| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SPAM wird von meiner Mail aus an meine Kontakte versendetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.03.2015, 10:26
| #1 |
 |  SPAM wird von meiner Mail aus an meine Kontakte versendet Ich habe seit gut 1 Monat folgendes Problem. Ich erhalte täglich einige E-mails mit verdächtigen Links, die immer von mir bekannten Kontakten (bzw. von Kontakten aus meinem Adressbuch) an mich und teilweise auch an einige andere E-Mail-Adressen versendet werden. Die anderen Adressaten stammen (zumindest teilweise oder vielleicht auch ausschließlich) aus meinen Kontaktadressen. Absender und Empfänger kennen sich definitiv nicht, sondern können einzig und allein durch mein Adressbuch zueinander finden. Aufgefallen ist mir außerdem, dass bei dem Empfängern oft nicht die vollständige Adresse aufscheint, sondern nur die Abkürzung bzw. der Name wie in meinem Adressbuch. Das E-Mail muss daher definitiv über mein Account gesendet werden. Das E-Mail hat immer dasselbe Layout (Link, Absender-Adresse nochmals eingefügt und Zeitangabe; Betreffangabe allerdings ist immer etwas anders). Die Empfänger sind jedesmal andere (ich bin natürlich immer dabei). Der Absender ist immer ein anderer von meiner Kontaktliste. Hier ein Beispiel von heute (E-Mail-Adressen wurden von mir hier sicherheitshalber etwas abgeändert) -----Original Message----- From: naty [mailto:naty@liberoo.it] Sent: Saturday, March 07, 2015 1:15 PM To: udin; associazionnic; puntoenedine; barbaralera; mato (hier also steht meine Mail-Adresse); petllo; anci; info; gioiodorio Subject: 3/7/2015 12:14:51 AM hxxp://www.deviantsart.com/34ungjo.png -------------- naty@liberoo.it 3/7/2015 12:14:51 AM Noch etwas sehr kurioses. Meine E-Mail ist eine registrierte Domain (sagt man so??), also z.B. mato@mato.de Auf dem selben Rechner (im selben Outlook) erhalte ich auch die Email familie@mato.de Meine Frau benutzt auf Ihrem PC (anderes Gerät, aber im selben Netzwerk) die Mail frau@mato.de Das Problem betrifft alle 3 Mails, also auch die email frau@mato.de, obwohl es sich um einen anderen Rechner handelt (mit selbem Internetzugang). Ich habe F-Secure als Antivirus-Schutz. Dieses findet kein Problem. Hier der Bericht: Scan-Bericht Samstag, 7. März 2015 10:18:51 - 10:23:59 Computername: PC Scan-Methode: Viren- und Spyware-Scan Ziel: System -------------------------------------------------------------------------------- Ergebnis Keine Malware gefunden -------------------------------------------------------------------------------- Statistiken Gescannt: Dateien: 20273 Nicht gescannt: 0 Ergebnis: Viren: 0 Spyware: 0 Verdächtige Elemente: 0 Riskware: 0 Aktionen: Desinfiziert: 0 Umbenannt: 0 Gelöscht: 0 In Quarantäne: 0 Fehlgeschl.: 0 Boot-Sektoren: Gescannt: 0 Infiziert: 0 Verdächtige Elemente: 0 Desinfiziert: 0 -------------------------------------------------------------------------------- Optionen Version der Definitionen: Viren: 2015-03-06_07 Spyware: 2015-03-06_07 Scan-Module: F-Secure Aquarius: 11.00.01, 2015-03-06 F-Secure Hydra: 5.13.68, 2015-03-06 F-Secure Online: 13.90.22, 0-00-00 F-Secure Gemini: 3.02.328, 2015-02-25 Scan-Optionen: Definierte Dateien scannen: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 TMP VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Archive scannen Aktionen: Viren: Nach Scannen fragen Spyware: Nach Scannen fragen Kann mir vielleicht jemand von Euch weiterhelfen oder raten, was ich testen könnte, um das Problem loszuwerden? Danke vorab |
|
07.03.2015, 11:25
| #2 |
| /// the machine /// TB-Ausbilder    | SPAM wird von meiner Mail aus an meine Kontakte versendet hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.03.2015, 13:45
| #3 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Danke für die rasche Antwort.
__________________Hier sind die beiden Files FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 07-03-2015 13:32:30
Running from C:\Users\marvin\Desktop
Loaded Profiles: Marvin & UpdatusUser (Available profiles: Marvin & UpdatusUser & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNJAE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [2566144 2014-04-17] (May Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2011-12-13] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [F-Secure Hoster (41035)] => C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [Akidynivi] => C:\Users\Marvin\AppData\Roaming\Koet\ilti.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-19] (Google Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {4a1f5f18-bc2f-11e1-9ce5-4487fc8b29e2} - F:\LaunchU3.exe -a
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {66704687-0f90-11e0-8ed5-806e6f6e6963} - E:\Service.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {cb6399bc-0de8-11e2-b9a4-4487fc8b29e2} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-921190-1051346105-2666659791-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {6E9EFEDA-2EE0-424E-A3A6-942521C180EE} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^IT&gct=&itbv=12.24.1.53&apn_uid=95B0EA29-79FB-48E6-9FE7-497F2D1D8E13&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^IT&apn_dbr=ie_9.0.8112.16476&doi=2015-03-06&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {757E2975-20B1-4AA5-A9AE-E1F46D2267BB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {CE2E3337-FFE8-44D0-814E-D11CA318A172} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q={searchTerms}&src=IE-SearchBox
BHO: Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können. -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
BHO: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können. -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3C90111F-03C3-4522-96FE-DEA700CC0517} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EE0D7DAF-0F59-4245-924C-488EE3339CA1} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.it/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN65823296474436112&UM=&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-921190-1051346105-2666659791-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Marvin\AppData\Local\Hola\firefox\app\vlc ()
FF user.js: detected! => C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\searchplugins\conduit.xml
FF Extension: softonic.com - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\ffxtlbra@softonic.com [2012-06-18]
FF Extension: Hola Better Internet - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-03-03]
FF Extension: DVDVideoSoftTB - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-11-20]
FF Extension: DVDVideoSoft Menu - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-01-01]
FF Extension: DownloadHelper - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Fast Video Download - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013-11-29]
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-08]
FF Extension: DownThemAll! - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{b4208cd3-a949-4cce-a44a-a5e217608fe5}] - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: ROL Secure Total Care - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-28]
FF HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF Extension: preisspion.de - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011-07-20]
Chrome:
=======
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (preisspion.de) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo [2014-07-03]
