PptpMiniport - ok
07:45:15.0426 0x1fbc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
07:45:15.0446 0x1fbc Processor - ok
07:45:15.0516 0x1fbc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
07:45:15.0580 0x1fbc ProfSvc - ok
07:45:15.0596 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:45:15.0605 0x1fbc ProtectedStorage - ok
07:45:15.0634 0x1fbc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:45:15.0661 0x1fbc Psched - ok
07:45:15.0723 0x1fbc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:45:15.0776 0x1fbc ql2300 - ok
07:45:15.0813 0x1fbc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:45:15.0823 0x1fbc ql40xx - ok
07:45:15.0851 0x1fbc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
07:45:15.0887 0x1fbc QWAVE - ok
07:45:15.0920 0x1fbc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:45:15.0932 0x1fbc QWAVEdrv - ok
07:45:15.0942 0x1fbc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:45:15.0966 0x1fbc RasAcd - ok
07:45:16.0026 0x1fbc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:45:16.0067 0x1fbc RasAgileVpn - ok
07:45:16.0099 0x1fbc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
07:45:16.0126 0x1fbc RasAuto - ok
07:45:16.0136 0x1fbc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:45:16.0171 0x1fbc Rasl2tp - ok
07:45:16.0201 0x1fbc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
07:45:16.0246 0x1fbc RasMan - ok
07:45:16.0251 0x1fbc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:45:16.0295 0x1fbc RasPppoe - ok
07:45:16.0316 0x1fbc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:45:16.0358 0x1fbc RasSstp - ok
07:45:16.0376 0x1fbc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:45:16.0410 0x1fbc rdbss - ok
07:45:16.0417 0x1fbc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:45:16.0436 0x1fbc rdpbus - ok
07:45:16.0460 0x1fbc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:45:16.0484 0x1fbc RDPCDD - ok
07:45:16.0514 0x1fbc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:45:16.0562 0x1fbc RDPENCDD - ok
07:45:16.0566 0x1fbc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:45:16.0600 0x1fbc RDPREFMP - ok
07:45:16.0665 0x1fbc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:45:16.0743 0x1fbc RdpVideoMiniport - ok
07:45:16.0768 0x1fbc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:45:16.0808 0x1fbc RDPWD - ok
07:45:16.0837 0x1fbc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:45:16.0849 0x1fbc rdyboost - ok
07:45:16.0866 0x1fbc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:45:16.0895 0x1fbc RemoteAccess - ok
07:45:16.0922 0x1fbc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:45:16.0957 0x1fbc RemoteRegistry - ok
07:45:16.0990 0x1fbc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:45:17.0037 0x1fbc RpcEptMapper - ok
07:45:17.0058 0x1fbc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
07:45:17.0080 0x1fbc RpcLocator - ok
07:45:17.0105 0x1fbc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
07:45:17.0139 0x1fbc RpcSs - ok
07:45:17.0149 0x1fbc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:45:17.0186 0x1fbc rspndr - ok
07:45:17.0210 0x1fbc [ 39A719875F572241C585A629EE62EB14, EE42DB11710374A2A97ED5B58A9DA0AECC8AB0DF4DEEAC5970F33046255CE2F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:45:17.0230 0x1fbc RTL8167 - ok
07:45:17.0260 0x1fbc [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
07:45:17.0281 0x1fbc RTL8192su - ok
07:45:17.0287 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
07:45:17.0295 0x1fbc SamSs - ok
07:45:17.0317 0x1fbc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:45:17.0326 0x1fbc sbp2port - ok
07:45:17.0343 0x1fbc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:45:17.0383 0x1fbc SCardSvr - ok
07:45:17.0393 0x1fbc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:45:17.0437 0x1fbc scfilter - ok
07:45:17.0474 0x1fbc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
07:45:17.0539 0x1fbc Schedule - ok
07:45:17.0560 0x1fbc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:45:17.0584 0x1fbc SCPolicySvc - ok
07:45:17.0600 0x1fbc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:45:17.0624 0x1fbc SDRSVC - ok
07:45:17.0639 0x1fbc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:45:17.0669 0x1fbc secdrv - ok
07:45:17.0675 0x1fbc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
07:45:17.0702 0x1fbc seclogon - ok
07:45:17.0721 0x1fbc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
07:45:17.0747 0x1fbc SENS - ok
07:45:17.0767 0x1fbc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:45:17.0866 0x1fbc SensrSvc - ok
07:45:17.0907 0x1fbc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:45:17.0923 0x1fbc Serenum - ok
07:45:17.0999 0x1fbc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
07:45:18.0020 0x1fbc Serial - ok
07:45:18.0059 0x1fbc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:45:18.0067 0x1fbc sermouse - ok
07:45:18.0090 0x1fbc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
07:45:18.0118 0x1fbc SessionEnv - ok
07:45:18.0129 0x1fbc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:45:18.0148 0x1fbc sffdisk - ok
07:45:18.0157 0x1fbc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:45:18.0178 0x1fbc sffp_mmc - ok
07:45:18.0186 0x1fbc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:45:18.0205 0x1fbc sffp_sd - ok
07:45:18.0216 0x1fbc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:45:18.0227 0x1fbc sfloppy - ok
07:45:18.0238 0x1fbc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:45:18.0283 0x1fbc SharedAccess - ok
07:45:18.0325 0x1fbc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:45:18.0359 0x1fbc ShellHWDetection - ok
07:45:18.0379 0x1fbc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:45:18.0387 0x1fbc SiSRaid2 - ok
07:45:18.0419 0x1fbc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:45:18.0427 0x1fbc SiSRaid4 - ok
07:45:18.0443 0x1fbc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:45:18.0508 0x1fbc Smb - ok
07:45:18.0536 0x1fbc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:45:18.0557 0x1fbc SNMPTRAP - ok
07:45:18.0567 0x1fbc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
07:45:18.0575 0x1fbc spldr - ok
07:45:18.0615 0x1fbc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
07:45:18.0686 0x1fbc Spooler - ok
07:45:18.0836 0x1fbc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
07:45:19.0016 0x1fbc sppsvc - ok
07:45:19.0036 0x1fbc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:45:19.0072 0x1fbc sppuinotify - ok
07:45:19.0093 0x1fbc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:45:19.0126 0x1fbc srv - ok
07:45:19.0146 0x1fbc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:45:19.0181 0x1fbc srv2 - ok
07:45:19.0187 0x1fbc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:45:19.0211 0x1fbc srvnet - ok
07:45:19.0223 0x1fbc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:45:19.0264 0x1fbc SSDPSRV - ok
07:45:19.0264 0x1fbc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:45:19.0302 0x1fbc SstpSvc - ok
07:45:19.0326 0x1fbc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:45:19.0336 0x1fbc stexstor - ok
07:45:19.0369 0x1fbc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
07:45:19.0397 0x1fbc stisvc - ok
07:45:19.0416 0x1fbc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
07:45:19.0424 0x1fbc swenum - ok
