| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf DDOS Angriff und weiteresWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2015, 11:09
| #1 |
 |  Verdacht auf DDOS Angriff und weiteres Hallo, gestern wurde mein Rechner sehr wahrscheinlich per DDOS angegriffen. Das ganze lief über nen IRC Chat, wo mich irgend jemand unbekanntes privat angeschrieben und irgendetwas komisches von sich gegeben hat. Ich habe nicht drauf geantwortet und kurze Zeit darauf später ging die Internet Connection völlig weg und es kam ne Windows Fehlermeldung, was mir bisher so noch nie passiert ist. Leider habe ich nicht auf die Fehlermeldung geachtet, da hätte ich wahrscheinlich nen Screenshot machen sollen, aber schon zu spät. Habe danach Malwarebytes Anti Malware durchlaufen lassen, aber ohne Ergebnisse. Habe dann auch HijackThis durchlaufen lassen, die Log-Files poste ich unten. Auf jeden Fall war dann die komplette Internetverbindung bei mir weg, auch auf anderen Geräten ging nichts mehr. Habe danach den Router neugestartet und dann ging es wieder. Später im IRC sprach mich höchstwahrscheinlich die selbe Person (aber unter anderem Namen) wieder an und meinte ob das genug war blablabla, und das er mich jetzt in der Hand hätte. Nun kenne ich mich überhaupt nicht darin aus, hab dann recherchiert und paar Leute gefragt und kam deswegen dann zu der Vermutung das es sich wohl dabei um nen DDOS Angriff handelte. Ich bin mir absolut sicher das es sich dabei um keinen Zufall handelte. Vorallem sei das IRC nicht grad der sicherste Ort, man sei dort also sehr anfällig für solche Angriffe. Ich dachte eigentlich das DDOS Angriffe eher dafür da sind um Webseiten zu attackieren, wundert mich aber auch nicht wenn man damit einzelne Rechner angreifen kann. Meine Fragen lauten nun: 1. Muss ich mir sorgen über weitere Folgen machen, wie zb gut versteckte Trojaner ? Hab zwar die erwähnten Prorgamme durchlaufen lassen wo nichts bei rauskam, aber dennoch werde ich das Gefühl nicht los ob ich da nicht noch irgendetwas eingefangen habe. 2. Mal angenommen das war ne DDOS attacke, ist das überhaupt möglich gleichzeitig Schädlinge an den Empfänger der Attacke weiterzuleiten, bzw ist das überhaupt im IRC möglich? Denn ich habe keinen Link oder sonstwas angeklickt, sondern es hat sich alles nur da abgespielt. 3. Derjenige muss ja an meine IP Adresse rangekommen sein, da ich aber mittlerweile ne andere IP Adresse habe müsste ich mir keine Sorgen mehr machen solange ich eben keine Trojaner eingefangen habe? 4. Währendessen hatte ich einen USB Stick mit wichtigen Sachen angeshclossen. Muss ich damit rechnen das sich mögliche Schädlinge auch auf den USB Stick verbreitet haben? Hab da auch ne Malwarebytes Suche durchlaufen lassen, aber es wurde nichts gefunden. Kann ich den USB Stick jetzt ohne weiteres an andere Rechner anschliessen? Hier sind die Logiles: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:31:34, on 23.02.2015 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\CoreTemp32\Core Temp.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\User\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe -- End of file - 5428 bytes Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2015.02.23.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [Administrator] 23.02.2015 08:28:29 mbam-log-2015-02-23 (08-28-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 295726 Laufzeit: 8 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.02.2015, 11:36
| #2 |
| /// the machine /// TB-Ausbilder    | Verdacht auf DDOS Angriff und weiteres hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.02.2015, 12:31
| #3 |
| | Verdacht auf DDOS Angriff und weiteres FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by User (administrator) on USER-PC on 24-02-2015 11:57:38
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & postgres)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\CoreTemp32\Core Temp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [862728 2009-02-12] (Dritek System Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6789664 2009-02-24] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\MountPoints2: {6dcf00a5-6f37-11e4-ac9b-00a0c6000000} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\MountPoints2: {b0ddda26-a2fe-11e3-b1f2-00262215b858} - D:\pushinst.exe
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-396725855-3759477238-4004217979-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-396725855-3759477238-4004217979-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2014-10-26]
FF Extension: MEGA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\firefox@mega.co.nz.xpi [2015-01-16]
FF Extension: Wiktionary and Google Translate - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\googledictionary@toptip.ca.xpi [2014-03-01]
FF Extension: Stylish - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-09-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-02-04] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [20128 2014-12-04] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-02-07] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-02-04] (Avira GmbH)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated)
U3 aeh0v35o; C:\Windows\system32\Drivers\aeh0v35o.sys [0 ] (Elaborate Bytes AG) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\User\AppData\Local\Temp\ALSysIO.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MotioninJoyXFilter; system32\DRIVERS\MijXfilt.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 xusb21; system32\DRIVERS\xusb21.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 10:58 - 2015-02-24 10:58 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-02-24 10:57 - 2015-02-24 10:58 - 00013457 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-24 10:57 - 2015-02-24 10:57 - 00000000 ____D () C:\Users\User\Desktop\AMK
2015-02-24 10:53 - 2015-02-24 10:57 - 00000000 ____D () C:\FRST
2015-02-24 10:38 - 2015-02-24 10:38 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-23 15:23 - 2015-02-23 15:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2015-02-23 15:17 - 2015-02-23 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-23 15:16 - 2015-02-23 15:16 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:16 - 2015-02-23 15:16 - 00000000 ____D () C:\Program Files\Avira
2015-02-23 15:16 - 2015-02-04 17:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-02-22 23:45 - 2015-02-22 23:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-22 23:45 - 2015-02-22 23:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2015-02-22 23:41 - 2015-02-23 00:05 - 00002388 _____ () C:\Windows\setupact.log
2015-02-22 23:41 - 2015-02-22 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-22 03:57 - 2015-02-23 17:14 - 00004118 _____ () C:\Windows\PFRO.log
2015-02-22 03:51 - 2015-02-22 03:51 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2015-02-22 02:48 - 2015-02-22 02:48 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2015-02-22 02:01 - 2015-02-22 02:01 - 00000000 ____D () C:\Windows\pss
2015-02-16 09:37 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 09:37 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 05:29 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 05:29 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-16 05:29 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-16 05:28 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-16 05:28 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 15:56 - 2015-02-23 20:07 - 00103841 ____H () C:\formatter.log
2015-02-11 15:54 - 2015-02-11 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-02-11 15:54 - 2015-02-11 15:54 - 00000000 ____D () C:\Program Files\SD Formatter
2015-02-11 09:45 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:45 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:45 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:45 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:44 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:44 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:44 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:44 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:44 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:44 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:44 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:44 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:44 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-07 15:51 - 2015-02-07 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-07 15:50 - 2015-02-22 03:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-07 15:50 - 2015-02-07 15:50 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-02-07 15:49 - 2015-02-07 19:52 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-30 10:58 - 2015-01-30 10:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-30 10:58 - 2015-01-30 10:57 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-30 10:57 - 2015-01-30 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 09:14 - 2006-11-02 13:47 - 00005168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 09:14 - 2006-11-02 13:47 - 00005168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 02:44 - 2014-01-29 12:04 - 01711583 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 21:02 - 2014-01-12 18:40 - 00000000 ____D () C:\Users\User\Desktop\Programme
2015-02-23 20:32 - 2014-08-17 17:47 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-23 20:11 - 2006-11-02 11:33 - 01618898 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 17:17 - 2014-01-12 23:52 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-23 17:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 14:54 - 2014-06-06 11:20 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-23 14:54 - 2006-11-02 14:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-23 14:52 - 2014-10-07 11:37 - 00000000 ____D () C:\Users\User\Desktop\Games
2015-02-23 09:14 - 2014-01-12 23:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-23 00:23 - 2015-01-24 06:48 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-23 00:05 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-22 23:45 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\User
2015-02-22 03:54 - 2014-01-13 00:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2015-02-21 21:01 - 2014-11-26 23:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-18 00:44 - 2014-01-12 23:52 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-16 22:12 - 2014-12-17 13:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-16 07:40 - 2006-11-02 13:47 - 00241328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 05:35 - 2014-01-12 21:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 05:30 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-15 23:24 - 2014-03-14 21:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\XnView
2015-02-15 12:02 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA
2015-02-13 18:01 - 2014-01-12 18:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-13 13:50 - 2014-03-27 03:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Orbit
2015-02-11 20:07 - 2014-03-20 21:50 - 00000000 __SHD () C:\Users\Public\DRM
2015-02-09 10:34 - 2014-03-03 23:29 - 00000000 ____D () C:\Users\User\AppData\Local\PokerStars.EU
2015-02-08 01:43 - 2014-03-23 04:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-02-07 20:15 - 2014-03-25 03:04 - 00000000 ____D () C:\Games
2015-02-07 19:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\security
2015-02-07 15:51 - 2014-01-12 23:32 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-02-03 18:42 - 2015-01-20 14:44 - 00000000 ____D () C:\Users\User\Desktop\WE6FE Data Tools v0.4
2015-02-01 15:30 - 2014-03-10 18:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 04:59 - 2014-01-12 23:52 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-01-30 10:46 - 2014-06-30 02:55 - 00000000 ____D () C:\Program Files\Java
2015-01-28 12:59 - 2014-12-21 11:28 - 00000000 ____D () C:\Program Files\DkZ Studio
==================== Files in the root of some directories =======
2014-12-09 15:08 - 2014-12-09 16:01 - 0000077 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.Exception.log
2014-12-09 15:06 - 2014-12-09 15:06 - 0001147 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-12-09 15:08 - 2014-12-09 16:01 - 0000077 _____ () C:\Users\User\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-01-12 16:33 - 2014-11-10 01:59 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2014-01-12 19:15 - 2014-11-28 15:21 - 0009728 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-24 05:23
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by User at 2015-02-24 11:58:28
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.60 beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2002.201 - Alps Electric)
Atheros for Acer Driver v7.6.1.162_Foxconn Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.6.1.162 - Atheros)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Packard Bell)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.1 - )
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5798 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.6.9 - Shark007)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows Driver Package - Broadcom (b57nd60x) Net (10/22/2008 11.7.2.0) (HKLM\...\FF3A88DD2E566739726091732D60F71D3858B330) (Version: 10/22/2008 11.7.2.0 - Broadcom)
Windows Driver Package - Broadcom (k57nd60x) Net (09/11/2008 11.22.0.0) (HKLM\...\6348C5D3D3ED4206969655766781ED83709A222E) (Version: 09/11/2008 11.22.0.0 - Broadcom)
Windows Driver Package - Synaptics (SynTP) Mouse (02/05/2009 12.2.2.0) (HKLM\...\0C73D452841894B3BA3653D29807B223418D12B6) (Version: 02/05/2009 12.2.2.0 - Synaptics)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wise Registry Cleaner 7.65 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
XnView 1.99.6 (HKLM\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
XviD MPEG-4 Codec (HKLM\...\XviD) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF94-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373984C9-B845-449B-91E7-45AC83036ADE}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{550DDA30-0541-11D2-9CA9-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{7E3FCEA1-31B4-11D2-AE1F-0080C7337EA1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFB40FFD-B609-40A3-9828-F88BBE11E4E3}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{D2423620-51A0-11D2-9CAF-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F19-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F27-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F31-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F33-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F34-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F36-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F37-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F39-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F3F-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F40-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F41-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F14-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
==================== Restore Points =========================
22-02-2015 02:41:06 Removed calibre
22-02-2015 23:45:13 Gerätetreiber-Paketinstallation: www.MotioninJoy.com Microsoft Common Controller für Windows-Klasse
23-02-2015 13:12:06 Geplanter Prüfpunkt
24-02-2015 03:12:22 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04742B55-0FD3-426A-8C55-7DBFF3EFFCFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {38AC19F5-2EAB-4727-A11E-93AA27B8FEDB} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {463DB54E-0213-4740-978B-1D5ADA3AC378} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4FA5EA3F-70B1-4A99-B9F7-DAE133C609B1} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {51DBC18B-8B82-4C7E-BFC3-AD8DAA62F452} - System32\Tasks\{D39A1BCA-B0B7-49D3-A686-BF850F52BB1C} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-03] (Skype Technologies S.A.)