CHR Extension: (Skype Click to Call) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [2011-07-20]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/ROL Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-09-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-27] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-26] (Freemake) [File not signed]
R2 fshoster; C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [45824 2009-12-15] (Advanced Card Systems Ltd.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-24] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-04-07] ()
R3 fsni; C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 13:32 - 2015-03-07 13:33 - 00029761 _____ () C:\Users\marvin\Desktop\FRST.txt
2015-03-07 13:32 - 2015-03-07 13:32 - 00000000 ____D () C:\FRST
2015-03-07 13:31 - 2015-03-07 13:31 - 02092544 _____ (Farbar) C:\Users\marvin\Desktop\FRST64.exe
2015-03-06 14:31 - 2015-03-06 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 18:39 - 2015-03-05 18:39 - 00000039 _____ () C:\Users\marvin\Desktop\Haendler Italien bioetanolo.txt
2015-03-05 18:34 - 2015-03-05 18:35 - 00000064 _____ () C:\Users\marvin\Desktop\Herstellersuche oefen perfekt.txt
2015-02-27 16:12 - 2015-02-27 16:12 - 00000000 ____D () C:\Users\marvin\Desktop\Stapler Förderung
2015-02-27 15:11 - 2015-02-27 15:11 - 00002835 _____ () C:\Users\marvin\.recently-used.xbel
2015-02-23 08:20 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-13 12:13 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2015-02-12 18:06 - 2015-02-12 18:08 - 00000000 ____D () C:\Users\marvin\AppData\Local\{DA20E2BE-32D5-4E67-A7D5-B93174138958}
2015-02-12 18:06 - 2015-02-12 18:06 - 00000000 ____D () C:\Users\marvin\AppData\Local\{07494C94-F45C-475A-89A5-A4B8B9CFB434}
2015-02-10 20:05 - 2015-02-10 20:05 - 00011563 _____ () C:\Users\marvin\Desktop\Apros_Calcolo Studio 3.xlsx
2015-02-08 16:27 - 2015-02-08 17:56 - 00002438 _____ () C:\Users\marvin\Desktop\SICILIA.docx.lnk
2015-02-06 17:28 - 2015-02-06 17:28 - 06372800 _____ (Tim Kosse) C:\Users\marvin\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-05 12:28 - 2015-02-05 12:28 - 00010144 _____ () C:\Users\marvin\Desktop\Zitturi.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 13:27 - 2010-12-27 21:24 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Skype
2015-03-07 13:24 - 2012-04-05 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 13:10 - 2013-07-08 14:53 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Nitro PDF
2015-03-07 13:10 - 2011-01-01 16:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 13:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-07 12:24 - 2011-02-15 12:24 - 00000254 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-03-07 11:15 - 2010-12-24 20:05 - 01536749 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 10:10 - 2011-01-01 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 09:26 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:26 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:20 - 2013-02-01 13:01 - 00000000 ____D () C:\Users\marvin\AppData\Local\6C900BDC-6491-41F6-BC30-09C0ED8B9CBD.aplzod
2015-03-07 09:16 - 2013-05-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-07 09:16 - 2011-07-21 07:22 - 00148056 _____ () C:\Windows\error.log
2015-03-07 09:16 - 2011-07-21 07:22 - 00035057 _____ () C:\Windows\errord.log
2015-03-07 09:16 - 2011-04-14 22:06 - 00195077 _____ () C:\Windows\setupact.log
2015-03-07 09:16 - 2010-12-24 20:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 09:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 17:35 - 2014-09-11 15:36 - 00010035 _____ () C:\Users\marvin\Desktop\Privat fatturazione aziendale.xlsx
2015-03-06 16:10 - 2011-08-03 16:28 - 00000000 ____D () C:\Users\marvin\Documents\Marvin privat
2015-03-06 12:44 - 2014-02-16 14:42 - 00000000 ____D () C:\Users\marvin\Documents\Prospekte 2014
2015-03-06 08:27 - 2014-05-07 19:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 08:20 - 2015-01-16 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 08:20 - 2015-01-16 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 08:19 - 2010-12-28 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 14:52 - 2011-12-30 17:10 - 00427768 _____ () C:\Users\marvin\Documents\Lagerplanung 2012.xlsx
2015-03-03 18:35 - 2011-08-03 16:50 - 00000000 ____D () C:\Users\marvin\Documents\Werbung und Marketing
2015-03-03 17:38 - 2014-07-28 11:39 - 00031980 _____ () C:\Users\marvin\Documents\Stunden Christian.xlsx
2015-03-03 09:46 - 2011-08-03 16:32 - 00000000 ____D () C:\Users\marvin\Documents\Rechnungen Online
2015-03-03 08:10 - 2011-07-12 08:21 - 00100850 _____ () C:\Windows\PFRO.log
2015-03-02 09:12 - 2011-01-01 16:20 - 00000000 ____D () C:\Users\marvin\AppData\Local\Google
2015-02-27 15:54 - 2014-09-15 17:56 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\FileZilla
2015-02-27 15:11 - 2011-03-19 17:50 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\gtk-2.0
2015-02-27 15:11 - 2011-03-19 17:47 - 00000000 ____D () C:\Users\marvin\.gimp-2.6
2015-02-26 09:26 - 2011-08-03 16:30 - 00000000 ____D () C:\Users\marvin\Documents\Oranier Ersatzteile
2015-02-23 08:19 - 2013-01-06 11:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-21 11:47 - 2011-08-03 16:32 - 00000000 ____D () C:\Users\marvin\Documents\Vertreter
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 08:04 - 2009-07-14 18:58 - 00054252 _____ () C:\Windows\system32\perfh007.dat
2015-02-18 08:04 - 2009-07-14 18:58 - 00016384 _____ () C:\Windows\system32\perfc007.dat
2015-02-18 08:04 - 2009-07-14 06:13 - 00064968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 18:52 - 2011-08-03 16:18 - 00023073 _____ () C:\Users\marvin\Documents\Bartolini vs Executive costo spedizione.xlsx
2015-02-14 13:10 - 2012-04-24 18:26 - 00000000 ____D () C:\Users\marvin\Documents\Ersatzteile Stovax
2015-02-13 12:13 - 2010-12-27 20:41 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk
2015-02-13 12:13 - 2010-12-27 20:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2015-02-13 12:08 - 2015-01-28 21:02 - 00000000 ____D () C:\Users\marvin\Desktop\Txpen
2015-02-13 08:50 - 2011-03-05 11:43 - 00000000 ___RD () C:\Users\marvin\Dropbox
2015-02-13 08:50 - 2011-03-05 11:41 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Dropbox
2015-02-12 18:06 - 2013-07-15 07:20 - 00000000 ____D () C:\Users\marvin\AppData\Local\Windows Live
2015-02-12 18:05 - 2011-01-12 12:52 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\vlc
2015-02-10 14:28 - 2013-12-24 18:43 - 00000000 ____D () C:\Users\marvin\Documents\Transportschaeden
2015-02-06 10:05 - 2011-01-01 16:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 10:05 - 2011-01-01 16:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 11:24 - 2012-04-05 08:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:24 - 2012-04-05 08:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 11:24 - 2011-10-01 09:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2012-12-20 23:08 - 2012-12-20 23:08 - 0000063 _____ () C:\Users\Marvin\AppData\Roaming\history.Word.pwcdat
2014-04-02 18:45 - 2014-04-02 18:45 - 0038424 _____ () C:\Users\Marvin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-02 18:39 - 2014-05-14 16:20 - 0009318 _____ () C:\Users\Marvin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML
2011-12-27 15:27 - 2014-09-17 07:41 - 0005632 _____ () C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-14 13:50 - 2011-04-14 13:50 - 0000017 _____ () C:\Users\Marvin\AppData\Local\resmon.resmoncfg
2011-06-11 14:30 - 2011-06-11 14:30 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{06D79572-812A-473F-8B50-1FED958E5004}
2011-05-05 10:25 - 2011-05-05 10:25 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{074A590B-8CB8-4614-9D22-C89C65A72FFF}
2011-05-02 11:42 - 2011-05-02 11:42 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{0A4D009F-1B2A-4222-89CE-F0AA84372B4C}
2011-06-20 07:35 - 2011-06-20 07:35 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{26463968-2256-4067-8BA3-408CC4559ED0}
2011-06-09 22:16 - 2011-06-09 22:16 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{2CBA0092-36A5-43AC-B7CB-6BEBD3FC9B43}
2011-06-30 10:08 - 2011-06-30 10:08 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{31C48999-68FF-4558-BA2F-A9D067050E8F}
2011-11-05 09:39 - 2011-11-05 09:39 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{3A46C7DB-8ACE-4162-8D1C-F846062A168B}
2011-07-01 17:30 - 2011-07-01 17:30 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{4525EDC8-AE25-4C88-BB9B-653D04AB163F}
2011-07-21 07:04 - 2011-07-21 07:04 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{45283ED6-130F-4CF6-9992-695D28CA99DD}
2011-06-28 11:15 - 2011-06-28 11:15 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{4D5D268F-27FA-47A4-97E2-3804524D0AE5}
2011-06-14 09:08 - 2011-06-14 09:08 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{61FA5BC1-99AE-4438-A5CA-65F687C6B857}
2011-07-08 17:23 - 2011-07-08 17:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{6A3CB07C-208F-436E-911D-A6F7315A24A5}
2011-07-04 16:48 - 2011-07-04 16:48 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{7AE2434F-78DC-4C56-B36E-A444B8E9BB8F}
2011-06-09 11:49 - 2011-06-09 11:49 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{B5CB7573-B9BA-47FC-8950-723F5986EAA3}
2011-05-16 06:41 - 2011-05-16 06:41 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{BFE05D03-A409-4CC8-A150-9A103D22B406}
2011-07-14 11:23 - 2011-07-14 11:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{C5E92C2A-D0A1-4314-AEE3-7AD7A61328C5}
2011-07-20 12:23 - 2011-07-20 12:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{CE54DA7A-713B-4A68-8543-AA9D38EBD6D2}
2011-05-02 11:42 - 2011-05-02 11:42 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{D15E6101-0306-4232-A252-E82F5F29A91B}
2011-07-01 11:00 - 2011-07-01 11:00 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{D1FA38E8-7D60-4641-8F90-BBFE0AA4770B}
2011-07-15 07:13 - 2011-07-15 07:13 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{DD95009A-B3E4-478A-A09E-4B52054C45F0}
2011-06-18 06:11 - 2011-06-18 06:11 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{E29AD001-5E0A-447B-B0AF-2BA9BC2AEC4E}
2012-01-19 09:40 - 2012-01-19 09:40 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{F684614D-82AA-44FA-ABD6-053F74A21973}
2011-07-19 19:17 - 2011-07-19 19:17 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{F8E944AF-FB86-4247-8CF7-9926D0DE10D8}
2013-05-30 13:30 - 2013-05-30 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-27 21:27 - 2010-12-27 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
C:\Users\marvin\AppData\Local\Temp\APNSetup.exe
C:\Users\marvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyelynv.dll
C:\Users\marvin\AppData\Local\Temp\FreeScreenVideoRecorder.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.466.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.575.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.794.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.806.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.903.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.144.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.180.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.344.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.449.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.467.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.520.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.540.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.555.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.654.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.732.exe
C:\Users\marvin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\marvin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\marvin\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\marvin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\marvin\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 08:37
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Marvin at 2015-03-07 13:33:54
Running from C:\Users\marvin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ROL Secure (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: ROL Secure (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version: - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM-x32\...\Adobe Acrobat 8 Standard - Italiano, Español, Nederlands_831) (Version: - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard - Italiano, Español, Nederlands) (Version: 8.3.1 - Adobe Systems)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced PDF Repair v2.0 (HKLM-x32\...\Advanced PDF Repair v2.0) (Version: - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bit4Id - miniLector (HKLM-x32\...\Bit4Id - miniLector) (Version: 3.0 - Bit4id)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 14.99.105.0 (release) (x32 Version: 14.99.105.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX810FW Series (HKLM\...\EPSON PX810FW Series) (Version: - SEIKO EPSON Corporation)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: - )
EasyBits GO (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Game Organizer) (Version: - EasyBits Media)
eDocPrintPro (HKLM\...\{BAC11FF6-53BC-432B-84AD-9141C19F2352}) (Version: 3.20.1 - MAY Computer)
Epson Benutzerhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Useg) (Version: - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.60.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch) (Version: - )
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Free Audio CD Burner version 2.0.21.1031 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.1 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Free Screen Video Recorder version 2.5.39.1122 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1122 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Google Chrome) (Version: 8.0.552.215 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
gs_x64 (HKLM\...\{344BD061-2564-422E-860F-9E5DC49983AE}) (Version: 9.10 - MAY Computer)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intr@Web Stand-Alone 13.0.0.0 (HKLM-x32\...\Intr@Web Stand-Alone 13.0.0.0) (Version: 13.0.0.0 - Sogei S.p.A.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kernel for Outlook PST Repair Evaluation ver 10.10.01 (HKLM-x32\...\Kernel for Outlook PST Repair - Evaluation Version_is1) (Version: - Nucleus Data Recovery .com)
Kernel For PDF Repair Evaluation ver 9.11.01 (HKLM-x32\...\Kernel For PDF Repair Evaluation version_is1) (Version: - Nucleus Data Recovery .com)
Mein Gutscheincode Finder 1.0.0.0 (HKLM-x32\...\{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1) (Version: 1.0.0.0 - Conversion One GmbH)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0407-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nitro Reader 3 (HKLM\...\{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}) (Version: 3.5.5.2 - Nitro)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (x32 Version: 3.4.49.0 - Nokia) Hidden