07:45:19.0442 0x1fbc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
07:45:19.0501 0x1fbc swprv - ok
07:45:19.0570 0x1fbc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
07:45:19.0648 0x1fbc SysMain - ok
07:45:19.0655 0x1fbc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:45:19.0670 0x1fbc TabletInputService - ok
07:45:19.0695 0x1fbc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
07:45:19.0735 0x1fbc TapiSrv - ok
07:45:19.0739 0x1fbc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
07:45:19.0779 0x1fbc TBS - ok
07:45:19.0958 0x1fbc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:45:20.0017 0x1fbc Tcpip - ok
07:45:20.0070 0x1fbc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:45:20.0119 0x1fbc TCPIP6 - ok
07:45:20.0144 0x1fbc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:45:20.0192 0x1fbc tcpipreg - ok
07:45:20.0228 0x1fbc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:45:20.0316 0x1fbc TDPIPE - ok
07:45:20.0339 0x1fbc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:45:20.0367 0x1fbc TDTCP - ok
07:45:20.0411 0x1fbc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:45:20.0461 0x1fbc tdx - ok
07:45:20.0525 0x1fbc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
07:45:20.0533 0x1fbc TermDD - ok
07:45:20.0596 0x1fbc [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
07:45:20.0633 0x1fbc terminpt - ok
07:45:20.0679 0x1fbc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
07:45:20.0727 0x1fbc TermService - ok
07:45:20.0740 0x1fbc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
07:45:20.0771 0x1fbc Themes - ok
07:45:20.0828 0x1fbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
07:45:20.0854 0x1fbc THREADORDER - ok
07:45:21.0013 0x1fbc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
07:45:21.0060 0x1fbc TrkWks - ok
07:45:21.0085 0x1fbc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:45:21.0127 0x1fbc TrustedInstaller - ok
07:45:21.0151 0x1fbc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:45:21.0167 0x1fbc tssecsrv - ok
07:45:21.0197 0x1fbc [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:45:21.0257 0x1fbc TsUsbFlt - ok
07:45:21.0282 0x1fbc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:45:21.0289 0x1fbc TsUsbGD - ok
07:45:21.0374 0x1fbc [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
07:45:21.0440 0x1fbc TuneUp.UtilitiesSvc - ok
07:45:21.0466 0x1fbc [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
07:45:21.0475 0x1fbc TuneUpUtilitiesDrv - ok
07:45:21.0502 0x1fbc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:45:21.0536 0x1fbc tunnel - ok
07:45:21.0558 0x1fbc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:45:21.0566 0x1fbc uagp35 - ok
07:45:21.0598 0x1fbc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:45:21.0646 0x1fbc udfs - ok
07:45:21.0669 0x1fbc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:45:21.0693 0x1fbc UI0Detect - ok
07:45:21.0719 0x1fbc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:45:21.0727 0x1fbc uliagpkx - ok
07:45:21.0750 0x1fbc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:45:21.0769 0x1fbc umbus - ok
07:45:21.0778 0x1fbc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
07:45:21.0789 0x1fbc UmPass - ok
07:45:21.0903 0x1fbc [ FC43877B4625F6EB773C98233EB625C5, 2294E1981A3323606FBD8FC9B35EEC85F47C6E0F6F73C1F6346B5A3492D53F40 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:45:22.0029 0x1fbc UNS - ok
07:45:22.0058 0x1fbc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
07:45:22.0117 0x1fbc upnphost - ok
07:45:22.0150 0x1fbc [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:45:22.0191 0x1fbc usbaudio - ok
07:45:22.0232 0x1fbc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:45:22.0301 0x1fbc usbccgp - ok
07:45:22.0345 0x1fbc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:45:22.0383 0x1fbc usbcir - ok
07:45:22.0431 0x1fbc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:45:22.0440 0x1fbc usbehci - ok
07:45:22.0475 0x1fbc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:45:22.0502 0x1fbc usbhub - ok
07:45:22.0534 0x1fbc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:45:22.0543 0x1fbc usbohci - ok
07:45:22.0553 0x1fbc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:45:22.0563 0x1fbc usbprint - ok
07:45:22.0598 0x1fbc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:45:22.0658 0x1fbc USBSTOR - ok
07:45:22.0662 0x1fbc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:45:22.0671 0x1fbc usbuhci - ok
07:45:22.0701 0x1fbc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
07:45:22.0729 0x1fbc UxSms - ok
07:45:22.0753 0x1fbc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
07:45:22.0771 0x1fbc VaultSvc - ok
07:45:22.0801 0x1fbc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:45:22.0809 0x1fbc vdrvroot - ok
07:45:22.0858 0x1fbc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
07:45:22.0909 0x1fbc vds - ok
07:45:22.0959 0x1fbc [ BEDDB6B3304B67C142B776BDCB1922CB, 3BEF18E03093F7888E66004280EB1CA567B5D7C7EDEE01507B8A4FD7AA4ECB90 ] Verifies and fixes application compatibility issues C:\Users\Florianxxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
07:45:22.0966 0x1fbc Verifies and fixes application compatibility issues - ok
07:45:22.0989 0x1fbc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:45:23.0013 0x1fbc vga - ok
07:45:23.0025 0x1fbc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:45:23.0050 0x1fbc VgaSave - ok
07:45:23.0061 0x1fbc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:45:23.0072 0x1fbc vhdmp - ok
07:45:23.0082 0x1fbc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
07:45:23.0090 0x1fbc viaide - ok
07:45:23.0099 0x1fbc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:45:23.0108 0x1fbc volmgr - ok
07:45:23.0125 0x1fbc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:45:23.0141 0x1fbc volmgrx - ok
07:45:23.0158 0x1fbc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:45:23.0172 0x1fbc volsnap - ok
07:45:23.0191 0x1fbc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:45:23.0202 0x1fbc vsmraid - ok
07:45:23.0249 0x1fbc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
07:45:23.0342 0x1fbc VSS - ok
07:45:23.0355 0x1fbc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:45:23.0366 0x1fbc vwifibus - ok
07:45:23.0382 0x1fbc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:45:23.0407 0x1fbc vwififlt - ok
07:45:23.0445 0x1fbc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
07:45:23.0491 0x1fbc W32Time - ok
07:45:23.0517 0x1fbc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:45:23.0548 0x1fbc WacomPen - ok
07:45:23.0562 0x1fbc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:45:23.0588 0x1fbc WANARP - ok
07:45:23.0592 0x1fbc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:45:23.0617 0x1fbc Wanarpv6 - ok
07:45:23.0649 0x1fbc [ 63D7250ED2C2E3CD9B11139A608D6C39, 256CF5427706912090ABE67E7EAAB09FEE6692A610839BAEE233CFC403702B9C ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
07:45:23.0664 0x1fbc watchmi - detected UnsignedFile.Multi.Generic ( 1 )
07:45:26.0530 0x1fbc Detect skipped due to KSN trusted
07:45:26.0530 0x1fbc watchmi - ok
07:45:26.0736 0x1fbc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
07:45:26.0849 0x1fbc wbengine - ok
07:45:26.0917 0x1fbc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:45:26.0960 0x1fbc WbioSrvc - ok