Task: {64E514A5-6294-4A04-9A3A-1DC1B8943F70} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {77264E53-DB92-4DCA-A361-612F497B8700} - System32\Tasks\{4B4EC8F5-42C3-4230-86C5-63C6A1605080} => pcalua.exe -a "C:\Phantasy Star Online Blue Burst\Uninstal.exe"
Task: {83EC1185-F15E-4F97-A0EB-40F1379F4D05} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {896C3E59-6300-4AEF-B988-995834DAFF6C} - \SUPERAntiSpyware Scheduled Task 072c9011-baef-46a2-b5a4-e273d53245a0 No Task File <==== ATTENTION
Task: {94568830-4FF3-4E8E-A24E-F2C5D5621439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {9545927A-102B-4889-A010-4C2BF8744FA8} - System32\Tasks\{A3397B20-20AB-49AD-B447-580E9A30CEE6} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsProgressBar
Task: {AD99F48A-61D4-4617-8AD6-AF2A79E62285} - System32\Tasks\Core Temp Autostart User => C:\Program Files\CoreTemp32\Core Temp.exe [2013-10-08] ()
Task: {F1046518-573B-48DE-9AAA-815C76CE2ABD} - \SUPERAntiSpyware Scheduled Task 1c7efccf-410e-4917-99ec-606c036f729d No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-12 23:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-12 23:51 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-12 23:51 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-12 23:51 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-12 23:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-06 04:05 - 2013-10-08 13:22 - 00794272 _____ () C:\Program Files\CoreTemp32\Core Temp.exe
2014-01-12 17:09 - 2003-06-07 13:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2014-01-12 18:42 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-12 18:27 - 2011-10-26 17:41 - 00325120 _____ () C:\Program Files\TeraCopy\TeraCopy.dll
2014-01-12 18:27 - 2011-10-26 17:41 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2014-01-12 18:58 - 2014-01-14 23:49 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-26 19:25 - 2014-11-26 19:25 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:233BFF24
AlternateDataStreams: C:\Users\Public\DRM:احتضان
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img27.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-396725855-3759477238-4004217979-500 - Administrator - Disabled)
Gast (S-1-5-21-396725855-3759477238-4004217979-501 - Limited - Enabled)
postgres (S-1-5-21-396725855-3759477238-4004217979-1003 - Limited - Enabled) => C:\Users\postgres
User (S-1-5-21-396725855-3759477238-4004217979-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2015 08:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.19070, Zeitstempel 0x533183ed, Ausnahmecode 0xc0000005, Fehleroffset 0x0003f2b0,
Prozess-ID 0xbc0, Anwendungsstartzeit explorer.exe0.
Error: (02/23/2015 07:47:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ea8
Anfangszeit: 01d04f84277a3a9e
Zeitpunkt der Beendigung: 15
Error: (02/23/2015 09:37:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\DESKTOP\TOR BROWSER\BROWSER\TORBROWSER\DATA\BROWSER\PROFILE.DEFAULT\PREFS-1.JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/21/2015 00:08:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c9c
Anfangszeit: 01d04ce098e19043
Zeitpunkt der Beendigung: 60000
Error: (02/20/2015 11:28:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 11:28:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 08:49:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 08:49:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 08:49:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 08:49:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (02/23/2015 05:14:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.02.2015 um 15:52:57 unerwartet heruntergefahren.
Error: (02/23/2015 00:06:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000libusbd
Error: (02/22/2015 11:47:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000libusbd
Error: (02/22/2015 11:46:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000libusbd
Error: (02/22/2015 11:41:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000libusbd
Error: (02/22/2015 01:49:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: PostgreSQL Server 8.31
Error: (02/22/2015 01:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Adobe Acrobat Update Service1
Error: (02/20/2015 08:40:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.02.2015 um 08:38:35 unerwartet heruntergefahren.
Error: (02/19/2015 02:23:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.02.2015 um 11:27:36 unerwartet heruntergefahren.
Error: (02/16/2015 11:08:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.02.2015 um 11:04:49 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (02/23/2015 08:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.6002.1800549e01da5SHELL32.dll6.0.6002.19070533183edc00000050003f2b0bc001d04f9927c08dae
Error: (02/23/2015 07:47:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6002.18005ea801d04f84277a3a9e15
Error: (02/23/2015 09:37:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\DESKTOP\TOR BROWSER\BROWSER\TORBROWSER\DATA\BROWSER\PROFILE.DEFAULT\PREFS-1.JS
Error: (02/21/2015 00:08:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6002.18005c9c01d04ce098e1904360000
Error: (02/20/2015 11:28:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\SAFEBROWSING-TO_DELETE
Error: (02/20/2015 11:28:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\SAFEBROWSING-BACKUP
Error: (02/20/2015 08:49:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9
Error: (02/20/2015 08:49:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9
Error: (02/20/2015 08:49:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8
Error: (02/20/2015 08:49:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8
CodeIntegrity Errors:
===================================
Date: 2015-02-23 22:51:46.848
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:51:46.598
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:51:46.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:51:46.146
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:51:45.928
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:51:45.709
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:10:56.611
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:10:56.393
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:10:56.143
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-23 22:10:55.925
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 66%
Total physical RAM: 3069.04 MB
Available physical RAM: 1017.13 MB
Total Pagefile: 6374.34 MB
Available Pagefile: 4156.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.44 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:242.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 0FA837BC)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End Of Log ============================
|
|
24.02.2015, 17:13
| #4 |
| /// the machine /// TB-Ausbilder | Verdacht auf DDOS Angriff und weiteres hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2015, 19:07
| #5 |
| | Verdacht auf DDOS Angriff und weiteres Hab alles exakt nach Beschreibung gemacht, hat wohl (zum Glück?) nichts gefunden. Glaubst du das mit Sicherheit etwas erkannt worden wäre wenn es was gäbe? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.02.24.05
rootkit: v2015.02.22.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]
24.02.2015 18:44:16
mbar-log-2015-02-24 (18-44-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 299231
Time elapsed: 11 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 18:58:57.0158 0x1120 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:59:16.0120 0x1120 ============================================================
18:59:16.0120 0x1120 Current date / time: 2015/02/24 18:59:16.0120
18:59:16.0120 0x1120 SystemInfo:
18:59:16.0120 0x1120
18:59:16.0120 0x1120 OS Version: 6.0.6002 ServicePack: 2.0
18:59:16.0120 0x1120 Product type: Workstation
18:59:16.0120 0x1120 ComputerName: User-PC
18:59:16.0120 0x1120 UserName: User
18:59:16.0120 0x1120 Windows directory: C:\Windows
18:59:16.0120 0x1120 System windows directory: C:\Windows
18:59:16.0120 0x1120 Processor architecture: Intel x86
18:59:16.0121 0x1120 Number of processors: 2
18:59:16.0121 0x1120 Page size: 0x1000
18:59:16.0121 0x1120 Boot type: Normal boot
18:59:16.0121 0x1120 ============================================================
18:59:18.0237 0x1120 KLMD registered as C:\Windows\system32\drivers\44212241.sys
18:59:18.0459 0x1120 System UUID: {90482343-5FDA-8F9D-47B1-5ECE92688786}
18:59:19.0472 0x1120 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:59:19.0473 0x1120 ============================================================
18:59:19.0473 0x1120 \Device\Harddisk0\DR0:
18:59:19.0474 0x1120 MBR partitions:
18:59:19.0474 0x1120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
18:59:19.0474 0x1120 ============================================================
18:59:19.0509 0x1120 C: <-> \Device\Harddisk0\DR0\Partition1
18:59:19.0510 0x1120 ============================================================
18:59:19.0510 0x1120 Initialize success
18:59:19.0510 0x1120 ============================================================
19:00:19.0149 0x0d6c ============================================================
19:00:19.0149 0x0d6c Scan started
19:00:19.0149 0x0d6c Mode: Manual; SigCheck; TDLFS;
19:00:19.0149 0x0d6c ============================================================
19:00:19.0149 0x0d6c KSN ping started
19:00:19.0311 0x0d6c KSN ping finished: true
19:00:20.0039 0x0d6c ================ Scan system memory ========================
19:00:20.0039 0x0d6c System memory - ok
19:00:20.0040 0x0d6c ================ Scan services =============================
19:00:20.0249 0x0d6c [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:00:20.0404 0x0d6c ACPI - ok
19:00:20.0554 0x0d6c [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:00:20.0570 0x0d6c AdobeARMservice - ok
19:00:20.0673 0x0d6c [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:00:20.0692 0x0d6c AdobeFlashPlayerUpdateSvc - ok
19:00:20.0736 0x0d6c [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:00:20.0761 0x0d6c adp94xx - ok
19:00:20.0790 0x0d6c [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:00:20.0809 0x0d6c adpahci - ok
19:00:20.0830 0x0d6c [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:00:20.0844 0x0d6c adpu160m - ok
19:00:20.0861 0x0d6c [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:00:20.0876 0x0d6c adpu320 - ok
19:00:20.0921 0x0d6c [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:00:21.0075 0x0d6c AeLookupSvc - ok
19:00:21.0140 0x0d6c [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
19:00:21.0220 0x0d6c AFD - ok
19:00:21.0261 0x0d6c [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:00:21.0275 0x0d6c agp440 - ok
19:00:21.0298 0x0d6c [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:00:21.0312 0x0d6c aic78xx - ok
19:00:21.0360 0x0d6c [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
19:00:21.0517 0x0d6c ALG - ok
19:00:21.0553 0x0d6c [ 496EDA16A127AC9A38BB285BEF17DBB5, E6AF74AC05ADDD7C84F3EC7251D382E65B79EB133411A6ADF0C001E410F2A9C5 ] aliide C:\Windows\system32\drivers\aliide.sys
19:00:21.0566 0x0d6c aliide - ok
19:00:21.0697 0x0d6c ALSysIO - ok