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Online Safety 2.99.2307.1728 (x32 Version: 2.99.2307.1728 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook)
PDF Fixer (HKLM-x32\...\PDF Fixer) (Version: 1.0 - PCVARE Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Recovery Toolbox for Word 1.1 (HKLM-x32\...\Recovery Toolbox for Word_is1) (Version: - Recovery Toolbox, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
ROL Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 41035) (Version: 1.99.192.0 - F-Secure Corporation)
ROL Secure Launch pad (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1801}) (Version: 12.24.1.53 - APN, LLC)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Softonic toolbar on IE (HKLM-x32\...\Softonic) (Version: - Softonic) <==== ATTENTION
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SolidWorks eDrawings 2013 x64 (HKLM\...\{C218FF91-5C92-4DEC-AA05-322A9D065EE4}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysInfoTools PDF Repair v1.0 (HKLM-x32\...\{B6CA247E-DB92-4F38-B0BC-C5C93E5A3914}_is1) (Version: - SysInfoTools)
Unigine Heaven Benchmark v2.0 (HKLM-x32\...\{5E9709F3-B39F-4133-AE60-3EC634971E75}) (Version: 2.0 - Unigine Corp.)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Watchtower Library 2004 - Deutsche Ausgabe (HKLM-x32\...\{3112AC55-B32E-4FE8-81D9-D55374961D5B}) (Version: - )
Watchtower Library 2007 - Deutsch (HKLM-x32\...\{E1E02530-0475-4A86-9071-5524C64CF4CB}) (Version: 9.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - Deutsch (HKLM-x32\...\{8BE514E8-4486-4730-8B68-FA15EEDC942E}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Word Password DEMO version 15.0 (HKLM-x32\...\{BABBE752-6969-42EC-8EAC-4D07604BCD58}_is1) (Version: 15.0 - LastBit.com)
Word Password Recovery Lastic 1.1 (HKLM-x32\...\Word Password Recovery Lastic_is1) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
02-02-2015 10:38:54 Geplanter Prüfpunkt
09-02-2015 11:28:45 Geplanter Prüfpunkt
17-02-2015 09:54:33 Geplanter Prüfpunkt
24-02-2015 11:37:47 Geplanter Prüfpunkt
04-03-2015 13:37:16 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05697B83-4949-4368-8B24-133394F6C920} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29] (Adobe Systems Incorporated)
Task: {11637952-1AAF-47F0-B99F-35F4358E54D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {342B828C-8CAE-4210-A3E6-AB7C0781DFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43B02A80-5DE4-4895-8C55-E4DD70B7DA4B} - System32\Tasks\{108C941C-308A-467B-A730-09E7C54A5CFB} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {554D857C-0D3C-4DC9-B80C-6E38EE80128F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {55CF7C53-A9BE-4397-ABA2-38DB6F4BA60B} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5944B75D-7124-4BA3-B638-F06EB5520F3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7566BAB7-99B8-4631-B67B-DBD278DD5A14} - System32\Tasks\{F6C27C40-9C4A-476D-A0DB-9E3F6438D981} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {A443A926-D7C2-43A7-A065-7FDA6C489615} - System32\Tasks\{372BBC43-B6A1-4427-BE02-50ECC45EE383} => pcalua.exe -a C:\Users\Marvin\Desktop\Setup.exe -d C:\Users\Marvin\Desktop
Task: {ABBBE6EA-AA4E-457F-BB5C-94EB08A46940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {ADC89731-447A-4ECD-B38B-C3361A31230D} - System32\Tasks\{BE987430-777E-472C-BAB6-099B2F4B0F14} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe [2011-08-30] (Adobe Systems Incorporated)
Task: {AF436C3F-6EC0-479B-8BE7-DD95E4C37B79} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-11-19 20:33 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00340480 _____ () C:\Windows\system32\siecaces.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00229376 _____ () C:\Windows\system32\gmp4_2_1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\marvin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML:OECustomProperty
AlternateDataStreams: C:\Users\marvin\Documents\Architekten:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Attestati:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Bedienungsanleitungen:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Bilder:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\conmoto:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Cribis PDF:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Documenti PaperPort:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\esclusiva Kasak.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Image Converter Plus:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Marvin privat:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Meine Scans:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Oranier Ersatzteile:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Preislisten:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\prestagionale scan jotul 2008.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Progetto Fuoco 2008 allestimenti:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 07-08:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 08-09:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2006:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2009:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2010:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Rechnungen Online:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Samsung PC Studio:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\SolidWorks Visual Studio Tools for Applications:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Stovax:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\stufe in maiolica gas-Dateien:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Unzipped:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Vertreter:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Visual Studio 2005:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Website 2008 temp-Ordner:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Werbung und Marketing:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Willach:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-921190-1051346105-2666659791-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-921190-1051346105-2666659791-501 - Limited - Disabled)
Marvin (S-1-5-21-921190-1051346105-2666659791-1000 - Administrator - Enabled) => C:\Users\Marvin
UpdatusUser (S-1-5-21-921190-1051346105-2666659791-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2015 01:34:01 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-03-07 13:34:01+02:00 MARVIN-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae
Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 363623
Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 363623
Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 362624
Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 362624
Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 361626
Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 361626
Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (03/07/2015 01:17:10 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}
Error: (03/07/2015 09:17:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/06/2015 03:58:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 49.