07:45:26.0971 0x1fbc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:45:27.0024 0x1fbc wcncsvc - ok
07:45:27.0036 0x1fbc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:45:27.0114 0x1fbc WcsPlugInService - ok
07:45:27.0168 0x1fbc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
07:45:27.0182 0x1fbc Wd - ok
07:45:27.0372 0x1fbc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:45:27.0530 0x1fbc Wdf01000 - ok
07:45:27.0535 0x1fbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:45:27.0788 0x1fbc WdiServiceHost - ok
07:45:27.0792 0x1fbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:45:27.0821 0x1fbc WdiSystemHost - ok
07:45:27.0889 0x1fbc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
07:45:27.0937 0x1fbc WebClient - ok
07:45:27.0989 0x1fbc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:45:28.0032 0x1fbc Wecsvc - ok
07:45:28.0144 0x1fbc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:45:28.0182 0x1fbc wercplsupport - ok
07:45:28.0213 0x1fbc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
07:45:28.0259 0x1fbc WerSvc - ok
07:45:28.0281 0x1fbc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:45:28.0305 0x1fbc WfpLwf - ok
07:45:28.0333 0x1fbc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:45:28.0340 0x1fbc WIMMount - ok
07:45:28.0428 0x1fbc WinDefend - ok
07:45:28.0431 0x1fbc WinHttpAutoProxySvc - ok
07:45:28.0703 0x1fbc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:45:28.0749 0x1fbc Winmgmt - ok
07:45:29.0044 0x1fbc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
07:45:29.0135 0x1fbc WinRM - ok
07:45:29.0181 0x1fbc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:45:29.0193 0x1fbc WinUsb - ok
07:45:29.0339 0x1fbc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:45:29.0430 0x1fbc Wlansvc - ok
07:45:29.0554 0x1fbc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:45:29.0599 0x1fbc wlcrasvc - ok
07:45:29.0759 0x1fbc [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:45:29.0833 0x1fbc wlidsvc - ok
07:45:29.0870 0x1fbc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:45:29.0885 0x1fbc WmiAcpi - ok
07:45:29.0920 0x1fbc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:45:29.0966 0x1fbc wmiApSrv - ok
07:45:29.0987 0x1fbc WMPNetworkSvc - ok
07:45:30.0004 0x1fbc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:45:30.0061 0x1fbc WPCSvc - ok
07:45:30.0076 0x1fbc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:45:30.0166 0x1fbc WPDBusEnum - ok
07:45:30.0207 0x1fbc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:45:30.0353 0x1fbc ws2ifsl - ok
07:45:30.0380 0x1fbc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
07:45:30.0394 0x1fbc wscsvc - ok
07:45:30.0397 0x1fbc WSearch - ok
07:45:30.0485 0x1fbc [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
07:45:30.0497 0x1fbc wsvd - ok
07:45:30.0745 0x1fbc [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
07:45:30.0833 0x1fbc wuauserv - ok
07:45:30.0855 0x1fbc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:45:30.0914 0x1fbc WudfPf - ok
07:45:30.0960 0x1fbc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:45:31.0107 0x1fbc WUDFRd - ok
07:45:31.0187 0x1fbc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:45:31.0214 0x1fbc wudfsvc - ok
07:45:31.0245 0x1fbc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:45:31.0816 0x1fbc WwanSvc - ok
07:45:31.0908 0x1fbc [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
07:45:31.0944 0x1fbc xnacc - ok
07:45:32.0048 0x1fbc [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
07:45:32.0077 0x1fbc xusb21 - ok
07:45:32.0095 0x1fbc ================ Scan global ===============================
07:45:32.0112 0x1fbc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:45:32.0165 0x1fbc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:45:32.0194 0x1fbc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:45:32.0212 0x1fbc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:45:32.0326 0x1fbc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:45:32.0333 0x1fbc [ Global ] - ok
07:45:32.0334 0x1fbc ================ Scan MBR ==================================
07:45:32.0348 0x1fbc [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
07:45:34.0871 0x1fbc \Device\Harddisk0\DR0 - ok
07:45:34.0874 0x1fbc [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
07:45:36.0581 0x1fbc \Device\Harddisk4\DR4 - ok
07:45:36.0582 0x1fbc ================ Scan VBR ==================================
07:45:37.0052 0x1fbc [ 4777F3668FCC586703160D9BB99FE1EA ] \Device\Harddisk0\DR0\Partition1
07:45:37.0495 0x1fbc \Device\Harddisk0\DR0\Partition1 - ok
07:45:37.0559 0x1fbc [ 4993626D5E885B3541AE4E9A7F708F20 ] \Device\Harddisk0\DR0\Partition2
07:45:37.0899 0x1fbc \Device\Harddisk0\DR0\Partition2 - ok
07:45:37.0970 0x1fbc [ 823B20170927B50A36A41CAB094972F3 ] \Device\Harddisk0\DR0\Partition3
07:45:37.0972 0x1fbc \Device\Harddisk0\DR0\Partition3 - ok
07:45:37.0974 0x1fbc [ 0DC91E22082F2B42C003E5C8BA0CA7BF ] \Device\Harddisk4\DR4\Partition1
07:45:37.0975 0x1fbc \Device\Harddisk4\DR4\Partition1 - ok
07:45:37.0975 0x1fbc ================ Scan generic autorun ======================
07:45:38.0085 0x1fbc [ BD7012431E4E1C5C88A823834CE378AC, 1B66F9DEB5047D6C1D7BE37D9B411E93DBCBE95D3CDCB52465909D0BB80AA259 ] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
07:45:38.0101 0x1fbc MedionReminder - detected UnsignedFile.Multi.Generic ( 1 )
07:45:41.0068 0x1fbc MedionReminder ( UnsignedFile.Multi.Generic ) - warning
07:45:54.0386 0x1fbc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:45:54.0580 0x1fbc Sidebar - ok
07:45:54.0635 0x1fbc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:45:54.0653 0x1fbc mctadmin - ok
07:45:54.0751 0x1fbc [ 656E8D7016CACA15D831BCC5D1C16FB3, 84E7C8128D66074E60F7D30C4E7764F200F9DDA21525740B0C50E368C1CE6BBC ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
07:45:54.0859 0x1fbc RoboForm - ok
07:45:54.0860 0x1fbc Waiting for KSN requests completion. In queue: 3
07:45:55.0860 0x1fbc Waiting for KSN requests completion. In queue: 3
07:45:56.0860 0x1fbc Waiting for KSN requests completion. In queue: 3
07:45:59.0592 0x1fbc AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmiav.exe ( 15.0.0.463 ), 0x41000 ( enabled : updated )
07:45:59.0601 0x1fbc FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmifw.exe ( 15.0.0.463 ), 0x41010 ( enabled )
07:46:11.0363 0x1fbc ============================================================
07:46:11.0363 0x1fbc Scan finished
07:46:11.0363 0x1fbc ============================================================
07:46:11.0369 0x2bc8 Detected object count: 1
07:46:11.0369 0x2bc8 Actual detected object count: 1
07:46:27.0331 0x2bc8 MedionReminder ( UnsignedFile.Multi.Generic ) - skipped by user
07:46:27.0331 0x2bc8 MedionReminder ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Warlord |
|
20.01.2015, 16:25
| #8 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2015, 17:40
| #9 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hi Schrauber, anbei log von Combofix Code:
ATTFilter ComboFix 15-01-18.01 - Florianxxxxxx 20.01.2015 17:26:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2015 [GMT 1:00]
ausgeführt von:: c:\users\Florianxxxxxx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-20 bis 2015-01-20 ))))))))))))))))))))))))))))))
.