19:00:21.0731 0x0d6c [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:00:21.0744 0x0d6c amdagp - ok
19:00:21.0757 0x0d6c [ 6F65F4147C54398D7280B18CEBBED215, FAA02C4AA8FD651A0E533539A26614E0E8EB5F52B9E85698082AD3B8A3B3E4DD ] amdide C:\Windows\system32\drivers\amdide.sys
19:00:21.0769 0x0d6c amdide - ok
19:00:21.0781 0x0d6c [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:00:21.0988 0x0d6c AmdK7 - ok
19:00:22.0016 0x0d6c [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:00:22.0096 0x0d6c AmdK8 - ok
19:00:22.0188 0x0d6c [ F2EDC2EA1E871928C18A63BC84A1B808, C56A8854361021E216EBF35AEF335FD45915C7623D2F61C2691A5BF1CC8BA5E1 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:00:22.0213 0x0d6c AntiVirSchedulerService - ok
19:00:22.0270 0x0d6c [ F2EDC2EA1E871928C18A63BC84A1B808, C56A8854361021E216EBF35AEF335FD45915C7623D2F61C2691A5BF1CC8BA5E1 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:00:22.0292 0x0d6c AntiVirService - ok
19:00:22.0369 0x0d6c [ 91B05BBB609C79D73E2332B6E5F99AEA, 8B89EA1D23913D19D6B010E5862D034810606A9E33D9A2BD01EAB7C87154D35A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:00:22.0390 0x0d6c ApfiltrService - ok
19:00:22.0463 0x0d6c [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
19:00:22.0535 0x0d6c Appinfo - ok
19:00:22.0582 0x0d6c [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
19:00:22.0595 0x0d6c arc - ok
19:00:22.0628 0x0d6c [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:00:22.0641 0x0d6c arcsas - ok
19:00:22.0722 0x0d6c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:00:22.0740 0x0d6c aspnet_state - ok
19:00:22.0797 0x0d6c [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:00:22.0851 0x0d6c AsyncMac - ok
19:00:22.0890 0x0d6c [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
19:00:22.0904 0x0d6c atapi - ok
19:00:22.0956 0x0d6c [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:00:23.0059 0x0d6c AudioEndpointBuilder - ok
19:00:23.0089 0x0d6c [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:00:23.0113 0x0d6c Audiosrv - ok
19:00:23.0142 0x0d6c [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:00:23.0157 0x0d6c avgntflt - ok
19:00:23.0187 0x0d6c [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:00:23.0202 0x0d6c avipbb - ok
19:00:23.0217 0x0d6c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:00:23.0230 0x0d6c avkmgr - ok
19:00:23.0264 0x0d6c [ 263CF9D248FD5E020A1333ED4F7EAA88, 04F944C2B284172A7917389A83C525FA9A3ACB026F370EB886B48759FE81A5E1 ] avmeject C:\Windows\system32\drivers\avmeject.sys
19:00:23.0310 0x0d6c avmeject - detected UnsignedFile.Multi.Generic ( 1 )
19:00:27.0279 0x0d6c Detect skipped due to KSN trusted
19:00:27.0280 0x0d6c avmeject - ok
19:00:27.0366 0x0d6c [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
19:00:27.0422 0x0d6c Beep - ok
19:00:27.0500 0x0d6c [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
19:00:27.0596 0x0d6c BFE - ok
19:00:27.0672 0x0d6c [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
19:00:27.0784 0x0d6c BITS - ok
19:00:27.0883 0x0d6c [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
19:00:27.0965 0x0d6c Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
19:00:28.0140 0x0d6c Detect skipped due to KSN trusted
19:00:28.0141 0x0d6c Blackberry Device Manager - ok
19:00:28.0145 0x0d6c blbdrive - ok
19:00:28.0263 0x0d6c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:00:28.0286 0x0d6c Bonjour Service - ok
19:00:28.0330 0x0d6c [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:00:28.0395 0x0d6c bowser - ok
19:00:28.0434 0x0d6c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:00:28.0474 0x0d6c BrFiltLo - ok
19:00:28.0497 0x0d6c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:00:28.0534 0x0d6c BrFiltUp - ok
19:00:28.0573 0x0d6c [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
19:00:28.0626 0x0d6c Browser - ok
19:00:28.0658 0x0d6c [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:00:28.0718 0x0d6c Brserid - ok
19:00:28.0740 0x0d6c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:00:28.0801 0x0d6c BrSerWdm - ok
19:00:28.0830 0x0d6c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:00:28.0873 0x0d6c BrUsbMdm - ok
19:00:28.0888 0x0d6c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:00:28.0933 0x0d6c BrUsbSer - ok
19:00:28.0981 0x0d6c [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:00:29.0043 0x0d6c BthEnum - ok
19:00:29.0075 0x0d6c [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:00:29.0146 0x0d6c BTHMODEM - ok
19:00:29.0194 0x0d6c [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:00:29.0238 0x0d6c BthPan - ok
19:00:29.0324 0x0d6c [ 611FF3F2F095C8D4A6D4CFD9DCC09793, 2F27A1287ABCDB9C316EB720D1855100666240959CF969D5B2679C9ABCBD6050 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:00:29.0388 0x0d6c BTHPORT - ok
19:00:29.0446 0x0d6c [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ C:\Windows\System32\bthserv.dll
19:00:29.0524 0x0d6c BthServ - ok
19:00:29.0565 0x0d6c [ D330803EAB2A15CAEC7F011F1D4CB30E, 240FFF317C90AD8966DA9666F2748F98CEC3CB99C486F399D1C68FE0E393EE68 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:00:29.0599 0x0d6c BTHUSB - ok
19:00:29.0643 0x0d6c [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:00:29.0711 0x0d6c cdfs - ok
19:00:29.0758 0x0d6c [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:00:29.0810 0x0d6c cdrom - ok
19:00:29.0869 0x0d6c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
19:00:29.0926 0x0d6c CertPropSvc - ok
19:00:29.0967 0x0d6c [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
19:00:30.0036 0x0d6c circlass - ok
19:00:30.0069 0x0d6c [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
19:00:30.0092 0x0d6c CLFS - ok
19:00:30.0150 0x0d6c [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:00:30.0180 0x0d6c clr_optimization_v2.0.50727_32 - ok
19:00:30.0227 0x0d6c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:00:30.0243 0x0d6c clr_optimization_v4.0.30319_32 - ok
19:00:30.0290 0x0d6c [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:00:30.0336 0x0d6c CmBatt - ok
19:00:30.0383 0x0d6c [ 59172A0724F2AB769F31D61B0571D75B, 9ABB3C702F888A4502365889C5D6C62E5FE20373214FA683DD20F2A0DFD7E661 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:00:30.0399 0x0d6c cmdide - ok
19:00:30.0430 0x0d6c [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:00:30.0446 0x0d6c Compbatt - ok
19:00:30.0446 0x0d6c COMSysApp - ok
19:00:30.0461 0x0d6c [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:00:30.0477 0x0d6c crcdisk - ok
19:00:30.0492 0x0d6c [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:00:30.0570 0x0d6c Crusoe - ok
19:00:30.0648 0x0d6c [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:00:30.0711 0x0d6c CryptSvc - ok
19:00:30.0773 0x0d6c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:00:30.0851 0x0d6c DcomLaunch - ok
19:00:30.0898 0x0d6c [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:00:30.0960 0x0d6c DfsC - ok
19:00:31.0070 0x0d6c [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
19:00:31.0366 0x0d6c DFSR - ok
19:00:31.0460 0x0d6c [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:00:31.0522 0x0d6c Dhcp - ok
19:00:31.0553 0x0d6c [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
19:00:31.0569 0x0d6c disk - ok
19:00:31.0616 0x0d6c [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
19:00:31.0631 0x0d6c DKbFltr - ok
19:00:31.0678 0x0d6c [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:00:31.0756 0x0d6c Dnscache - ok
19:00:31.0787 0x0d6c [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
19:00:31.0834 0x0d6c dot3svc - ok
19:00:31.0881 0x0d6c [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
19:00:31.0943 0x0d6c DPS - ok
19:00:31.0990 0x0d6c [ 5C918D413F5837E67A85775C9873775E, ED23F5BC7F3CB9D7D268B1E1C16B53F7C3EE0E09E752EB9E16F5CEDDC3B455BD ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
19:00:32.0006 0x0d6c DritekPortIO - ok
19:00:32.0052 0x0d6c [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:00:32.0099 0x0d6c drmkaud - ok
19:00:32.0146 0x0d6c [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:00:32.0224 0x0d6c DXGKrnl - ok
19:00:32.0302 0x0d6c [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:00:32.0364 0x0d6c E1G60 - ok
19:00:32.0396 0x0d6c [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
19:00:32.0458 0x0d6c EapHost - ok
19:00:32.0520 0x0d6c [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
19:00:32.0536 0x0d6c Ecache - ok
19:00:32.0583 0x0d6c [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:00:32.0630 0x0d6c ehRecvr - ok
19:00:32.0661 0x0d6c [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
19:00:32.0723 0x0d6c ehSched - ok
19:00:32.0723 0x0d6c [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
19:00:32.0754 0x0d6c ehstart - ok
19:00:32.0786 0x0d6c [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:00:32.0801 0x0d6c ElbyCDIO - ok
19:00:32.0848 0x0d6c [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:00:32.0864 0x0d6c elxstor - ok
19:00:32.0926 0x0d6c [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:00:33.0035 0x0d6c EMDMgmt - ok
19:00:33.0082 0x0d6c [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
19:00:33.0160 0x0d6c EventSystem - ok
19:00:33.0207 0x0d6c [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
19:00:33.0300 0x0d6c exfat - ok
19:00:33.0347 0x0d6c [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:00:33.0378 0x0d6c fastfat - ok
19:00:33.0410 0x0d6c [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:00:33.0488 0x0d6c fdc - ok
19:00:33.0534 0x0d6c [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
19:00:33.0597 0x0d6c fdPHost - ok
19:00:33.0628 0x0d6c [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
19:00:33.0690 0x0d6c FDResPub - ok
19:00:33.0722 0x0d6c [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:00:33.0737 0x0d6c FileInfo - ok
19:00:33.0753 0x0d6c [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:00:33.0815 0x0d6c Filetrace - ok
19:00:33.0831 0x0d6c [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:00:33.0893 0x0d6c flpydisk - ok
19:00:33.0924 0x0d6c [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:00:33.0940 0x0d6c FltMgr - ok
19:00:34.0018 0x0d6c [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
19:00:34.0127 0x0d6c FontCache - ok
19:00:34.0236 0x0d6c [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:00:34.0252 0x0d6c FontCache3.0.0.0 - ok
19:00:34.0283 0x0d6c [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:00:34.0346 0x0d6c Fs_Rec - ok
19:00:34.0377 0x0d6c [ FF12FA487265DA2AC7DE4BE53F72FF1A, 9B9F29CC36D0C7681676F708270038D38CEA21AD82F4937DBDAE45F0D667786E ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
19:00:34.0455 0x0d6c FWLANUSB - ok
19:00:34.0502 0x0d6c [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:00:34.0517 0x0d6c gagp30kx - ok
19:00:34.0564 0x0d6c [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
19:00:34.0673 0x0d6c gpsvc - ok
19:00:34.0751 0x0d6c [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:00:34.0798 0x0d6c HdAudAddService - ok
19:00:34.0845 0x0d6c [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:00:34.0907 0x0d6c HDAudBus - ok