Error: (03/06/2015 03:58:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 49.
Error: (03/06/2015 10:28:33 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}
Error: (03/06/2015 07:58:47 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/05/2015 08:14:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/04/2015 09:03:00 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}
Error: (03/04/2015 08:18:12 AM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume3\users\Marvin\Desktop\windows6.1-KB976932-X64.exe
Error: (03/04/2015 08:13:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (03/05/2015 00:47:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/04/2015 00:57:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18751 seconds with 9540 seconds of active time. This session ended with a crash.
Error: (01/17/2015 02:55:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15738 seconds with 5820 seconds of active time. This session ended with a crash.
Error: (10/21/2014 07:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45807 seconds with 15780 seconds of active time. This session ended with a crash.
Error: (09/10/2014 11:35:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160 seconds with 120 seconds of active time. This session ended with a crash.
Error: (09/10/2014 07:53:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/25/2014 04:49:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34243 seconds with 7380 seconds of active time. This session ended with a crash.
Error: (08/04/2014 04:00:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30055 seconds with 12360 seconds of active time. This session ended with a crash.
Error: (07/24/2014 10:17:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8083 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (07/14/2014 10:01:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 843 seconds with 600 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-01-19 13:41:28.366
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dxgi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-15 07:45:31.242
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-15 07:45:31.195
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:54:47.524
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:54:47.493
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:53:44.680
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:53:44.633
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-11 08:13:59.170
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-11 08:13:59.139
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-08 08:13:49.076
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 4087.12 MB
Available physical RAM: 2152.25 MB
Total Pagefile: 8172.37 MB
Available Pagefile: 4992.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:230.92 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:375.48 GB) NTFS
Drive e: (ORANIER) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00040336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.03.2015, 18:51
| #4 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 12:38
| #5 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Ich habe ReVo Uninstaller durchgeführt. Bei Malwarebytes Anti-Rootkit hingegen habe ich Probleme. Die Suche läuft bis zu einem gewissen Punkt, aber dann geht nichts mehr weiter. Habe den PC neu gestartet und nochmals versucht. Wieder dasselbe (die Datei, bei der die Anlayse stoppt ist aber nicht dieselbe!). --> siehe screenshot TDSSKiller habe ich noch nicht durchgeführt, weil ich nicht weiss, ob Malwarebytes Anti-Rootkit unbedingt schon vorher durchgeführt sein muss? |
|
09.03.2015, 18:59
| #6 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Lass MBAR weg und mach bitte TDSSKiller 
__________________ --> SPAM wird von meiner Mail aus an meine Kontakte versendet |
|
10.03.2015, 08:27
| #7 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Also TDSSkiller findet nichts Hier das Resultat des Scans Code:
ATTFilter 08:15:10.0517 0x1f98 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:15:14.0805 0x1f98 ============================================================
08:15:14.0805 0x1f98 Current date / time: 2015/03/10 08:15:14.0805
08:15:14.0805 0x1f98 SystemInfo:
08:15:14.0805 0x1f98
08:15:14.0805 0x1f98 OS Version: 6.1.7600 ServicePack: 0.0
08:15:14.0805 0x1f98 Product type: Workstation
08:15:14.0806 0x1f98 ComputerName: -------
08:15:14.0806 0x1f98 UserName: -------
08:15:14.0806 0x1f98 Windows directory: C:\Windows
08:15:14.0806 0x1f98 System windows directory: C:\Windows
08:15:14.0806 0x1f98 Running under WOW64
08:15:14.0806 0x1f98 Processor architecture: Intel x64
08:15:14.0806 0x1f98 Number of processors: 8
08:15:14.0806 0x1f98 Page size: 0x1000
08:15:14.0806 0x1f98 Boot type: Normal boot
08:15:14.0806 0x1f98 ============================================================
08:15:17.0951 0x1f98 KLMD registered as C:\Windows\system32\drivers\07704281.sys
08:15:18.0357 0x1f98 System UUID: {392348E3-8DE0-E91F-F0E0-4EE195CAC4CC}
08:15:19.0338 0x1f98 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:19.0345 0x1f98 ============================================================
08:15:19.0345 0x1f98 \Device\Harddisk0\DR0:
08:15:19.0345 0x1f98 MBR partitions:
08:15:19.0345 0x1f98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:15:19.0345 0x1f98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
08:15:19.0345 0x1f98 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD15000
08:15:19.0345 0x1f98 ============================================================
08:15:19.0379 0x1f98 C: <-> \Device\Harddisk0\DR0\Partition2
08:15:19.0411 0x1f98 D: <-> \Device\Harddisk0\DR0\Partition3
08:15:19.0411 0x1f98 ============================================================
08:15:19.0411 0x1f98 Initialize success
08:15:19.0411 0x1f98 ============================================================
08:16:30.0323 0x1ee8 ============================================================