.
2015-01-20 16:32 . 2015-01-20 16:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-01-20 16:32 . 2015-01-20 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-19 14:19 . 2015-01-19 14:20 -------- d-----w- C:\FRST
2015-01-14 06:21 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 06:20 . 2014-12-11 17:47 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 06:20 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 06:20 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 06:20 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 06:18 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 06:18 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:18 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 06:18 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 06:18 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:18 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:18 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 06:18 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-09 08:50 . 2015-01-09 08:50 -------- d-----w- c:\program files (x86)\ESET
2015-01-08 19:35 . 2015-01-20 06:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 19:26 . 2015-01-08 19:26 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-01-08 14:57 . 2015-01-09 13:44 -------- d-----w- c:\windows\ERUNT
2015-01-08 14:16 . 2015-01-20 06:10 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 14:16 . 2015-01-20 06:08 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-08 14:16 . 2015-01-08 14:16 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-01-08 14:16 . 2015-01-08 14:16 -------- d-----w- c:\programdata\Malwarebytes
2015-01-08 14:16 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-08 14:16 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-08 13:07 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
2015-01-08 12:45 . 2015-01-08 12:45 -------- d-sh--w- c:\users\Florianxxxxxx\AppData\Local\EmieUserList
2015-01-08 12:45 . 2015-01-08 12:45 -------- d-sh--w- c:\users\Florianxxxxxx\AppData\Local\EmieSiteList
2015-01-08 12:45 . 2015-01-08 12:45 -------- d-sh--w- c:\users\Florianxxxxxx\AppData\Local\EmieBrowserModeList
2015-01-08 12:37 . 2015-01-08 12:37 -------- d-----w- c:\users\Florianxxxxxx\AppData\Local\Diagnostics
2015-01-08 05:33 . 2015-01-08 05:33 -------- d-----w- c:\programdata\Package Cache
2015-01-08 05:32 . 2015-01-20 15:24 -------- d-----w- c:\users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier
2014-12-24 11:36 . 2014-12-24 12:13 -------- d-----w- c:\programdata\FarmFrenzy3
2014-12-22 11:38 . 2014-12-22 11:38 -------- d-----w- c:\program files (x86)\GT Interactive
2014-12-21 18:46 . 2014-12-21 18:46 -------- d-----w- c:\programdata\BlueStacks
2014-12-21 18:46 . 2014-12-21 18:46 -------- d-----w- c:\program files (x86)\BlueStacks
2014-12-21 18:46 . 2014-12-21 18:46 -------- d-----w- c:\users\Florianxxxxxx\AppData\Local\Bluestacks
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 18:43 . 2011-07-18 20:31 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-14 06:22 . 2012-07-13 08:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 06:22 . 2012-07-13 08:11 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-20 12:51 . 2014-12-20 12:51 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-12-13 05:09 . 2014-12-18 16:42 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 16:42 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-06 13:57 . 2014-12-06 13:57 319912 ----a-w- c:\windows\system32\javaws.exe
2014-12-06 13:57 . 2014-12-06 13:57 189352 ----a-w- c:\windows\system32\javaw.exe
2014-12-06 13:57 . 2014-12-06 13:57 189352 ----a-w- c:\windows\system32\java.exe
2014-12-06 13:57 . 2014-12-06 13:57 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-04 18:24 . 2014-12-04 18:24 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-04 18:24 . 2014-12-04 18:24 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-04 18:24 . 2014-12-04 18:24 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-04 18:24 . 2014-12-04 18:24 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-04 18:24 . 2014-12-04 18:24 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-04 18:24 . 2014-12-04 18:24 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-04 18:24 . 2014-12-04 18:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-04 18:24 . 2014-12-04 18:24 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-04 18:24 . 2014-12-04 18:24 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-04 18:24 . 2014-12-04 18:24 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-04 18:24 . 2014-12-04 18:24 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-04 18:24 . 2014-12-04 18:24 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-12-04 18:24 . 2014-12-04 18:24 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-12-04 18:24 . 2014-12-04 18:24 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-12-04 18:24 . 2014-12-04 18:24 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-12-04 18:24 . 2014-12-04 18:24 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-12-04 18:24 . 2014-12-04 18:24 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-04 18:24 . 2014-12-04 18:24 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-04 18:24 . 2014-12-04 18:24 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-04 18:24 . 2014-12-04 18:24 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-04 18:24 . 2014-12-04 18:24 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-04 18:24 . 2014-12-04 18:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-04 18:24 . 2014-12-04 18:24 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-04 18:24 . 2014-12-04 18:24 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-04 18:24 . 2014-12-04 18:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-04 18:24 . 2014-12-04 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-04 18:24 . 2014-12-04 18:24 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-04 18:24 . 2014-12-04 18:24 413696 ----a-w- c:\windows\system32\html.iec
2014-12-04 18:24 . 2014-12-04 18:24 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-04 18:24 . 2014-12-04 18:24 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-04 18:24 . 2014-12-04 18:24 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-04 18:24 . 2014-12-04 18:24 235520 ----a-w- c:\windows\system32\url.dll
2014-12-04 18:24 . 2014-12-04 18:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-12-04 18:24 . 2014-12-04 18:24 147968 ----a-w- c:\windows\system32\occache.dll
2014-12-04 18:24 . 2014-12-04 18:24 143872 ----a-w- c:\windows\system32\wextract.exe
2014-12-04 18:24 . 2014-12-04 18:24 13824 ----a-w- c:\windows\system32\mshta.exe
2014-12-04 18:24 . 2014-12-04 18:24 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-12-04 18:24 . 2014-12-04 18:24 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-12-04 18:24 . 2014-12-04 18:24 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-12-04 18:24 . 2014-12-04 18:24 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-12-04 18:24 . 2014-12-04 18:24 101376 ----a-w- c:\windows\system32\inseng.dll
2014-12-04 18:23 . 2014-12-04 18:23 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-12-04 18:23 . 2014-12-04 18:23 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-12-04 18:23 . 2014-12-04 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-12-04 18:23 . 2014-12-04 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-12-04 18:23 . 2014-12-04 18:23 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-12-04 18:23 . 2014-12-04 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-12-04 18:23 . 2014-12-04 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-12-04 18:23 . 2014-12-04 18:23 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-12-04 18:23 . 2014-12-04 18:23 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-12-04 18:23 . 2014-12-04 18:23 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-12-04 18:23 . 2014-12-04 18:23 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-12-04 18:23 . 2014-12-04 18:23 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-12-04 18:23 . 2014-12-04 18:23 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-12-04 18:23 . 2014-12-04 18:23 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-12-04 18:23 . 2014-12-04 18:23 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-12-04 18:23 . 2014-12-04 18:23 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-12-04 18:23 . 2014-12-04 18:23 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-12-04 18:23 . 2014-12-04 18:23 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-12-04 18:23 . 2014-12-04 18:23 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-12-04 18:23 . 2014-12-04 18:23 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-12-04 18:23 . 2014-12-04 18:23 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-12-04 18:23 . 2014-12-04 18:23 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-12-04 18:23 . 2014-12-04 18:23 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-12-04 18:23 . 2014-12-04 18:23 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-04 18:23 . 2014-12-04 18:23 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-04 15:32 . 2014-12-04 15:24 793800 ----a-w- c:\windows\system32\drivers\klif.sys
2014-12-04 15:32 . 2014-12-04 15:24 141320 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-12-04 15:01 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-04 02:50 . 2014-12-10 05:41 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 05:41 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 05:41 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 05:41 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 05:41 227328 ----a-w- c:\windows\system32\aepdu.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-12-27 110160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-08 843480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2014-12-4 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 OpenService;OpenService;c:\users\Florianxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe;c:\users\Florianxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe [x]
R2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\Florianxxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;i:\fifa13\Origin\OriginClientService.exe;i:\fifa13\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41994385
*Deregistered* - 41994385
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-13 12452968]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2012-05-10 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2012-05-10 430080]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: RF - Formular ausfüllen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: RF - Formular speichern - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: RF - Menü anpassen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 217.0.43.145 217.0.43.129
FF - ProfilePath - c:\users\Florianxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\
FF - prefs.js: browser.startup.homepage - aol.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Command and Conquer - Complete German Uncut Edition Deinstallation - i:\c&c\Command and Conquer - Complete German Uncut Edition\Uninstall.exe
AddRemove-FreeFixer1.12 - c:\program files\FreeFixer\uninstall.exe
AddRemove-GT Interactive - Driver - c:\windows\IsUn0407.exe
AddRemove-Populous: The Beginning - c:\windows\IsUn0407.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact\1431306332\BLIC=c:\users\Public*SystemDrive=C:*SystemRoot=c:\windows*temp=c:\Users\FLORIA~1\AppData\Local\Temp*TMP=c:\users\FLORIA~1\AppData\Local\Temp*USERDOMAIN=FlorianxxxxxxMa*USERNAME=Florianxxxxxx*USERPROFILE=c:\users\Florianxxxxxx*windir=C:\Windows*windows_trac]
"JoinUserExperience"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-20 17:33:41
ComboFix-quarantined-files.txt 2015-01-20 16:33
.