19:00:34.0954 0x0d6c [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:00:35.0001 0x0d6c HidBth - ok
19:00:35.0016 0x0d6c [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
19:00:35.0079 0x0d6c HidIr - ok
19:00:35.0126 0x0d6c [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
19:00:35.0172 0x0d6c hidserv - ok
19:00:35.0204 0x0d6c [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:00:35.0266 0x0d6c HidUsb - ok
19:00:35.0297 0x0d6c [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
19:00:35.0360 0x0d6c hkmsvc - ok
19:00:35.0391 0x0d6c [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:00:35.0406 0x0d6c HpCISSs - ok
19:00:35.0453 0x0d6c [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:00:35.0594 0x0d6c HTTP - ok
19:00:35.0625 0x0d6c [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:00:35.0625 0x0d6c i2omp - ok
19:00:35.0687 0x0d6c [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:00:35.0718 0x0d6c i8042prt - ok
19:00:35.0750 0x0d6c [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:00:35.0765 0x0d6c iaStorV - ok
19:00:35.0843 0x0d6c [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:00:35.0921 0x0d6c idsvc - ok
19:00:35.0952 0x0d6c [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:00:35.0968 0x0d6c iirsp - ok
19:00:36.0015 0x0d6c [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
19:00:36.0124 0x0d6c IKEEXT - ok
19:00:36.0264 0x0d6c [ DE7D0A44DE9EAF68165748A8D6AF1C86, 999DE56EA7AD0E528AAE060BC0682FE350DEC6944C50164DEAB573B3E0722797 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:00:36.0374 0x0d6c IntcAzAudAddService - ok
19:00:36.0405 0x0d6c [ E5EA1C17DA5065032E346591FF64F3AF, AAB9E1D63540DBBC5C063C028B828D77DE1D636A0D37DDD15E2CC90EED7FF827 ] intelide C:\Windows\system32\drivers\intelide.sys
19:00:36.0420 0x0d6c intelide - ok
19:00:36.0452 0x0d6c [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:00:36.0483 0x0d6c intelppm - ok
19:00:36.0530 0x0d6c [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:00:36.0576 0x0d6c IPBusEnum - ok
19:00:36.0608 0x0d6c [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:00:36.0654 0x0d6c IpFilterDriver - ok
19:00:36.0701 0x0d6c [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:00:36.0732 0x0d6c iphlpsvc - ok
19:00:36.0732 0x0d6c IpInIp - ok
19:00:36.0764 0x0d6c [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:00:36.0810 0x0d6c IPMIDRV - ok
19:00:36.0826 0x0d6c [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:00:36.0873 0x0d6c IPNAT - ok
19:00:36.0888 0x0d6c [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:00:36.0951 0x0d6c IRENUM - ok
19:00:36.0982 0x0d6c [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:00:36.0982 0x0d6c isapnp - ok
19:00:37.0029 0x0d6c [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:00:37.0044 0x0d6c iScsiPrt - ok
19:00:37.0060 0x0d6c [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:00:37.0060 0x0d6c iteatapi - ok
19:00:37.0076 0x0d6c [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:00:37.0091 0x0d6c iteraid - ok
19:00:37.0122 0x0d6c [ C1632FE31D1824A43DEA29725312E3FA, 434477DE1416D940B60F31D6FEEA511C0EF0DA4B4A1F8F9673A07C312D1360F6 ] JRAID C:\Windows\system32\drivers\jraid.sys
19:00:37.0185 0x0d6c JRAID - ok
19:00:37.0216 0x0d6c [ EAC21E8014C7E6EE341AFFFB7E2BBD54, 9D40AE48A73D1F818EF98F7BF23AC15696D1905E14712F26450B3DA3B03A43F3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
19:00:37.0247 0x0d6c k57nd60x - ok
19:00:37.0278 0x0d6c [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:00:37.0294 0x0d6c kbdclass - ok
19:00:37.0310 0x0d6c [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:00:37.0356 0x0d6c kbdhid - ok
19:00:37.0388 0x0d6c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
19:00:37.0419 0x0d6c KeyIso - ok
19:00:37.0466 0x0d6c [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:00:37.0512 0x0d6c KSecDD - ok
19:00:37.0575 0x0d6c [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:00:37.0668 0x0d6c KtmRm - ok
19:00:37.0715 0x0d6c [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
19:00:37.0778 0x0d6c LanmanServer - ok
19:00:37.0824 0x0d6c [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:00:37.0887 0x0d6c LanmanWorkstation - ok
19:00:37.0949 0x0d6c [ E2F1DCF4A68CC6CF694FBFBA1842F4CD, E0BB3DBBBDDC7613003389FDD94F295F5D7BE10F9B1F3E62CA59A764E26E6C3B ] libusb0 C:\Windows\system32\drivers\libusb0.sys
19:00:37.0949 0x0d6c libusb0 - detected UnsignedFile.Multi.Generic ( 1 )
19:00:38.0121 0x0d6c Detect skipped due to KSN trusted
19:00:38.0121 0x0d6c libusb0 - ok
19:00:38.0183 0x0d6c [ 8B4B572753419FE601220526205F9455, F83D5E790017D1E7E9F48C0EDC04F051AE96C043C23A51A5F7ECDE8318598065 ] libusbd C:\Windows\system32\libusbd-nt.exe
19:00:38.0199 0x0d6c libusbd - detected UnsignedFile.Multi.Generic ( 1 )
19:00:38.0370 0x0d6c Detect skipped due to KSN trusted
19:00:38.0370 0x0d6c libusbd - ok
19:00:38.0417 0x0d6c [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:00:38.0464 0x0d6c lltdio - ok
19:00:38.0526 0x0d6c [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:00:38.0589 0x0d6c lltdsvc - ok
19:00:38.0620 0x0d6c [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:00:38.0698 0x0d6c lmhosts - ok
19:00:38.0745 0x0d6c [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:00:38.0776 0x0d6c LSI_FC - ok
19:00:38.0792 0x0d6c [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:00:38.0807 0x0d6c LSI_SAS - ok
19:00:38.0823 0x0d6c [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:00:38.0838 0x0d6c LSI_SCSI - ok
19:00:38.0885 0x0d6c [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
19:00:38.0948 0x0d6c luafv - ok
19:00:39.0010 0x0d6c [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:00:39.0026 0x0d6c Mcx2Svc - ok
19:00:39.0041 0x0d6c [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
19:00:39.0057 0x0d6c megasas - ok
19:00:39.0088 0x0d6c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
19:00:39.0119 0x0d6c MMCSS - ok
19:00:39.0135 0x0d6c [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
19:00:39.0166 0x0d6c Modem - ok
19:00:39.0228 0x0d6c [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:00:39.0275 0x0d6c monitor - ok
19:00:39.0306 0x0d6c MotioninJoyXFilter - ok
19:00:39.0338 0x0d6c [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:00:39.0369 0x0d6c mouclass - ok
19:00:39.0384 0x0d6c [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:00:39.0416 0x0d6c mouhid - ok
19:00:39.0447 0x0d6c [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:00:39.0462 0x0d6c MountMgr - ok
19:00:39.0540 0x0d6c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:00:39.0556 0x0d6c MozillaMaintenance - ok
19:00:39.0587 0x0d6c [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
19:00:39.0603 0x0d6c mpio - ok
19:00:39.0618 0x0d6c [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:00:39.0665 0x0d6c mpsdrv - ok
19:00:39.0712 0x0d6c [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:00:39.0821 0x0d6c MpsSvc - ok
19:00:39.0852 0x0d6c [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:00:39.0868 0x0d6c Mraid35x - ok
19:00:39.0899 0x0d6c [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:00:39.0977 0x0d6c MRxDAV - ok
19:00:39.0993 0x0d6c [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:00:40.0071 0x0d6c mrxsmb - ok
19:00:40.0118 0x0d6c [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:00:40.0149 0x0d6c mrxsmb10 - ok
19:00:40.0180 0x0d6c [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:00:40.0196 0x0d6c mrxsmb20 - ok
19:00:40.0227 0x0d6c [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
19:00:40.0242 0x0d6c msahci - ok
19:00:40.0274 0x0d6c [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:00:40.0289 0x0d6c msdsm - ok
19:00:40.0336 0x0d6c [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
19:00:40.0367 0x0d6c MSDTC - ok
19:00:40.0383 0x0d6c [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:00:40.0430 0x0d6c Msfs - ok
19:00:40.0476 0x0d6c [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:00:40.0492 0x0d6c msisadrv - ok
19:00:40.0523 0x0d6c [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:00:40.0586 0x0d6c MSiSCSI - ok
19:00:40.0586 0x0d6c msiserver - ok
19:00:40.0601 0x0d6c [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:00:40.0632 0x0d6c MSKSSRV - ok
19:00:40.0679 0x0d6c [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:00:40.0726 0x0d6c MSPCLOCK - ok
19:00:40.0726 0x0d6c [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:00:40.0773 0x0d6c MSPQM - ok
19:00:40.0820 0x0d6c [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:00:40.0835 0x0d6c MsRPC - ok
19:00:40.0851 0x0d6c [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:00:40.0866 0x0d6c mssmbios - ok
19:00:40.0866 0x0d6c [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:00:40.0913 0x0d6c MSTEE - ok
19:00:40.0944 0x0d6c [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
19:00:40.0960 0x0d6c Mup - ok
19:00:41.0007 0x0d6c [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
19:00:41.0069 0x0d6c napagent - ok
19:00:41.0116 0x0d6c [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:00:41.0194 0x0d6c NativeWifiP - ok
19:00:41.0241 0x0d6c [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:00:41.0272 0x0d6c NDIS - ok
19:00:41.0303 0x0d6c [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:00:41.0350 0x0d6c NdisTapi - ok
19:00:41.0381 0x0d6c [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:00:41.0397 0x0d6c Ndisuio - ok
19:00:41.0412 0x0d6c [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:00:41.0490 0x0d6c NdisWan - ok
19:00:41.0490 0x0d6c [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:00:41.0522 0x0d6c NDProxy - ok
19:00:41.0553 0x0d6c [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:00:41.0584 0x0d6c NetBIOS - ok
19:00:41.0631 0x0d6c [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:00:41.0693 0x0d6c netbt - ok
19:00:41.0740 0x0d6c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
19:00:41.0756 0x0d6c Netlogon - ok
19:00:41.0787 0x0d6c [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
19:00:41.0849 0x0d6c Netman - ok
19:00:41.0880 0x0d6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:00:41.0896 0x0d6c NetMsmqActivator - ok
19:00:41.0912 0x0d6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:00:41.0927 0x0d6c NetPipeActivator - ok
19:00:41.0943 0x0d6c [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
19:00:42.0005 0x0d6c netprofm - ok
19:00:42.0021 0x0d6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:00:42.0036 0x0d6c NetTcpActivator - ok
19:00:42.0036 0x0d6c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:00:42.0068 0x0d6c NetTcpPortSharing - ok
19:00:42.0099 0x0d6c [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:00:42.0114 0x0d6c nfrd960 - ok
19:00:42.0146 0x0d6c [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:00:42.0224 0x0d6c NlaSvc - ok
19:00:42.0255 0x0d6c [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF C:\Windows\system32\drivers\npf.sys
19:00:42.0255 0x0d6c NPF - ok
19:00:42.0286 0x0d6c [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:00:42.0333 0x0d6c Npfs - ok
19:00:42.0333 0x0d6c npggsvc - ok
19:00:42.0364 0x0d6c [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
19:00:42.0411 0x0d6c nsi - ok