08:16:30.0323 0x1ee8 Scan started
08:16:30.0323 0x1ee8 Mode: Manual; SigCheck; TDLFS;
08:16:30.0323 0x1ee8 ============================================================
08:16:30.0323 0x1ee8 KSN ping started
08:16:32.0975 0x1ee8 KSN ping finished: true
08:16:35.0454 0x1ee8 ================ Scan system memory ========================
08:16:35.0454 0x1ee8 System memory - ok
08:16:35.0455 0x1ee8 ================ Scan services =============================
08:16:35.0567 0x1ee8 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
08:16:35.0889 0x1ee8 1394ohci - ok
08:16:35.0935 0x1ee8 [ CEDDA5E0599A595911BE1210E16C0D2E, 03306758B522AFFA48C6E89F2A73D0F8424E923E3F5475E96E55E8919DB37A6C ] A38CCID C:\Windows\system32\DRIVERS\a38ccid.sys
08:16:36.0097 0x1ee8 A38CCID - ok
08:16:36.0140 0x1ee8 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
08:16:36.0230 0x1ee8 ACPI - ok
08:16:36.0258 0x1ee8 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
08:16:36.0455 0x1ee8 AcpiPmi - ok
08:16:36.0585 0x1ee8 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:16:36.0768 0x1ee8 AdobeFlashPlayerUpdateSvc - ok
08:16:36.0838 0x1ee8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:16:36.0935 0x1ee8 adp94xx - ok
08:16:36.0975 0x1ee8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:16:37.0059 0x1ee8 adpahci - ok
08:16:37.0086 0x1ee8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:16:37.0113 0x1ee8 adpu320 - ok
08:16:37.0171 0x1ee8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:16:37.0403 0x1ee8 AeLookupSvc - ok
08:16:37.0475 0x1ee8 [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
08:16:37.0659 0x1ee8 AFD - ok
08:16:37.0690 0x1ee8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
08:16:37.0763 0x1ee8 agp440 - ok
08:16:37.0790 0x1ee8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:16:37.0928 0x1ee8 ALG - ok
08:16:37.0963 0x1ee8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
08:16:38.0036 0x1ee8 aliide - ok
08:16:38.0050 0x1ee8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
08:16:38.0125 0x1ee8 amdide - ok
08:16:38.0162 0x1ee8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:16:38.0297 0x1ee8 AmdK8 - ok
08:16:38.0315 0x1ee8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:16:38.0493 0x1ee8 AmdPPM - ok
08:16:38.0532 0x1ee8 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:16:38.0562 0x1ee8 amdsata - ok
08:16:38.0617 0x1ee8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:16:38.0655 0x1ee8 amdsbs - ok
08:16:38.0690 0x1ee8 [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:16:38.0746 0x1ee8 amdxata - ok
08:16:38.0792 0x1ee8 [ 03FBB7C5EA4EF153F10282614B9771CB, 0E1FC4144AA83383F265000E9BB8837603DC821661A2D74A1CF3261496037B8A ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
08:16:39.0013 0x1ee8 AppHostSvc - ok
08:16:39.0069 0x1ee8 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
08:16:39.0263 0x1ee8 AppID - ok
08:16:39.0288 0x1ee8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:16:39.0528 0x1ee8 AppIDSvc - ok
08:16:39.0558 0x1ee8 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
08:16:39.0681 0x1ee8 Appinfo - ok
08:16:39.0807 0x1ee8 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:16:39.0822 0x1ee8 Apple Mobile Device Service - ok
08:16:39.0874 0x1ee8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:16:39.0943 0x1ee8 arc - ok
08:16:39.0954 0x1ee8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:16:39.0968 0x1ee8 arcsas - ok
08:16:40.0019 0x1ee8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:16:40.0104 0x1ee8 AsyncMac - ok
08:16:40.0121 0x1ee8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
08:16:40.0162 0x1ee8 atapi - ok
08:16:40.0212 0x1ee8 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:16:40.0550 0x1ee8 AudioEndpointBuilder - ok
08:16:40.0583 0x1ee8 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:16:40.0946 0x1ee8 AudioSrv - ok
08:16:41.0002 0x1ee8 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:16:41.0383 0x1ee8 AxInstSV - ok
08:16:41.0483 0x1ee8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:16:41.0791 0x1ee8 b06bdrv - ok
08:16:41.0868 0x1ee8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:16:42.0058 0x1ee8 b57nd60a - ok
08:16:42.0121 0x1ee8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:16:42.0296 0x1ee8 BDESVC - ok
08:16:42.0327 0x1ee8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:16:42.0515 0x1ee8 Beep - ok
08:16:42.0566 0x1ee8 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
08:16:42.0839 0x1ee8 BFE - ok
08:16:42.0910 0x1ee8 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
08:16:43.0187 0x1ee8 BITS - ok
08:16:43.0209 0x1ee8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:16:43.0308 0x1ee8 blbdrive - ok
08:16:43.0373 0x1ee8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:16:43.0473 0x1ee8 Bonjour Service - ok
08:16:43.0513 0x1ee8 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:16:43.0606 0x1ee8 bowser - ok
08:16:43.0633 0x1ee8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:16:43.0757 0x1ee8 BrFiltLo - ok
08:16:43.0770 0x1ee8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:16:43.0896 0x1ee8 BrFiltUp - ok
08:16:43.0931 0x1ee8 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
08:16:44.0065 0x1ee8 Browser - ok
08:16:44.0152 0x1ee8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:16:44.0332 0x1ee8 Brserid - ok
08:16:44.0350 0x1ee8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:16:44.0475 0x1ee8 BrSerWdm - ok
08:16:44.0500 0x1ee8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:16:44.0665 0x1ee8 BrUsbMdm - ok
08:16:44.0683 0x1ee8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:16:44.0830 0x1ee8 BrUsbSer - ok
08:16:44.0850 0x1ee8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:16:45.0033 0x1ee8 BTHMODEM - ok
08:16:45.0066 0x1ee8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:16:45.0218 0x1ee8 bthserv - ok
08:16:45.0250 0x1ee8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:16:45.0395 0x1ee8 cdfs - ok