Vor Suchlauf: 9 Verzeichnis(se), 876.960.497.664 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 879.679.664.128 Bytes frei
.
- - End Of File - - 7195BE3070057AF34175E2A80CE6DBD6
Danke und Gruß Warlord40 |
|
20.01.2015, 19:40
| #10 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2015, 20:40
| #11 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hi Bin deinen Anweisungen gefolgt. Habe seit Combofix keine Stimmen mehr gehört, gehe aber bis zum bitteren Ende mit dir alles durch  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.01.2015 Suchlauf-Zeit: 20:00:41 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.20.08 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Florianxxxxx Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 394299 Verstrichene Zeit: 9 Min, 23 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 6116, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf] PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 2192, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.PennyBee.A, HKU\S-1-5-21-2837197548-3389339762-311286345-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, In Quarantäne, [36721cddfb8e5dd9dcf2393d3ac94ab6], Registrierungswerte: 1 PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [bfe9ab4ec4c58fa70fa28476a75df50b] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 5 PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\chrome, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\chrome\content, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], Dateien: 17 PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.CompatibilityVerifier.A, C:\Users\Florianxxxxx\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [8127f10887021c1afd48f283fe0541bf], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\chrome.manifest, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\install.rdf, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\chrome\content\background.js, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], PUP.Optional.WebSecFox.A, C:\Users\Florianxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\extensions\anti@fish-fox.com\chrome\content\background.xul, In Quarantäne, [d0d814e59dec85b13d858ce462a107f9], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 20/01/2015 um 20:21:19
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Florianxxxxxx - FLORIANxxxxxxMA
# Gestartet von : I:\Downloads\AdwCleaner_4.108.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
*************************
AdwCleaner[R0].txt - [782 octets] - [20/01/2015 20:20:18]
AdwCleaner[S0].txt - [704 octets] - [20/01/2015 20:21:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [763 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Florianxxxxxx on 20.01.2015 at 20:25:55,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Florianxxxxxx\AppData\Roaming\mozilla\firefox\profiles\lmy9e60r.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2015 at 20:29:07,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Florianxxxxxxx (administrator) on FLORIANxxxxxxxMA on 20-01-2015 20:32:15 Running from I:\Downloads Loaded Profiles: UpdatusUser & Florianxxxxxxx (Available profiles: UpdatusUser & Florianxxxxxxx) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-02] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.) HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink) HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-27] (Siber Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2837197548-3389339762-311286345-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-2837197548-3389339762-311286345-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> {B9DC5AB1-0C72-4353-9965-65DA3DDCAEE2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129 FireFox: ======== FF ProfilePath: C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html FF Homepage: aol.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\pavel.sherbakov@gmail.com [2015-01-09] FF Extension: Speed Dial - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-04] FF Extension: Adblock Plus - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-04] FF Extension: BetterPrivacy - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-12-04] FF HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; I:\FIFA13\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 OpenService; C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-20] (Disc Soft Ltd) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-04] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-04] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-09-11] (Seiko Epson Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 20:29 - 2015-01-20 20:30 - 00000772 _____ () C:\Users\Florianxxxxxxx\Desktop\JRT.txt 2015-01-20 20:23 - 2015-01-20 20:23 - 00000842 _____ () C:\Users\Florianxxxxxxx\Desktop\AdwCleaner[S0].txt 2015-01-20 20:20 - 2015-01-20 20:21 - 00000000 ____D () C:\AdwCleaner 2015-01-20 20:16 - 2015-01-20 20:19 - 00006057 _____ () C:\Users\Florianxxxxxxx\Desktop\mbam.txt 2015-01-20 19:59 - 2015-01-20 19:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-20 17:41 - 2015-01-20 17:41 - 00028615 _____ () C:\Users\Florianxxxxxxx\Downloads\ComboFix.txt 2015-01-20 17:33 - 2015-01-20 17:33 - 00028615 _____ () C:\ComboFix.txt 2015-01-20 17:24 - 2015-01-20 17:33 - 00000000 ____D () C:\Qoobox 2015-01-20 17:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-20 17:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-20 17:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-20 16:57 - 2015-01-20 16:58 - 05608785 ____R (Swearware) C:\Users\Florianxxxxxxx\Desktop\ComboFix.exe 2015-01-20 07:08 - 2015-01-20 20:05 - 00000000 ____D () C:\Users\Florianxxxxxxx\Desktop\mbar 2015-01-19 15:19 - 2015-01-20 20:32 - 00000000 ____D () C:\FRST 2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 _____ () C:\Users\Florianxxxxxxx\defogger_reenable 2015-01-19 09:56 - 2015-01-19 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 11:38 - 2015-01-19 20:22 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-01-14 11:38 - 2015-01-14 11:38 - 00003176 _____ () C:\Windows\system32\persistent_q.db-wal 2015-01-14 11:38 - 2015-01-14 11:38 - 00001024 _____ () C:\Windows\system32\persistent_q.db 2015-01-14 07:21 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 07:20 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 07:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 07:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 07:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 07:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 07:18 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 07:18 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 07:18 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 07:18 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 07:18 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 07:18 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 07:18 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 08:09 - 2015-01-20 18:26 - 00000112 _____ () C:\ProgramData\2q7dX8.dat 2015-01-09 09:50 - 2015-01-09 09:50 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 20:35 - 2015-01-20 07:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-08 20:26 - 2015-01-08 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-08 16:10 - 2015-01-08 16:16 - 00000000 ____D () C:\Windows\erdnt 2015-01-08 15:57 - 2015-01-09 14:44 - 00000000 ____D () C:\Windows\ERUNT 2015-01-08 15:16 - 2015-01-20 20:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 15:16 - 2015-01-20 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 15:16 - 2015-01-20 19:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-08 15:16 - 2015-01-08 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 15:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 14:07 - 2010-03-08 11:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieUserList 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieSiteList 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieBrowserModeList 2015-01-08 06:33 - 2015-01-08 06:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-24 12:36 - 2014-12-24 13:13 - 00000000 ____D () C:\ProgramData\FarmFrenzy3 2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GT Interactive 2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Program Files (x86)\GT Interactive 2014-12-21 19:46 - 2014-12-21 19:52 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Local\Bluestacks 2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-21 19:46 - 2014-12-21 19:46 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-12-21 19:41 - 2014-12-21 19:42 - 00000000 ____D () C:\Users\Florianxxxxxxx\Documents\Command and Conquer Generals Data 2014-12-21 16:19 - 2014-12-21 16:23 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 20:30 - 2014-12-04 15:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-20 20:30 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-20 20:30 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-20 20:29 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2015-01-20 20:29 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2015-01-20 20:29 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 20:27 - 2014-12-04 15:56 - 02038207 _____ () C:\Windows\WindowsUpdate.log 2015-01-20 20:22 - 2010-11-21 04:47 - 00240120 _____ () C:\Windows\PFRO.log 2015-01-20 20:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-20 20:22 - 2009-07-14 05:51 - 00149432 _____ () C:\Windows\setupact.log 2015-01-20 20:21 - 2013-01-22 08:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-20 17:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-20 07:00 - 2014-12-04 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:14 - 2014-12-04 16:00 - 00000000 ____D () C:\Users\Florianxxxxxxx 2015-01-14 19:46 - 2014-12-04 17:20 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 19:43 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 08:07 - 2014-12-04 16:02 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Roaming\Adobe 2015-01-14 07:22 - 2013-01-22 08:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 07:22 - 2012-07-13 09:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 07:22 - 2012-07-13 09:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-09 14:48 - 2014-12-04 17:39 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Local\Adobe 2015-01-09 12:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-08 20:34 - 2014-12-04 16:56 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\Programme 2015-01-08 14:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-04 20:37 - 2014-12-04 16:39 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2015-01-01 14:19 - 2014-12-07 09:39 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\Schule 2014-12-27 12:40 - 2014-12-11 17:02 - 00000000 ____D () C:\ProgramData\Origin 2014-12-27 12:39 - 2014-12-11 17:23 - 00000000 ____D () C:\Users\Florianxxxxxxx\Documents\FIFA 13 2014-12-27 10:50 - 2014-12-05 17:08 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-12-27 10:33 - 2014-12-04 16:19 - 00004170 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-12-27 10:33 - 2014-12-04 16:19 - 00003522 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2014-12-27 10:33 - 2014-12-04 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2014-12-26 18:45 - 2014-12-04 19:04 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Roaming\vlc 2014-12-26 11:16 - 2013-01-21 16:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-24 09:24 - 2014-12-09 16:54 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\FOTOS 2014-12-22 06:12 - 2009-07-14 06:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-21 19:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2015-01-13 08:09 - 2015-01-20 18:26 - 0000112 _____ () C:\ProgramData\2q7dX8.dat 2014-12-06 14:48 - 2014-12-06 14:48 - 0001534 _____ () C:\ProgramData\ss.ini Files to move or delete: ==================== C:\ProgramData\2q7dX8.dat Some content of TEMP: ==================== C:\Users\Florianxxxxxxx\AppData\Local\Temp\Quarantine.exe C:\Users\Florianxxxxxxx\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-20 15:00 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Florianxxxxxx at 2015-01-20 20:32:49
Running from I:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{4C3B5AEC-2EBE-4BB9-A7E1-F61E3E244465}) (Version: 2.12.0 - Kovid Goyal)
Command and Conquer - Complete German Uncut Edition Deinstallation (HKLM-x32\...\Command and Conquer - Complete German Uncut Edition Deinstallation) (Version: 1.0 - Shadow Eagle)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.5310 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Epson Benutzerhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
FUJIFILM Fotoservice 5.3 (HKLM-x32\...\FujiFilm Fotoservice_is1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GT Interactive - Driver (HKLM-x32\...\GT Interactive - Driver) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Graphics Driver 301.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-11-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 4.6.0.6) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.0.6 - Wondershare Software Co.,Ltd.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {42DC8FF4-0908-43E7-8A40-77E6ADDCB398} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMIMHMMJGMIMOJJJCNMJMJIMGMCNLMOJLJKJCNHMNMJJHMCNMMIMPMLMIMJJGMNJLMGMJMMMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMNMJNHICMOMNMLJPMOMJNBJCMJLDJAJNIGJOJBJNKKJGJLIKJNIJNKJCMJNNICMJNDJCMLJKJJNMJCMPMFMOMOMKMFMOMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {54B1B88F-473E-443D-90C6-77B2C9137DAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {8B347801-3BE9-46A3-AD04-02C280073785} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-27] (Siber Systems)
Task: {ACFAD88E-CD5A-4AF3-86C2-7378A040D4CC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA953588-A1BC-43C0-9543-23E4B284C24F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-21 15:38 - 2012-07-10 13:59 - 00085864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-01-19 09:56 - 2015-01-19 09:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-12-04 16:32 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2837197548-3389339762-311286345-500 - Administrator - Disabled)
Florianxxxxxx (S-1-5-21-2837197548-3389339762-311286345-1001 - Administrator - Enabled) => C:\Users\Florianxxxxxx
Gast (S-1-5-21-2837197548-3389339762-311286345-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2837197548-3389339762-311286345-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2015-01-08 16:15:32.587
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-08 16:15:32.509
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-11 20:27:42.061
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:27:42.039
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.573
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.513
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4077.64 MB
Available physical RAM: 1669.68 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5123.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:818.9 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:33.01 GB) NTFS
Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:351.62 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FA6E1023)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4C182D31)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
==================== End Of Log ============================
Danke schonmal bis hierher - Du machst einen Spitzenjob Mr. Schrauber  |
|
21.01.2015, 11:20
| #12 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Wir sind bald durch ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.01.2015, 13:31
| #13 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hi Hier die Log-Files Könntst du mir evtl. noch erklären was für einen Trojaner , und wo ich mir diesen Schädling eingefangen haben könnte. In der Schnellstartleiste ist zudem ein Icon von Malewarebytes das mir letztens das öffnen einer Seite weg Malware verweigert hat. Kann und sollte ich dieses Programm behalten??? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9f9d1e61ef283f4281da053560343fea
# engine=21881
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 08:57:08
# local_time=2015-01-09 09:57:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 16023 24866510 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3003382 172423678 0 0
# scanned=8430
# found=1
# cleaned=0
# scan_time=170
sh=4A52A76A6780F0B3F94F363F14BCA7D405E7344C ft=1 fh=58b0317c140a6ff1 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Florianxxxxxxx\AppData\Roaming\Security Systems\uninstall.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9f9d1e61ef283f4281da053560343fea
# engine=21881
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 11:09:46
# local_time=2015-01-09 12:09:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 23981 24874468 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3011340 172431636 0 0
# scanned=272991
# found=13
# cleaned=13
# scan_time=7886
sh=4A52A76A6780F0B3F94F363F14BCA7D405E7344C ft=1 fh=58b0317c140a6ff1 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Florianxxxxxxx\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=7A7123554409A032A51A892E7C206A8E6A1C3506 ft=1 fh=07e8ec5c583ec831 vn="Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe"
sh=B3F229DE59E67F49DF51C9A311DE64FE5C5A7108 ft=1 fh=0953d774bef34da0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=B16F8CF8D21B90E9B99305D98585F0AFC93CA7C3 ft=1 fh=abca5c7c859ffadd vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\Downloads\jdownloader.exe"