19:00:42.0442 0x0d6c [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:00:42.0489 0x0d6c nsiproxy - ok
19:00:42.0582 0x0d6c [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:00:42.0676 0x0d6c Ntfs - ok
19:00:42.0738 0x0d6c [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:00:42.0801 0x0d6c ntrigdigi - ok
19:00:42.0832 0x0d6c [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
19:00:42.0879 0x0d6c Null - ok
19:00:42.0926 0x0d6c [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:00:42.0941 0x0d6c NVHDA - ok
19:00:43.0378 0x0d6c [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E, 88FA632754A20025F03FE0970C93F572055919F53C8A50E5DB6CF1EF7B00B7FD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:00:43.0908 0x0d6c nvlddmkm - ok
19:00:43.0955 0x0d6c [ 6F785DB62A6D8F3FAFD3E5695277E849, DC04FC2931FEA3BB6246749E0D748EF9FF5938EE93BD342D5B776BF96016F915 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:00:44.0018 0x0d6c nvraid - ok
19:00:44.0033 0x0d6c [ 4A5FCAB82D9BF6AF8A023A66802FE9E9, 1901DC75B1763F49AFD4E3FE67B52FE1BF99EC083F4F878557128EADCAF58C5C ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:00:44.0080 0x0d6c nvstor - ok
19:00:44.0142 0x0d6c [ 31B8835B003CAA6D31BEAD83DDBF98E5, FB7C7BD1E95BEFB9A8FFEB3FB1B6D9BCD923E48498CB23169EDAA025C84CDD33 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:00:44.0189 0x0d6c nvsvc - ok
19:00:44.0236 0x0d6c [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:00:44.0252 0x0d6c nv_agp - ok
19:00:44.0252 0x0d6c NwlnkFlt - ok
19:00:44.0267 0x0d6c NwlnkFwd - ok
19:00:44.0283 0x0d6c [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:00:44.0330 0x0d6c ohci1394 - ok
19:00:44.0392 0x0d6c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:00:44.0408 0x0d6c ose - ok
19:00:44.0470 0x0d6c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:00:44.0626 0x0d6c p2pimsvc - ok
19:00:44.0642 0x0d6c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
19:00:44.0720 0x0d6c p2psvc - ok
19:00:44.0766 0x0d6c [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
19:00:44.0829 0x0d6c Parport - ok
19:00:44.0876 0x0d6c [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:00:44.0891 0x0d6c partmgr - ok
19:00:44.0907 0x0d6c [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:00:44.0985 0x0d6c Parvdm - ok
19:00:45.0032 0x0d6c [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
19:00:45.0094 0x0d6c PcaSvc - ok
19:00:45.0110 0x0d6c [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
19:00:45.0125 0x0d6c pci - ok
19:00:45.0141 0x0d6c [ 304048C2565A803D091CCA1AC945F593, E9C4235CF8EC4339A9BC9D8FBC870FF9AC8BA898DCC5FA69D77B3BAF5A551278 ] pciide C:\Windows\system32\drivers\pciide.sys
19:00:45.0156 0x0d6c pciide - ok
19:00:45.0172 0x0d6c [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:00:45.0188 0x0d6c pcmcia - ok
19:00:45.0250 0x0d6c [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:00:45.0359 0x0d6c PEAUTH - ok
19:00:45.0562 0x0d6c [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
19:00:45.0702 0x0d6c pla - ok
19:00:45.0765 0x0d6c [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:00:45.0796 0x0d6c PlugPlay - ok
19:00:45.0843 0x0d6c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:00:45.0874 0x0d6c PNRPAutoReg - ok
19:00:45.0936 0x0d6c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:00:45.0983 0x0d6c PNRPsvc - ok
19:00:46.0030 0x0d6c [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:00:46.0108 0x0d6c PolicyAgent - ok
19:00:46.0155 0x0d6c [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:00:46.0202 0x0d6c PptpMiniport - ok
19:00:46.0248 0x0d6c [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
19:00:46.0326 0x0d6c Processor - ok
19:00:46.0358 0x0d6c [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc C:\Windows\system32\profsvc.dll
19:00:46.0389 0x0d6c ProfSvc - ok
19:00:46.0404 0x0d6c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
19:00:46.0420 0x0d6c ProtectedStorage - ok
19:00:46.0467 0x0d6c [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:00:46.0498 0x0d6c PSched - ok
19:00:46.0545 0x0d6c PsSdk30 - ok
19:00:46.0592 0x0d6c [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:00:46.0670 0x0d6c ql2300 - ok
19:00:46.0732 0x0d6c [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:00:46.0748 0x0d6c ql40xx - ok
19:00:46.0779 0x0d6c [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
19:00:46.0810 0x0d6c QWAVE - ok
19:00:46.0841 0x0d6c [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:00:46.0888 0x0d6c QWAVEdrv - ok
19:00:46.0919 0x0d6c [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:00:46.0966 0x0d6c RasAcd - ok
19:00:46.0997 0x0d6c [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
19:00:47.0075 0x0d6c RasAuto - ok
19:00:47.0122 0x0d6c [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:00:47.0169 0x0d6c Rasl2tp - ok
19:00:47.0231 0x0d6c [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
19:00:47.0278 0x0d6c RasMan - ok
19:00:47.0309 0x0d6c [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:00:47.0325 0x0d6c RasPppoe - ok
19:00:47.0340 0x0d6c [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:00:47.0387 0x0d6c RasSstp - ok
19:00:47.0434 0x0d6c [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:00:47.0465 0x0d6c rdbss - ok
19:00:47.0496 0x0d6c [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:00:47.0559 0x0d6c RDPCDD - ok
19:00:47.0606 0x0d6c [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:00:47.0668 0x0d6c rdpdr - ok
19:00:47.0699 0x0d6c [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:00:47.0746 0x0d6c RDPENCDD - ok
19:00:47.0777 0x0d6c [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:00:47.0840 0x0d6c RDPWD - ok
19:00:47.0886 0x0d6c [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
19:00:47.0918 0x0d6c RemoteAccess - ok
19:00:47.0964 0x0d6c [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:00:47.0996 0x0d6c RemoteRegistry - ok
19:00:48.0042 0x0d6c [ 6482707F9F4DA0ECBAB43B2E0398A101, 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:00:48.0074 0x0d6c RFCOMM - ok
19:00:48.0120 0x0d6c [ BBCE96557881586683611C561FB06269, BB0DA582B2135EC589037D61597DB79F264F579D464DCE5B7D65A3D36CADEB86 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
19:00:48.0183 0x0d6c RimUsb - ok
19:00:48.0230 0x0d6c [ C4F4FCD5AE48BDD31648981DDF8EF993, B2C8586D5F09AB2FBCE8BBACC9B1C74D6E1A25A8264A4218E80354C4470C750F ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
19:00:48.0276 0x0d6c RimVSerPort - ok
19:00:48.0308 0x0d6c [ 75E8A6BFA7374ABA833AE92BF41AE4E6, 5A4CF4CDEFFCC4892D01FF4A5918D91193AA44AA29469B52E83824E6BCC877A5 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
19:00:48.0339 0x0d6c ROOTMODEM - ok
19:00:48.0370 0x0d6c [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
19:00:48.0386 0x0d6c rpcapd - ok
19:00:48.0401 0x0d6c [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
19:00:48.0448 0x0d6c RpcLocator - ok
19:00:48.0495 0x0d6c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
19:00:48.0526 0x0d6c RpcSs - ok
19:00:48.0573 0x0d6c [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:00:48.0635 0x0d6c rspndr - ok
19:00:48.0666 0x0d6c RTL8192cu - ok
19:00:48.0713 0x0d6c [ D97D8259293B7A82CB891F37F997DF3F, 8C52C259368233A40F4C8F1CC2D9EC6478CFA670CD1393A7DB176C9123A93AD6 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
19:00:48.0776 0x0d6c RTSTOR - ok
19:00:48.0791 0x0d6c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
19:00:48.0807 0x0d6c SamSs - ok
19:00:48.0854 0x0d6c [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:00:48.0869 0x0d6c sbp2port - ok
19:00:48.0916 0x0d6c [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:00:48.0963 0x0d6c SCardSvr - ok
19:00:49.0025 0x0d6c [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
19:00:49.0134 0x0d6c Schedule - ok
19:00:49.0150 0x0d6c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
19:00:49.0166 0x0d6c SCPolicySvc - ok
19:00:49.0197 0x0d6c [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:00:49.0228 0x0d6c SDRSVC - ok
19:00:49.0431 0x0d6c [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:00:49.0649 0x0d6c SDScannerService - ok
19:00:49.0727 0x0d6c [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:00:49.0805 0x0d6c SDUpdateService - ok
19:00:49.0868 0x0d6c [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:00:49.0883 0x0d6c SDWSCService - ok
19:00:49.0977 0x0d6c [ 91BC8C886ED6DE9AC8598E7F464A2A9B, 67D84F9BFAFE3EA74819DAE82AFE5B9699DBE74C5B22EDCEC7FA56389DDC329B ] Secdrv C:\Windows\system32\drivers\SECDRV.SYS
19:00:50.0008 0x0d6c Secdrv - detected UnsignedFile.Multi.Generic ( 1 )
19:00:50.0164 0x0d6c Detect skipped due to KSN trusted
19:00:50.0164 0x0d6c Secdrv - ok
19:00:50.0211 0x0d6c [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
19:00:50.0258 0x0d6c seclogon - ok
19:00:50.0289 0x0d6c [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
19:00:50.0351 0x0d6c SENS - ok
19:00:50.0398 0x0d6c [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:00:50.0460 0x0d6c Serenum - ok
19:00:50.0492 0x0d6c [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
19:00:50.0538 0x0d6c Serial - ok
19:00:50.0585 0x0d6c [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:00:50.0616 0x0d6c sermouse - ok
19:00:50.0663 0x0d6c [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
19:00:50.0710 0x0d6c SessionEnv - ok
19:00:50.0726 0x0d6c [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:00:50.0835 0x0d6c sffdisk - ok
19:00:50.0850 0x0d6c [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:00:50.0928 0x0d6c sffp_mmc - ok
19:00:50.0944 0x0d6c [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:00:51.0022 0x0d6c sffp_sd - ok
19:00:51.0038 0x0d6c [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:00:51.0116 0x0d6c sfloppy - ok
19:00:51.0162 0x0d6c [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:00:51.0209 0x0d6c SharedAccess - ok
19:00:51.0272 0x0d6c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:00:51.0350 0x0d6c ShellHWDetection - ok
19:00:51.0381 0x0d6c [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:00:51.0381 0x0d6c sisagp - ok
19:00:51.0396 0x0d6c [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:00:51.0412 0x0d6c SiSRaid2 - ok
19:00:51.0428 0x0d6c [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:00:51.0443 0x0d6c SiSRaid4 - ok
19:00:51.0599 0x0d6c [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
19:00:51.0849 0x0d6c slsvc - ok
19:00:51.0896 0x0d6c [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:00:51.0958 0x0d6c SLUINotify - ok
19:00:51.0989 0x0d6c [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:00:52.0005 0x0d6c Smb - ok
19:00:52.0052 0x0d6c [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:00:52.0067 0x0d6c SNMPTRAP - ok
19:00:52.0098 0x0d6c [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
19:00:52.0114 0x0d6c spldr - ok
19:00:52.0161 0x0d6c [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
19:00:52.0192 0x0d6c Spooler - ok
19:00:52.0239 0x0d6c [ CBEAEA2729985BFB260641AB424E0166, 2FCED2951D5A1ACF93150BB0CA2293CCBE4227EBAAEA8438A78B5AFC6591F375 ] sptd C:\Windows\System32\Drivers\sptd.sys
19:00:52.0254 0x0d6c sptd - ok