08:16:45.0423 0x1ee8 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:16:45.0568 0x1ee8 cdrom - ok
08:16:45.0595 0x1ee8 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
08:16:45.0742 0x1ee8 CertPropSvc - ok
08:16:45.0760 0x1ee8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:16:46.0027 0x1ee8 circlass - ok
08:16:46.0064 0x1ee8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
08:16:46.0146 0x1ee8 CLFS - ok
08:16:46.0199 0x1ee8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:16:46.0223 0x1ee8 clr_optimization_v2.0.50727_32 - ok
08:16:46.0287 0x1ee8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:16:46.0378 0x1ee8 clr_optimization_v2.0.50727_64 - ok
08:16:46.0450 0x1ee8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:16:46.0493 0x1ee8 clr_optimization_v4.0.30319_32 - ok
08:16:46.0564 0x1ee8 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:16:46.0595 0x1ee8 clr_optimization_v4.0.30319_64 - ok
08:16:46.0650 0x1ee8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:16:46.0770 0x1ee8 CmBatt - ok
08:16:46.0803 0x1ee8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
08:16:46.0894 0x1ee8 cmdide - ok
08:16:46.0951 0x1ee8 [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
08:16:47.0154 0x1ee8 CNG - ok
08:16:47.0168 0x1ee8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:16:47.0239 0x1ee8 Compbatt - ok
08:16:47.0258 0x1ee8 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:16:47.0406 0x1ee8 CompositeBus - ok
08:16:47.0434 0x1ee8 COMSysApp - ok
08:16:47.0463 0x1ee8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:16:47.0542 0x1ee8 crcdisk - ok
08:16:47.0560 0x1ee8 Crypkey License - ok
08:16:47.0598 0x1ee8 [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:16:47.0700 0x1ee8 CryptSvc - ok
08:16:47.0757 0x1ee8 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:16:47.0953 0x1ee8 DcomLaunch - ok
08:16:48.0019 0x1ee8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:16:48.0221 0x1ee8 defragsvc - ok
08:16:48.0245 0x1ee8 [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:16:48.0387 0x1ee8 DfsC - ok
08:16:48.0431 0x1ee8 [ 41AC348DBD378F618CB4FDEE54270692, A4080C9FF314F52C52E2207E5F7B745A003E931FA42E67E742D34477B5CC0166 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
08:16:48.0496 0x1ee8 dg_ssudbus - ok
08:16:48.0543 0x1ee8 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:16:48.0739 0x1ee8 Dhcp - ok
08:16:48.0795 0x1ee8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:16:48.0959 0x1ee8 discache - ok
08:16:49.0023 0x1ee8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:16:49.0075 0x1ee8 Disk - ok
08:16:49.0117 0x1ee8 [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:16:49.0239 0x1ee8 Dnscache - ok
08:16:49.0287 0x1ee8 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
08:16:49.0447 0x1ee8 dot3svc - ok
08:16:49.0470 0x1ee8 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
08:16:49.0621 0x1ee8 DPS - ok
08:16:49.0645 0x1ee8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:16:49.0761 0x1ee8 drmkaud - ok
08:16:49.0850 0x1ee8 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:16:50.0027 0x1ee8 DXGKrnl - ok
08:16:50.0069 0x1ee8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:16:50.0230 0x1ee8 EapHost - ok
08:16:50.0501 0x1ee8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:16:50.0788 0x1ee8 ebdrv - ok
08:16:50.0823 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
08:16:50.0938 0x1ee8 EFS - ok
08:16:51.0028 0x1ee8 [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:16:51.0288 0x1ee8 ehRecvr - ok
08:16:51.0336 0x1ee8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
08:16:51.0470 0x1ee8 ehSched - ok
08:16:51.0531 0x1ee8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:16:51.0734 0x1ee8 elxstor - ok
08:16:51.0789 0x1ee8 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
08:16:51.0802 0x1ee8 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
08:16:54.0296 0x1ee8 Detect skipped due to KSN trusted
08:16:54.0296 0x1ee8 EpsonBidirectionalService - ok
08:16:54.0372 0x1ee8 [ CA10F4B22F03A06B20AFF48019BD195B, B9E834016861F4068793BFFC869C90BDBBD08713508CCE0CCDBD94DF96C38C8F ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
08:16:54.0534 0x1ee8 EpsonCustomerResearchParticipation - ok
08:16:54.0571 0x1ee8 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
08:16:54.0629 0x1ee8 EpsonScanSvc - ok
08:16:54.0649 0x1ee8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
08:16:54.0783 0x1ee8 ErrDev - ok
08:16:54.0847 0x1ee8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:16:55.0005 0x1ee8 EventSystem - ok
08:16:55.0026 0x1ee8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:16:55.0181 0x1ee8 exfat - ok
08:16:55.0407 0x1ee8 [ 476F455E9ACD598FD2D82A7F2896F040, 13D4EBAEC9F9259F14EBC4F61DCED6755AB254681B7FD9CBBFABDB1C05DD0726 ] F-Secure Gatekeeper C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
08:16:55.0456 0x1ee8 F-Secure Gatekeeper - ok
08:16:55.0547 0x1ee8 [ 2B3714CB78B4561A205805E770D9B7F9, 43F91FF80167665D708724DA34DF1F7F9BEC4C425C0D3723776D0008048EE4C0 ] F-Secure HIPS C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
08:16:55.0572 0x1ee8 F-Secure HIPS - ok
08:16:55.0625 0x1ee8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:16:55.0732 0x1ee8 fastfat - ok
08:16:55.0795 0x1ee8 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
08:16:56.0001 0x1ee8 Fax - ok
08:16:56.0026 0x1ee8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:16:56.0155 0x1ee8 fdc - ok
08:16:56.0194 0x1ee8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:16:56.0459 0x1ee8 fdPHost - ok
08:16:56.0477 0x1ee8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:16:56.0646 0x1ee8 FDResPub - ok
08:16:56.0665 0x1ee8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:16:56.0713 0x1ee8 FileInfo - ok
08:16:56.0749 0x1ee8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:16:56.0918 0x1ee8 Filetrace - ok
08:16:57.0093 0x1ee8 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:16:57.0296 0x1ee8 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