sh=25CC8AC300B930DADD7E24F487E626E5CB8B9D79 ft=1 fh=8da1cdd0b8846dab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\Downloads\OpenOffice - CHIP-Installer.exe"
sh=3EE99ED1D57F60857F3314C57D7398E8BA1117DB ft=1 fh=20eff776237ae6c0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\Downloads\speed_dial-0.9.6.16-sm.xpi - CHIP-Installer.exe"
sh=748199D3CFE1F413EF223E8D64BEB2975AE1E027 ft=1 fh=b78d830c83b8700f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Florianxxxxxxx\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=F6B4B949DAE8207244EF5D7D265DB61ABB9E3134 ft=1 fh=2671b10046abd2fc vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\DATA\DOWNLOADS\Documents\Programme\FreeYouTubeDownload.exe"
sh=8DB51595492609FFF73800174DDBC6363C1DA181 ft=1 fh=e03aa7f093055e9b vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\DATA\DOWNLOADS\Documents\Programme\IminentSetup_2-KFRPtAWP-1_.exe"
sh=5B6EF40C43193F7BDFC8883C9396F5282A0E478E ft=1 fh=f772a3c350ec37c7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Downloads\Microsoft Silverlight - CHIP-Installer.exe"
sh=DCEDAE5A2EC4FF8B7FB6A5CC0B3D0B014832BFA0 ft=1 fh=6a1b58fdeecd772a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Downloads\Excel Viewer - CHIP-Installer.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Downloads\DTLite4491-0356.exe"
sh=4196ECA28FD0E520D0DCC693F85A9725727C3658 ft=1 fh=01018c02a0b62dc0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="I:\Downloads\BlueStacks App Player - CHIP-Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9f9d1e61ef283f4281da053560343fea
# engine=22073
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-21 11:59:43
# local_time=2015-01-21 12:59:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 27073 25914265 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4054737 173471433 0 0
# scanned=264185
# found=0
# cleaned=0
# scan_time=5318
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Adobe Flash Player 16.0.0.257 Adobe Reader XI Mozilla Firefox (35.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Florianxxxxxxx (administrator) on FLORIANxxxxxxxMA on 21-01-2015 13:21:58 Running from I:\Downloads Loaded Profiles: UpdatusUser & Florianxxxxxxx (Available profiles: UpdatusUser & Florianxxxxxxx) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-02] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.) HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [430080 2012-05-10] (CyberLink) HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-27] (Siber Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2837197548-3389339762-311286345-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKU\S-1-5-21-2837197548-3389339762-311286345-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-2837197548-3389339762-311286345-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> {B9DC5AB1-0C72-4353-9965-65DA3DDCAEE2} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-2837197548-3389339762-311286345-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129 FireFox: ======== FF ProfilePath: C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html FF Homepage: aol.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\pavel.sherbakov@gmail.com [2015-01-09] FF Extension: Speed Dial - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-04] FF Extension: Adblock Plus - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-04] FF Extension: BetterPrivacy - C:\Users\Florianxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\lmy9e60r.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-12-04] FF HKU\S-1-5-21-2837197548-3389339762-311286345-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; I:\FIFA13\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 OpenService; C:\Users\Florianxxxxxxx\AppData\Roaming\Windows Open Service\OpenService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-20] (Disc Soft Ltd) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-04] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-04] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-09-11] (Seiko Epson Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 20:20 - 2015-01-20 20:21 - 00000000 ____D () C:\AdwCleaner 2015-01-20 19:59 - 2015-01-20 19:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-20 17:41 - 2015-01-20 17:41 - 00028615 _____ () C:\Users\Florianxxxxxxx\Downloads\ComboFix.txt 2015-01-20 17:33 - 2015-01-20 17:33 - 00028615 _____ () C:\ComboFix.txt 2015-01-20 17:24 - 2015-01-20 17:33 - 00000000 ____D () C:\Qoobox 2015-01-20 17:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-20 17:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-20 17:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-20 17:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-20 16:57 - 2015-01-20 16:58 - 05608785 ____R (Swearware) C:\Users\Florianxxxxxxx\Desktop\ComboFix.exe 2015-01-20 07:08 - 2015-01-21 11:54 - 00000000 ____D () C:\Users\Florianxxxxxxx\Desktop\mbar 2015-01-19 15:19 - 2015-01-21 13:22 - 00000000 ____D () C:\FRST 2015-01-19 15:14 - 2015-01-19 15:14 - 00000000 _____ () C:\Users\Florianxxxxxxx\defogger_reenable 2015-01-19 09:56 - 2015-01-19 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-14 11:38 - 2015-01-19 20:22 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-01-14 11:38 - 2015-01-14 11:38 - 00003176 _____ () C:\Windows\system32\persistent_q.db-wal 2015-01-14 11:38 - 2015-01-14 11:38 - 00001024 _____ () C:\Windows\system32\persistent_q.db 2015-01-14 07:21 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 07:20 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 07:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 07:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 07:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 07:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 07:18 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 07:18 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 07:18 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 07:18 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 07:18 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 07:18 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 07:18 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 08:09 - 2015-01-20 18:26 - 00000112 _____ () C:\ProgramData\2q7dX8.dat 2015-01-09 09:50 - 2015-01-09 09:50 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 20:35 - 2015-01-20 07:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-08 20:26 - 2015-01-08 20:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-08 16:10 - 2015-01-08 16:16 - 00000000 ____D () C:\Windows\erdnt 2015-01-08 15:57 - 2015-01-09 14:44 - 00000000 ____D () C:\Windows\ERUNT 2015-01-08 15:16 - 2015-01-21 10:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 15:16 - 2015-01-20 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 15:16 - 2015-01-20 19:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-08 15:16 - 2015-01-08 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 15:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 14:07 - 2010-03-08 11:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieUserList 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieSiteList 2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 __SHD () C:\Users\Florianxxxxxxx\AppData\Local\EmieBrowserModeList 2015-01-08 06:33 - 2015-01-08 06:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-24 12:36 - 2014-12-24 13:13 - 00000000 ____D () C:\ProgramData\FarmFrenzy3 2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GT Interactive 2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Program Files (x86)\GT Interactive ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 13:21 - 2013-01-22 08:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-21 12:46 - 2014-12-04 15:56 - 02072425 _____ () C:\Windows\WindowsUpdate.log 2015-01-21 12:02 - 2014-12-04 15:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-21 06:37 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 06:37 - 2009-07-14 05:45 - 00024576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 06:35 - 2011-05-16 15:04 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2015-01-21 06:35 - 2011-05-16 15:04 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2015-01-21 06:35 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 06:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 06:28 - 2009-07-14 05:51 - 00149488 _____ () C:\Windows\setupact.log 2015-01-20 20:22 - 2010-11-21 04:47 - 00240120 _____ () C:\Windows\PFRO.log 2015-01-20 17:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-20 07:00 - 2014-12-04 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:14 - 2014-12-04 16:00 - 00000000 ____D () C:\Users\Florianxxxxxxx 2015-01-14 19:46 - 2014-12-04 17:20 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 19:43 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 08:07 - 2014-12-04 16:02 