19:00:52.0301 0x0d6c [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
19:00:52.0348 0x0d6c srv - ok
19:00:52.0379 0x0d6c [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:00:52.0442 0x0d6c srv2 - ok
19:00:52.0473 0x0d6c [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:00:52.0504 0x0d6c srvnet - ok
19:00:52.0551 0x0d6c [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:00:52.0598 0x0d6c SSDPSRV - ok
19:00:52.0613 0x0d6c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:00:52.0629 0x0d6c ssmdrv - ok
19:00:52.0644 0x0d6c [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:00:52.0691 0x0d6c SstpSvc - ok
19:00:52.0754 0x0d6c [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
19:00:52.0832 0x0d6c stisvc - ok
19:00:52.0847 0x0d6c [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:00:52.0863 0x0d6c swenum - ok
19:00:52.0910 0x0d6c [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
19:00:52.0956 0x0d6c swprv - ok
19:00:53.0003 0x0d6c [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:00:53.0003 0x0d6c Symc8xx - ok
19:00:53.0019 0x0d6c [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:00:53.0034 0x0d6c Sym_hi - ok
19:00:53.0034 0x0d6c [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:00:53.0050 0x0d6c Sym_u3 - ok
19:00:53.0081 0x0d6c [ 5C3E900F41426A372DE60675AFC8AA07, 78DECA291FDE8C8F7E86F7AFAFD8F8EEB9B1A50480D41129E9CE278FCEA258C5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:00:53.0097 0x0d6c SynTP - ok
19:00:53.0144 0x0d6c [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
19:00:53.0190 0x0d6c SysMain - ok
19:00:53.0237 0x0d6c [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:00:53.0268 0x0d6c TabletInputService - ok
19:00:53.0331 0x0d6c [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:00:53.0409 0x0d6c TapiSrv - ok
19:00:53.0440 0x0d6c [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
19:00:53.0487 0x0d6c TBS - ok
19:00:53.0565 0x0d6c [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:00:53.0658 0x0d6c Tcpip - ok
19:00:53.0736 0x0d6c [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:00:53.0830 0x0d6c Tcpip6 - ok
19:00:53.0892 0x0d6c [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:00:53.0955 0x0d6c tcpipreg - ok
19:00:54.0002 0x0d6c [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:00:54.0033 0x0d6c TDPIPE - ok
19:00:54.0064 0x0d6c [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:00:54.0111 0x0d6c TDTCP - ok
19:00:54.0158 0x0d6c [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:00:54.0204 0x0d6c tdx - ok
19:00:54.0251 0x0d6c [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:00:54.0267 0x0d6c TermDD - ok
19:00:54.0314 0x0d6c [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService C:\Windows\System32\termsrv.dll
19:00:54.0438 0x0d6c TermService - ok
19:00:54.0470 0x0d6c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
19:00:54.0501 0x0d6c Themes - ok
19:00:54.0516 0x0d6c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
19:00:54.0548 0x0d6c THREADORDER - ok
19:00:54.0579 0x0d6c [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
19:00:54.0626 0x0d6c TrkWks - ok
19:00:54.0657 0x0d6c TrueSight - ok
19:00:54.0719 0x0d6c [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:00:54.0735 0x0d6c TrustedInstaller - ok
19:00:54.0766 0x0d6c [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:00:54.0797 0x0d6c tssecsrv - ok
19:00:54.0828 0x0d6c [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:00:54.0844 0x0d6c tunmp - ok
19:00:54.0860 0x0d6c [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:00:54.0891 0x0d6c tunnel - ok
19:00:54.0938 0x0d6c [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:00:54.0953 0x0d6c uagp35 - ok
19:00:54.0969 0x0d6c [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:00:55.0000 0x0d6c udfs - ok
19:00:55.0047 0x0d6c [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:00:55.0109 0x0d6c UI0Detect - ok
19:00:55.0140 0x0d6c [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:00:55.0156 0x0d6c uliagpkx - ok
19:00:55.0187 0x0d6c [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:00:55.0203 0x0d6c uliahci - ok
19:00:55.0218 0x0d6c [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:00:55.0250 0x0d6c UlSata - ok
19:00:55.0265 0x0d6c [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:00:55.0281 0x0d6c ulsata2 - ok
19:00:55.0312 0x0d6c [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:00:55.0359 0x0d6c umbus - ok
19:00:55.0406 0x0d6c [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
19:00:55.0468 0x0d6c upnphost - ok
19:00:55.0499 0x0d6c USBAAPL - ok
19:00:55.0546 0x0d6c [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:00:55.0624 0x0d6c usbccgp - ok
19:00:55.0640 0x0d6c [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:00:55.0702 0x0d6c usbcir - ok
19:00:55.0749 0x0d6c [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:00:55.0764 0x0d6c usbehci - ok
19:00:55.0780 0x0d6c [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:00:55.0827 0x0d6c usbhub - ok
19:00:55.0842 0x0d6c [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:00:55.0889 0x0d6c usbohci - ok
19:00:55.0905 0x0d6c [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:00:55.0952 0x0d6c usbprint - ok
19:00:55.0998 0x0d6c [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:00:56.0045 0x0d6c USBSTOR - ok
19:00:56.0061 0x0d6c [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:00:56.0092 0x0d6c usbuhci - ok
19:00:56.0139 0x0d6c [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
19:00:56.0186 0x0d6c UxSms - ok
19:00:56.0248 0x0d6c [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:00:56.0295 0x0d6c VClone - ok
19:00:56.0342 0x0d6c [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
19:00:56.0388 0x0d6c vds - ok
19:00:56.0420 0x0d6c [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:00:56.0466 0x0d6c vga - ok
19:00:56.0498 0x0d6c [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:00:56.0529 0x0d6c VgaSave - ok
19:00:56.0560 0x0d6c [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:00:56.0576 0x0d6c viaagp - ok
19:00:56.0591 0x0d6c [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:00:56.0669 0x0d6c ViaC7 - ok
19:00:56.0716 0x0d6c [ 7AA7EC9A08DC2C39649C413B1A26E298, EE7A097D6EED2CC078DAFF3AFA8B84BA6566D359C974680014742A2B578AAB3E ] viaide C:\Windows\system32\drivers\viaide.sys
19:00:56.0732 0x0d6c viaide - ok
19:00:56.0747 0x0d6c [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:00:56.0763 0x0d6c volmgr - ok
19:00:56.0810 0x0d6c [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:00:56.0825 0x0d6c volmgrx - ok
19:00:56.0888 0x0d6c [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:00:56.0903 0x0d6c volsnap - ok
19:00:56.0919 0x0d6c [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:00:56.0934 0x0d6c vsmraid - ok
19:00:56.0997 0x0d6c [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
19:00:57.0153 0x0d6c VSS - ok
19:00:57.0215 0x0d6c [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
19:00:57.0262 0x0d6c W32Time - ok
19:00:57.0278 0x0d6c [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:00:57.0324 0x0d6c WacomPen - ok
19:00:57.0371 0x0d6c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:00:57.0387 0x0d6c Wanarp - ok
19:00:57.0402 0x0d6c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:00:57.0418 0x0d6c Wanarpv6 - ok
19:00:57.0449 0x0d6c [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:00:57.0527 0x0d6c wcncsvc - ok
19:00:57.0574 0x0d6c [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:00:57.0621 0x0d6c WcsPlugInService - ok
19:00:57.0668 0x0d6c [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
19:00:57.0683 0x0d6c Wd - ok
19:00:57.0746 0x0d6c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:00:57.0792 0x0d6c Wdf01000 - ok
19:00:57.0855 0x0d6c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:00:57.0886 0x0d6c WdiServiceHost - ok
19:00:57.0902 0x0d6c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:00:57.0933 0x0d6c WdiSystemHost - ok
19:00:58.0073 0x0d6c [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
19:00:58.0136 0x0d6c WebClient - ok
19:00:58.0198 0x0d6c [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:00:58.0260 0x0d6c Wecsvc - ok
19:00:58.0307 0x0d6c [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:00:58.0323 0x0d6c wercplsupport - ok
19:00:58.0385 0x0d6c [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
19:00:58.0416 0x0d6c WerSvc - ok
19:00:58.0806 0x0d6c [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:00:58.0838 0x0d6c WinDefend - ok
19:00:58.0853 0x0d6c WinHttpAutoProxySvc - ok
19:00:58.0947 0x0d6c [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:00:58.0978 0x0d6c Winmgmt - ok
19:00:59.0212 0x0d6c [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
19:00:59.0477 0x0d6c WinRM - ok
19:00:59.0555 0x0d6c [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:00:59.0696 0x0d6c Wlansvc - ok
19:00:59.0727 0x0d6c [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:00:59.0758 0x0d6c WmiAcpi - ok
19:00:59.0789 0x0d6c [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:00:59.0852 0x0d6c wmiApSrv - ok
19:00:59.0992 0x0d6c [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:01:00.0195 0x0d6c WMPNetworkSvc - ok
19:01:00.0257 0x0d6c [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:01:00.0366 0x0d6c WPCSvc - ok
19:01:00.0772 0x0d6c [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:01:00.0850 0x0d6c WPDBusEnum - ok
19:01:00.0897 0x0d6c [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:01:00.0912 0x0d6c WpdUsb - ok
19:01:01.0006 0x0d6c [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:01:01.0037 0x0d6c WPFFontCache_v0400 - ok
19:01:01.0100 0x0d6c [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:01:01.0131 0x0d6c ws2ifsl - ok
19:01:01.0224 0x0d6c [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
19:01:01.0240 0x0d6c wscsvc - ok
19:01:01.0256 0x0d6c WSearch - ok
19:01:01.0365 0x0d6c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
19:01:01.0521 0x0d6c wuauserv - ok
19:01:01.0568 0x0d6c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:01:01.0646 0x0d6c WudfPf - ok
19:01:01.0677 0x0d6c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:01.0708 0x0d6c WUDFRd - ok
19:01:01.0708 0x0d6c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:01:01.0739 0x0d6c wudfsvc - ok
19:01:01.0755 0x0d6c xusb21 - ok
19:01:01.0786 0x0d6c [ 86187FB5D81781501558F8742DEE4197, 0C79892AC4337844F45A4D69D388662954A08D0392F7567F088DB6B8FB210F92 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:01:01.0848 0x0d6c ZTEusbmdm6k - ok
19:01:01.0880 0x0d6c [ B7836CA4A95E12135E7E49FEC9C29F2A, B8D5514508E2D4027ED27DFFACDBB742799733DE74978E7C092885D15BE77889 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
19:01:01.0942 0x0d6c ZTEusbnet - ok
19:01:01.0973 0x0d6c [ 86187FB5D81781501558F8742DEE4197, 0C79892AC4337844F45A4D69D388662954A08D0392F7567F088DB6B8FB210F92 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:01:01.0989 0x0d6c ZTEusbnmea - ok
19:01:02.0020 0x0d6c [ 86187FB5D81781501558F8742DEE4197, 0C79892AC4337844F45A4D69D388662954A08D0392F7567F088DB6B8FB210F92 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:01:02.0036 0x0d6c ZTEusbser6k - ok
19:01:02.0098 0x0d6c [ 86187FB5D81781501558F8742DEE4197, 0C79892AC4337844F45A4D69D388662954A08D0392F7567F088DB6B8FB210F92 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
19:01:02.0114 0x0d6c ZTEusbvoice - ok
19:01:02.0129 0x0d6c ================ Scan global ===============================
19:01:02.0160 0x0d6c [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
19:01:02.0207 0x0d6c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
19:01:02.0254 0x0d6c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
19:01:02.0270 0x0d6c [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
19:01:02.0285 0x0d6c [ Global ] - ok
19:01:02.0285 0x0d6c ================ Scan MBR ==================================
19:01:02.0316 0x0d6c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:01:02.0769 0x0d6c \Device\Harddisk0\DR0 - ok
19:01:02.0769 0x0d6c ================ Scan VBR ==================================
19:01:02.0769 0x0d6c [ 3EBA3CC6F2E1C5FF774EE69D1FED289E ] \Device\Harddisk0\DR0\Partition1
19:01:02.0816 0x0d6c \Device\Harddisk0\DR0\Partition1 - ok
19:01:02.0816 0x0d6c ================ Scan generic autorun ======================
19:01:02.0878 0x0d6c [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
19:01:02.0972 0x0d6c Windows Defender - ok
19:01:03.0065 0x0d6c [ D394ADF0EEE713FAFD13A8442BA6643B, 3A2A62790BDC8FDEC71BA55BD39BF5FDFBD4FE8104E3917D4625DC313DD80B2D ] C:\PROGRA~1\LAUNCH~1\LManager.exe
19:01:03.0159 0x0d6c LManager - ok
19:01:03.0377 0x0d6c [ DC0B509829D9B1F0CD6C6EF9E689887C, DD747E83DCE80617A6212D5EA3A7C73BE6016C51EA2446B21FE7EEC4F1B5D3C2 ] C:\Program Files\Apoint2K\Apoint.exe
19:01:03.0393 0x0d6c Apoint - detected UnsignedFile.Multi.Generic ( 1 )
19:01:03.0549 0x0d6c Detect skipped due to KSN trusted
19:01:03.0549 0x0d6c Apoint - ok
19:01:03.0627 0x0d6c [ 1ABF80D4F4941ECEE600AEC768173523, 744AA2CC30BE14CC8E992347B3AE4AC0C5555A80DC520B492165C3C0EE48B57C ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
19:01:03.0767 0x0d6c SynTPEnh - ok
19:01:04.0110 0x0d6c [ BEC03D0FD49473F4A829C85E2F450BA9, 5CAD736F9947287D1C3349ED161B0336CBE80981F5BBA83B2C621CCD3A0C5113 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
19:01:04.0422 0x0d6c RtHDVCpl - ok
19:01:04.0672 0x0d6c [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
19:01:04.0906 0x0d6c SDTray - ok
19:01:04.0953 0x0d6c [ 2A21FE60A9BC5247BD8C57409A2B97F8, 6C9851684FB90AB6038A326F4B362C1948DF2173063CA198DCEAEA6BFAC636E0 ] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
19:01:04.0968 0x0d6c VirtualCloneDrive - ok
19:01:05.0031 0x0d6c [ BED38B0ADFF5F5CC6E988A6491017E83, B2C0EFDEC9320D7EB5882F244E5ACF11A61C1A0AFED83D080C8BB8F7F1AC7E79 ] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
19:01:05.0046 0x0d6c RIMBBLaunchAgent.exe - ok
19:01:05.0124 0x0d6c [ 45EE43C40B250B46BE5DA38A047C3FFD, 334272F7D46E67C98EEAAD51AE068E3F9800C5E8229775A316DCD17CF9476903 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
19:01:05.0156 0x0d6c avgnt - ok
19:01:05.0234 0x0d6c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:01:05.0358 0x0d6c Sidebar - ok
19:01:05.0358 0x0d6c WindowsWelcomeCenter - ok
19:01:05.0436 0x0d6c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:01:05.0514 0x0d6c Sidebar - ok
19:01:05.0530 0x0d6c WindowsWelcomeCenter - ok
19:01:05.0592 0x0d6c [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
19:01:05.0608 0x0d6c ehTray.exe - ok
19:01:05.0764 0x0d6c [ 771293BC7EACB6FB7A78F8B7A954F019, DF06F0D0C8E38F17AD155CAB009A5A2969E7638B88AFBC2A75450EB1239ECAB4 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
19:01:05.0998 0x0d6c Spybot-S&D Cleaning - ok
19:01:06.0014 0x0d6c Waiting for KSN requests completion. In queue: 50
19:01:07.0168 0x0d6c AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.538 ), 0x41000 ( enabled : updated )
19:01:07.0230 0x0d6c Win FW state via NFP2: enabled
19:01:07.0418 0x0d6c ============================================================
19:01:07.0418 0x0d6c Scan finished
19:01:07.0418 0x0d6c ============================================================
19:01:07.0418 0x1704 Detected object count: 0
19:01:07.0418 0x1704 Actual detected object count: 0
|
|
25.02.2015, 07:07
| #6 |
| /// the machine /// TB-Ausbilder | Verdacht auf DDOS Angriff und weiteres hi, Scan mit Combofix
__________________ --> Verdacht auf DDOS Angriff und weiteres |
|
25.02.2015, 13:23
| #7 |
| | Verdacht auf DDOS Angriff und weiteres Hi, habe gestern paar Einstellungen unternommen und mir mal die Systemmeldungen des Routers angekuckt und dabei folgende Meldungen entdeckt die genau in dem Zeitraum aufgeszeichnet wurden als die von mir vermuteten Angriffe stattfanden: 25.02.2015 04:53:06 DoS(Denial of Service) Angriff ICMP TimeStamp request wurde entdeckt. (FW101) 25.02.2015 05:51:48 DoS(Denial of Service) Angriff UDP Loop wurde entdeckt. (FW101) 25.02.2015 04:53:06 DoS(Denial of Service) Angriff ICMP TimeStamp request wurde entdeckt. (FW101) 25.02.2015 06:26:03 DoS(Denial of Service) Angriff UDP Loop wurde entdeckt. (FW101) 25.02.2015 07:55:26 DoS(Denial of Service) Angriff UDP Loop wurde entdeckt. (FW101) 25.02.2015 08:29:24 DoS(Denial of Service) Angriff UDP Loop wurde entdeckt. (FW101) Das dann die ganze Internetverbindung bei mir nicht mehr ging müsste eben mit dem Angriff von 06:26:03 zusammenhängen, denn das war so ziemlich der Zeitpunkt als die Windows Fehlermeldung kam und die Internetverbindung bis zum Router Neustart nicht mehr ging. Was denkst du? Hier noch das Log von Combofix: Code:
ATTFilter ComboFix 15-02-16.01 - User 25.02.2015 9:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.978 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system\msvbvm60.dll
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-25 bis 2015-02-25 ))))))))))))))))))))))))))))))
.
.
2015-02-25 08:48 . 2015-02-25 08:49 -------- d-----w- c:\users\User\AppData\Local\temp
2015-02-25 08:48 . 2015-02-25 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-25 01:08 . 2015-02-25 01:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A8D96F-78E1-4591-A185-AD31174C07F6}\offreg.dll
2015-02-24 20:31 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A8D96F-78E1-4591-A185-AD31174C07F6}\mpengine.dll
2015-02-24 17:43 . 2015-02-24 17:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-24 17:43 . 2015-02-24 17:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 17:42 . 2015-02-24 18:02 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-23 14:23 . 2015-02-23 14:23 -------- d-----w- c:\users\User\AppData\Roaming\Avira
2015-02-23 14:16 . 2015-02-04 16:51 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-02-23 14:16 . 2015-02-04 16:51 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-02-23 14:16 . 2015-02-04 16:51 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-23 14:16 . 2015-02-23 14:16 -------- d-----w- c:\programdata\Avira
2015-02-23 14:16 . 2015-02-23 14:16 -------- d-----w- c:\program files\Avira
2015-02-22 02:51 . 2015-02-22 02:51 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2015-02-22 01:48 . 2015-02-22 01:48 -------- d-----w- c:\users\User\AppData\Local\Microsoft Games
2015-02-16 08:37 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-16 04:29 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-16 04:29 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-16 04:29 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-16 04:28 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-16 04:28 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 14:54 . 2015-02-11 14:54 -------- d-----w- c:\program files\SD Formatter
2015-02-11 08:45 . 2015-01-14 01:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-02-11 08:45 . 2015-01-14 01:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2015-02-11 08:45 . 2015-01-14 01:41 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2015-02-11 08:45 . 2015-01-14 01:41 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2015-02-11 08:45 . 2015-01-14 01:41 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-02-11 08:45 . 2015-01-14 01:49 367104 ----a-w- c:\windows\system32\html.iec
2015-02-11 08:45 . 2015-01-14 01:41 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2015-02-07 14:50 . 2015-02-22 02:54 -------- d-----w- c:\users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-07 14:50 . 2015-02-07 14:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2015-02-07 14:49 . 2015-02-07 18:52 -------- d-----w- c:\programdata\DAEMON Tools Lite
2015-01-30 09:58 . 2015-01-30 09:58 -------- d-----w- c:\program files\Common Files\Java
2015-01-30 09:57 . 2015-01-30 09:57 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 14:51 . 2014-01-12 22:32 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-12-22 23:50 . 2014-01-12 17:52 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 00:25 . 2015-01-19 07:06 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14 . 2015-01-19 07:00 153600 ----a-w- c:\windows\system32\profsvc.dll
2014-12-06 03:14 . 2015-01-19 07:01 48640 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 03:14 . 2015-01-19 07:01 174080 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:14 . 2015-01-19 07:01 93184 ----a-w- c:\windows\system32\ncsi.dll
2014-12-04 23:55 . 2014-12-04 23:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-12-04 19:11 . 2014-12-04 19:11 20128 ----a-w- c:\windows\system32\drivers\SECDRV.SYS
2014-12-03 02:06 . 2014-12-11 19:07 278528 ----a-w- c:\windows\system32\schannel.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-23 204800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-24 6789664]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-02-04 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 16:26 283136 ----a-w- c:\program files\avmwlanstick\FRITZWLANMini.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-11-15 00:48 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-18 18:06 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 64117599
*NewlyCreated* - SSMDRV
*Deregistered* - 64117599
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14 18:25]
.
2015-02-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-12 09:57]
.
2015-02-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-12 09:49]
.
2015-02-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-12 09:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-02-25 09:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-396725855-3759477238-4004217979-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SecuROM\License information*]
"datasecu"=hex:9e,c2,09,64,b2,ec,54,48,77,5e,8e,17,fd,f6,51,48,8c,67,f5,65,fc,
22,d8,e4,2b,1e,73,de,ba,b9,23,aa,36,31,97,30,0d,a8,0b,25,25,22,53,1e,63,60,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_USERS\S-1-5-21-396725855-3759477238-4004217979-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,c2,09,64,b2,ec,54,48,77,5e,8e,17,fd,f6,51,48,8c,67,f5,65,fc,
22,d8,e4,2b,1e,73,de,ba,b9,23,aa,36,31,97,30,0d,a8,0b,25,25,22,53,1e,63,60,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2015-02-25 09:53:55
ComboFix-quarantined-files.txt 2015-02-25 08:53
.
Vor Suchlauf: 5 Verzeichnis(se), 208.382.132.224 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 208.087.347.200 Bytes frei
.