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Roaming\Adobe 2015-01-14 07:22 - 2013-01-22 08:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 07:22 - 2012-07-13 09:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 07:22 - 2012-07-13 09:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-09 14:48 - 2014-12-04 17:39 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Local\Adobe 2015-01-09 12:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-08 20:34 - 2014-12-04 16:56 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\Programme 2015-01-08 14:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-04 20:37 - 2014-12-04 16:39 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2015-01-01 14:19 - 2014-12-07 09:39 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\Schule 2014-12-27 12:40 - 2014-12-11 17:02 - 00000000 ____D () C:\ProgramData\Origin 2014-12-27 12:39 - 2014-12-11 17:23 - 00000000 ____D () C:\Users\Florianxxxxxxx\Documents\FIFA 13 2014-12-27 10:50 - 2014-12-05 17:08 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-12-27 10:33 - 2014-12-04 16:19 - 00004170 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-12-27 10:33 - 2014-12-04 16:19 - 00003522 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2014-12-27 10:33 - 2014-12-04 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2014-12-26 18:45 - 2014-12-04 19:04 - 00000000 ____D () C:\Users\Florianxxxxxxx\AppData\Roaming\vlc 2014-12-26 11:16 - 2013-01-21 16:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-24 09:24 - 2014-12-09 16:54 - 00000000 ___RD () C:\Users\Florianxxxxxxx\Desktop\FOTOS 2014-12-22 06:12 - 2009-07-14 06:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-01-13 08:09 - 2015-01-20 18:26 - 0000112 _____ () C:\ProgramData\2q7dX8.dat 2014-12-06 14:48 - 2014-12-06 14:48 - 0001534 _____ () C:\ProgramData\ss.ini Files to move or delete: ==================== C:\ProgramData\2q7dX8.dat Some content of TEMP: ==================== C:\Users\Florianxxxxxxx\AppData\Local\Temp\Quarantine.exe C:\Users\Florianxxxxxxx\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-20 15:00 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Florianxxxxxx at 2015-01-21 13:22:32
Running from I:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{4C3B5AEC-2EBE-4BB9-A7E1-F61E3E244465}) (Version: 2.12.0 - Kovid Goyal)
Command and Conquer - Complete German Uncut Edition Deinstallation (HKLM-x32\...\Command and Conquer - Complete German Uncut Edition Deinstallation) (Version: 1.0 - Shadow Eagle)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.5310 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Epson Benutzerhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
FUJIFILM Fotoservice 5.3 (HKLM-x32\...\FujiFilm Fotoservice_is1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GT Interactive - Driver (HKLM-x32\...\GT Interactive - Driver) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Graphics Driver 301.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-11-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 4.6.0.6) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.0.6 - Wondershare Software Co.,Ltd.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {42DC8FF4-0908-43E7-8A40-77E6ADDCB398} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMIMHMMJGMIMOJJJCNMJMJIMGMCNLMOJLJKJCNHMNMJJHMCNMMIMPMLMIMJJGMNJLMGMJMMMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMNMJNHICMOMNMLJPMOMJNBJCMJLDJAJNIGJOJBJNKKJGJLIKJNIJNKJCMJNNICMJNDJCMLJKJJNMJCMPMFMOMOMKMFMOMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {54B1B88F-473E-443D-90C6-77B2C9137DAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {8B347801-3BE9-46A3-AD04-02C280073785} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-27] (Siber Systems)
Task: {ACFAD88E-CD5A-4AF3-86C2-7378A040D4CC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA953588-A1BC-43C0-9543-23E4B284C24F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-21 15:38 - 2012-07-10 13:59 - 00085864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-04 18:55 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-01-19 09:56 - 2015-01-19 09:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-12-04 16:32 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2837197548-3389339762-311286345-500 - Administrator - Disabled)
Florianxxxxxx (S-1-5-21-2837197548-3389339762-311286345-1001 - Administrator - Enabled) => C:\Users\Florianxxxxxx
Gast (S-1-5-21-2837197548-3389339762-311286345-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2837197548-3389339762-311286345-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 01:22:34 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/21/2015 01:22:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/21/2015 01:21:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 11:28:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 11:28:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 11:28:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 07:30:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
System errors:
=============
Error: (01/21/2015 11:12:46 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 11:12:41 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 11:12:37 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 11:12:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/21/2015 10:11:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/21/2015 10:11:36 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 09:43:10 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 09:43:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/21/2015 09:43:06 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (01/21/2015 06:29:36 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Microsoft Office Sessions:
=========================
Error: (01/21/2015 01:22:34 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/21/2015 01:22:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/21/2015 01:21:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\esetsmartinstaller_deu(1).exe
Error: (01/21/2015 11:28:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\esetsmartinstaller_deu(1).exe
Error: (01/21/2015 11:28:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\esetsmartinstaller_deu(1).exe
Error: (01/21/2015 11:28:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\esetsmartinstaller_deu(1).exe
Error: (01/21/2015 07:30:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (01/20/2015 08:32:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2015-01-08 16:15:32.587
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-08 16:15:32.509
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-11 20:27:42.061
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:27:42.039
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 20:26:05.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.573
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.513
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 06:43:15.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 66%
Total physical RAM: 4077.64 MB
Available physical RAM: 1379.66 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 4902.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:818.68 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:33.01 GB) NTFS
Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:351.62 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FA6E1023)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4C182D31)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
==================== End Of Log ============================
Gruß Warlord40  |
|
21.01.2015, 15:11
| #14 |
| /// the machine /// TB-Ausbilder | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Das kann man nicht mehr nachvollziehen, aber wahrscheinlich aus einem Download. Download Ordner leeren, ebenso dem Kram auf Laufwerk I, den ESET gefunden hat. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
In welchem Browser warst Du unterwegs als MBAM was geblockt hat?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.01.2015, 17:00
| #15 |
| | Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft Hi War mit Firefox im Netz, kann die aber nicht mehr sagen auf welche Seite ich wollte. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Florianxxxxx at 2015-01-21 16:54:10 Run:1
Running from I:\Downloads
Loaded Profiles: UpdatusUser & Florianxxxxx (Available profiles: UpdatusUser & Florianxxxxx)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Emptytemp:
*****************
EmptyTemp: => Removed 1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 16:54:34 ====
Warlord40 |
|
| Themen zu Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft |
| board, checkliste, helfer, hintergrund, hoffe, immer wieder, lieber, nachrichten, programm, richtig, sache, sachen, sport, tagen, versuch, versucht, welchem |
Linear-Darstellung