- - End Of File - - 9B0A351C10245B9327E35849C3CED6E4
5C616939100B85E558DA92B899A0FC36
|
|
26.02.2015, 07:48
| #8 |
| /// the machine /// TB-Ausbilder | Verdacht auf DDOS Angriff und weiteres Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.02.2015, 11:00
| #9 |
| | Verdacht auf DDOS Angriff und weiteresCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.02.2015 Suchlauf-Zeit: 09:44:04 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.27.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 318647 Verstrichene Zeit: 13 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-396725855-3759477238-4004217979-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Gut: (1), Schlecht: (0),Löschen bei Neustart,[cea1b370b9d1c3731c9e17b7986d25db] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 27/02/2015 um 10:27:05
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : User - USER-PC
# Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Mozilla Firefox v26.0 (de)
*************************
AdwCleaner[R2].txt - [2782 Bytes] - [25/02/2015 20:41:40]
AdwCleaner[R3].txt - [913 Bytes] - [27/02/2015 10:16:26]
AdwCleaner[S1].txt - [2861 Bytes] - [25/02/2015 20:44:01]
AdwCleaner[S2].txt - [836 Bytes] - [27/02/2015 10:27:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [894 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by User on 27.02.2015 at 10:30:57.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\dwphwo5s.default\minidumps [178 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.02.2015 at 10:34:32.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by User (administrator) on USER-PC on 27-02-2015 10:39:07
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & postgres)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\CoreTemp32\Core Temp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [862728 2009-02-12] (Dritek System Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6789664 2009-02-24] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2014-10-26]
FF Extension: MEGA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\firefox@mega.co.nz.xpi [2015-01-16]
FF Extension: Wiktionary and Google Translate - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\googledictionary@toptip.ca.xpi [2014-03-01]
FF Extension: Stylish - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dwphwo5s.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-09-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-02-04] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 Secdrv; C:\Windows\system32\drivers\SECDRV.SYS [20128 2014-12-04] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-02-07] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-02-04] (Avira GmbH)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated)
U3 a9inrhuf; C:\Windows\system32\Drivers\a9inrhuf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\User\AppData\Local\Temp\ALSysIO.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MotioninJoyXFilter; system32\DRIVERS\MijXfilt.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PsSdk30; \??\C:\Windows\system32\Drivers\PsSdk30.drv [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 xusb21; system32\DRIVERS\xusb21.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 10:39 - 2015-02-27 10:39 - 00012864 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-27 10:38 - 2015-02-27 10:39 - 00000000 ____D () C:\FRST
2015-02-27 10:34 - 2015-02-27 10:34 - 00000769 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-27 10:29 - 2015-02-27 10:30 - 00000967 _____ () C:\Users\User\Desktop\AdwCleaner[S2].txt
2015-02-27 10:11 - 2015-02-27 10:12 - 00001441 _____ () C:\Users\User\Desktop\mbam.txt
2015-02-27 09:42 - 2015-02-27 09:42 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-27 09:39 - 2015-02-27 09:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-27 09:38 - 2015-02-27 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-27 09:38 - 2015-02-27 09:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-27 09:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-27 07:20 - 2015-02-27 07:20 - 00086528 _____ () C:\Windows\bnetunin.exe
2015-02-27 07:20 - 2015-02-27 07:20 - 00061440 _____ () C:\Windows\diabunin.exe
2015-02-27 07:20 - 2015-02-27 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2015-02-25 20:41 - 2015-02-27 10:27 - 00000000 ____D () C:\AdwCleaner
2015-02-25 09:37 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-25 09:37 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-25 09:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-25 09:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-25 09:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-25 09:37 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-25 09:37 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-25 09:37 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-25 09:32 - 2015-02-25 09:54 - 00000000 ____D () C:\Qoobox
2015-02-25 09:31 - 2015-02-25 09:52 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 18:43 - 2015-02-27 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 18:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-24 10:38 - 2015-02-24 10:38 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-23 15:23 - 2015-02-23 15:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2015-02-23 15:17 - 2015-02-23 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-23 15:16 - 2015-02-23 15:16 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:16 - 2015-02-23 15:16 - 00000000 ____D () C:\Program Files\Avira
2015-02-23 15:16 - 2015-02-04 17:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-23 15:16 - 2015-02-04 17:51 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-02-22 23:45 - 2015-02-22 23:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-22 23:45 - 2015-02-22 23:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2015-02-22 23:41 - 2015-02-23 00:05 - 00002388 _____ () C:\Windows\setupact.log
2015-02-22 23:41 - 2015-02-22 23:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-22 03:57 - 2015-02-27 10:28 - 00005270 _____ () C:\Windows\PFRO.log
2015-02-22 03:51 - 2015-02-22 03:51 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2015-02-22 02:48 - 2015-02-22 02:48 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Games
2015-02-22 02:01 - 2015-02-22 02:01 - 00000000 ____D () C:\Windows\pss
2015-02-16 09:37 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 09:37 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 05:29 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 05:29 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-16 05:29 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-16 05:28 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-16 05:28 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 15:56 - 2015-02-23 20:07 - 00103841 ____H () C:\formatter.log
2015-02-11 15:54 - 2015-02-11 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-02-11 15:54 - 2015-02-11 15:54 - 00000000 ____D () C:\Program Files\SD Formatter
2015-02-11 09:45 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:45 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:45 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:45 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:45 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:44 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:44 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:44 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:44 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:44 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:44 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:44 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:44 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:44 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:44 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-07 15:51 - 2015-02-07 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-07 15:50 - 2015-02-22 03:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-07 15:50 - 2015-02-07 15:50 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-02-07 15:49 - 2015-02-07 19:52 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-30 10:58 - 2015-01-30 10:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-30 10:58 - 2015-01-30 10:57 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-30 10:57 - 2015-01-30 10:57 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-30 10:57 - 2015-01-30 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 10:33 - 2014-01-29 12:04 - 01852506 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 10:28 - 2014-01-12 23:52 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-27 10:28 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 10:28 - 2006-11-02 13:47 - 00005168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 10:28 - 2006-11-02 13:47 - 00005168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 10:27 - 2014-06-06 11:20 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-27 10:27 - 2006-11-02 14:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-27 09:39 - 2014-01-12 18:40 - 00000000 ____D () C:\Users\User\Desktop\Programme
2015-02-27 09:38 - 2014-01-12 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2015-02-27 09:38 - 2014-01-12 18:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-27 07:20 - 2014-03-25 03:04 - 00000000 ____D () C:\Games
2015-02-27 07:20 - 2006-11-02 11:33 - 01618898 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 21:29 - 2014-11-26 23:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-25 20:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-25 09:54 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-02-25 09:54 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-25 09:48 - 2006-11-02 11:23 - 00000249 _____ () C:\Windows\system.ini
2015-02-25 09:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-02-25 00:47 - 2014-01-12 23:52 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-24 15:07 - 2014-08-17 17:47 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-23 14:52 - 2014-10-07 11:37 - 00000000 ____D () C:\Users\User\Desktop\Games
2015-02-23 09:14 - 2014-01-12 23:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-23 00:23 - 2015-01-24 06:48 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-23 00:05 - 2006-11-02 12:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-22 23:45 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\User
2015-02-22 03:54 - 2014-01-13 00:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2015-02-16 07:40 - 2006-11-02 13:47 - 00241328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 05:35 - 2014-01-12 21:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 05:30 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-15 23:24 - 2014-03-14 21:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\XnView
2015-02-15 12:02 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA
2015-02-13 18:01 - 2014-01-12 18:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-11 20:07 - 2014-03-20 21:50 - 00000000 __SHD () C:\Users\Public\DRM
2015-02-09 10:34 - 2014-03-03 23:29 - 00000000 ____D () C:\Users\User\AppData\Local\PokerStars.EU
2015-02-08 01:43 - 2014-03-23 04:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-02-07 19:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\security
2015-02-07 15:51 - 2014-01-12 23:32 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-02-03 18:42 - 2015-01-20 14:44 - 00000000 ____D () C:\Users\User\Desktop\WE6FE Data Tools v0.4
2015-02-01 15:30 - 2014-03-10 18:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 04:59 - 2014-01-12 23:52 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-01-30 10:46 - 2014-06-30 02:55 - 00000000 ____D () C:\Program Files\Java
2015-01-28 12:59 - 2014-12-21 11:28 - 00000000 ____D () C:\Program Files\DkZ Studio
==================== Files in the root of some directories =======
2014-12-09 15:08 - 2014-12-09 16:01 - 0000077 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.Exception.log
2014-12-09 15:06 - 2014-12-09 15:06 - 0001147 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-12-09 15:08 - 2014-12-09 16:01 - 0000077 _____ () C:\Users\User\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-01-12 16:33 - 2014-11-10 01:59 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2014-01-12 19:15 - 2014-11-28 15:21 - 0009728 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\avgnt.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RtkBtMnt.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-27 10:35
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by User at 2015-02-27 10:40:34
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.60 beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2002.201 - Alps Electric)
Atheros for Acer Driver v7.6.1.162_Foxconn Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.6.1.162 - Atheros)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Packard Bell)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.1 - )
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5798 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.6.9 - Shark007)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows Driver Package - Broadcom (b57nd60x) Net (10/22/2008 11.7.2.0) (HKLM\...\FF3A88DD2E566739726091732D60F71D3858B330) (Version: 10/22/2008 11.7.2.0 - Broadcom)
Windows Driver Package - Broadcom (k57nd60x) Net (09/11/2008 11.22.0.0) (HKLM\...\6348C5D3D3ED4206969655766781ED83709A222E) (Version: 09/11/2008 11.22.0.0 - Broadcom)
Windows Driver Package - Synaptics (SynTP) Mouse (02/05/2009 12.2.2.0) (HKLM\...\0C73D452841894B3BA3653D29807B223418D12B6) (Version: 02/05/2009 12.2.2.0 - Synaptics)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wise Registry Cleaner 7.65 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
XnView 1.99.6 (HKLM\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
XviD MPEG-4 Codec (HKLM\...\XviD) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2933BF94-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373984C9-B845-449B-91E7-45AC83036ADE}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{550DDA30-0541-11D2-9CA9-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{7E3FCEA1-31B4-11D2-AE1F-0080C7337EA1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFB40FFD-B609-40A3-9828-F88BBE11E4E3}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32 -> C:\Windows\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{D2423620-51A0-11D2-9CAF-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F19-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F27-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F31-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F33-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F34-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F36-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F37-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F39-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F3F-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F40-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F5078F41-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F14-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-396725855-3759477238-4004217979-1000_Classes\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
==================== Restore Points =========================
24-02-2015 21:31:19 Windows Update
25-02-2015 14:25:05 Windows Update
26-02-2015 04:49:09 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2015-02-25 09:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04742B55-0FD3-426A-8C55-7DBFF3EFFCFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {38AC19F5-2EAB-4727-A11E-93AA27B8FEDB} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {463DB54E-0213-4740-978B-1D5ADA3AC378} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4FA5EA3F-70B1-4A99-B9F7-DAE133C609B1} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {51DBC18B-8B82-4C7E-BFC3-AD8DAA62F452} - System32\Tasks\{D39A1BCA-B0B7-49D3-A686-BF850F52BB1C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {64E514A5-6294-4A04-9A3A-1DC1B8943F70} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {77264E53-DB92-4DCA-A361-612F497B8700} - System32\Tasks\{4B4EC8F5-42C3-4230-86C5-63C6A1605080} => pcalua.exe -a "C:\Phantasy Star Online Blue Burst\Uninstal.exe"
Task: {83EC1185-F15E-4F97-A0EB-40F1379F4D05} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {896C3E59-6300-4AEF-B988-995834DAFF6C} - \SUPERAntiSpyware Scheduled Task 072c9011-baef-46a2-b5a4-e273d53245a0 No Task File <==== ATTENTION
Task: {94568830-4FF3-4E8E-A24E-F2C5D5621439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {9545927A-102B-4889-A010-4C2BF8744FA8} - System32\Tasks\{A3397B20-20AB-49AD-B447-580E9A30CEE6} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsProgressBar
Task: {AD99F48A-61D4-4617-8AD6-AF2A79E62285} - System32\Tasks\Core Temp Autostart User => C:\Program Files\CoreTemp32\Core Temp.exe [2013-10-08] ()
Task: {F1046518-573B-48DE-9AAA-815C76CE2ABD} - \SUPERAntiSpyware Scheduled Task 1c7efccf-410e-4917-99ec-606c036f729d No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-12 23:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-12 23:51 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-12 23:51 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-12 23:51 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-12 23:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-12 17:09 - 2003-06-07 13:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2014-12-06 04:05 - 2013-10-08 13:22 - 00794272 _____ () C:\Program Files\CoreTemp32\Core Temp.exe
2014-01-12 18:58 - 2014-01-14 23:49 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-26 19:25 - 2014-11-26 19:25 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:233BFF24
AlternateDataStreams: C:\Users\Public\DRM:احتضان
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-396725855-3759477238-4004217979-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img27.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-396725855-3759477238-4004217979-500 - Administrator - Disabled)
Gast (S-1-5-21-396725855-3759477238-4004217979-501 - Limited - Enabled)
postgres (S-1-5-21-396725855-3759477238-4004217979-1003 - Limited - Enabled) => C:\Users\postgres
User (S-1-5-21-396725855-3759477238-4004217979-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\9
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\8
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\7
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\7
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\6
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\6
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\5
Error: (02/27/2015 10:41:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\DWPHWO5S.DEFAULT\CACHE\5
CodeIntegrity Errors:
===================================
Date: 2015-02-27 10:40:28.188
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:27.528
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:26.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:26.267
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:25.256
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:24.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:23.892
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 10:40:23.366
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 09:52:23.322
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-27 09:52:23.088
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 3069.04 MB
Available physical RAM: 1666.23 MB
Total Pagefile: 6378.34 MB
Available Pagefile: 4723.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:246.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 0FA837BC)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
27.02.2015, 18:18
| #10 |
| /// the machine /// TB-Ausbilder | Verdacht auf DDOS Angriff und weiteresESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdacht auf DDOS Angriff und weiteres |
| administrator, bho, bonjour, defender, desktop, downloader, explorer, firefox, frage, hijack, hijackthis, internet, internet explorer, launch, mozilla, nvidia, object, realtek, rundll, security, software, stick, system, trojaner, usb, vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