08:16:59.0904 0x1ee8 Detect skipped due to KSN trusted
08:16:59.0904 0x1ee8 FLEXnet Licensing Service - ok
08:16:59.0914 0x1ee8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:17:00.0032 0x1ee8 flpydisk - ok
08:17:00.0075 0x1ee8 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:17:00.0153 0x1ee8 FltMgr - ok
08:17:00.0206 0x1ee8 [ 97223981A9214F1B4997E9075ABB6BF5, 9DFBAC65F0F3299182404A289B15745043A6211FDC3244BD2B9C1C4AA174B274 ] FontCache C:\Windows\system32\FntCache.dll
08:17:00.0436 0x1ee8 FontCache - ok
08:17:00.0466 0x1ee8 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:17:00.0541 0x1ee8 FontCache3.0.0.0 - ok
08:17:00.0625 0x1ee8 [ D0BA07DE5F5B6A262939D94EF8D6494D, D47E2052D87484AC35C8C224A2183B31722236E27AA42675A8F6DCC40C8DE672 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
08:17:00.0706 0x1ee8 Freemake Improver - detected UnsignedFile.Multi.Generic ( 1 )
08:17:03.0319 0x1ee8 Detect skipped due to KSN trusted
08:17:03.0319 0x1ee8 Freemake Improver - ok
08:17:03.0369 0x1ee8 [ F59F2C574AA5D84477EB89F87C938F16, 0F3905D56440F9216911F7338061CFB8BEF243DDF9DC1E5D57254874EBBFA629 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
08:17:03.0508 0x1ee8 fsbts - ok
08:17:03.0583 0x1ee8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:17:03.0661 0x1ee8 FsDepends - ok
08:17:03.0705 0x1ee8 [ 30E2F8DE27C2375B36D24D546105333B, 806B627A3EE54920EBA99427A59A4353FA7F03F2D4B86C9F2CCB42790BE7CD36 ] fshoster C:\Program Files (x86)\ROL Secure\fshoster32.exe
08:17:03.0737 0x1ee8 fshoster - ok
08:17:03.0839 0x1ee8 [ C15EB9A166C0A2B051F618EF517C075F, 92D19CC6BFDE063453EC468C38EBCC801B06636923AEF59C81B7A3854179C514 ] FSMA C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
08:17:03.0873 0x1ee8 FSMA - ok
08:17:03.0988 0x1ee8 [ B5DCB9A95EF5FA3FFD536778D94BC246, FDADE8EECD9523D9E0AA117E5CE27C6A98911809F88631BACAA1DA82ED41B924 ] fsni C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys
08:17:04.0019 0x1ee8 fsni - ok
08:17:04.0060 0x1ee8 [ 277A41EB7D2DAA7105DF85BFC2F1C9AD, 59141146C7292C4B9ABC4D019B07E6A3EEB759DB97B629046F168B944459208D ] FSORSPClient C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
08:17:04.0114 0x1ee8 FSORSPClient - ok
08:17:04.0149 0x1ee8 [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:17:04.0233 0x1ee8 fssfltr - ok
08:17:04.0325 0x1ee8 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:17:04.0596 0x1ee8 fsssvc - ok
08:17:04.0661 0x1ee8 [ E34D552D6CA4A1F61D003A44210BDD93, 87A26D36E220DD0E0C5AED5CFAAC4C4255CBEFA9D7C36072224E8A16F5DF6F1D ] fsvista C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
08:17:04.0695 0x1ee8 fsvista - ok
08:17:04.0750 0x1ee8 [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:17:04.0841 0x1ee8 Fs_Rec - ok
08:17:04.0902 0x1ee8 [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:17:04.0963 0x1ee8 fvevol - ok
08:17:05.0010 0x1ee8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:17:05.0071 0x1ee8 gagp30kx - ok
08:17:05.0093 0x1ee8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:17:05.0156 0x1ee8 GEARAspiWDM - ok
08:17:05.0213 0x1ee8 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
08:17:05.0439 0x1ee8 gpsvc - ok
08:17:05.0540 0x1ee8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:05.0671 0x1ee8 gupdate - ok
08:17:05.0701 0x1ee8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:05.0723 0x1ee8 gupdatem - ok
08:17:05.0788 0x1ee8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:17:05.0830 0x1ee8 gusvc - ok
08:17:05.0854 0x1ee8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:17:06.0001 0x1ee8 hcw85cir - ok
08:17:06.0059 0x1ee8 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:17:06.0242 0x1ee8 HdAudAddService - ok
08:17:06.0273 0x1ee8 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:17:06.0473 0x1ee8 HDAudBus - ok
08:17:06.0490 0x1ee8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:17:06.0698 0x1ee8 HidBatt - ok
08:17:06.0722 0x1ee8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:17:06.0830 0x1ee8 HidBth - ok
08:17:06.0847 0x1ee8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:17:06.0971 0x1ee8 HidIr - ok
08:17:07.0004 0x1ee8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:17:07.0157 0x1ee8 hidserv - ok
08:17:07.0191 0x1ee8 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:17:07.0324 0x1ee8 HidUsb - ok
08:17:07.0349 0x1ee8 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
08:17:07.0535 0x1ee8 hkmsvc - ok
08:17:07.0556 0x1ee8 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:17:07.0733 0x1ee8 HomeGroupListener - ok
08:17:07.0821 0x1ee8 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:17:07.0971 0x1ee8 HomeGroupProvider - ok
08:17:08.0001 0x1ee8 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
08:17:08.0030 0x1ee8 HpSAMD - ok
08:17:08.0150 0x1ee8 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:17:08.0387 0x1ee8 HTTP - ok
08:17:08.0413 0x1ee8 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:17:08.0497 0x1ee8 hwpolicy - ok
08:17:08.0522 0x1ee8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:17:08.0667 0x1ee8 i8042prt - ok
08:17:08.0785 0x1ee8 [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:17:08.0958 0x1ee8 iaStorV - ok
08:17:09.0029 0x1ee8 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:17:09.0198 0x1ee8 idsvc - ok
08:17:09.0228 0x1ee8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:17:09.0291 0x1ee8 iirsp - ok
08:17:09.0333 0x1ee8 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
08:17:09.0566 0x1ee8 IKEEXT - ok
08:17:09.0615 0x1ee8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
08:17:09.0693 0x1ee8 intelide - ok
08:17:09.0724 0x1ee8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:17:09.0931 0x1ee8 intelppm - ok
08:17:09.0970 0x1ee8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:17:10.0140 0x1ee8 IPBusEnum - ok
08:17:10.0158 0x1ee8 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:17:10.0307 0x1ee8 IpFilterDriver - ok
08:17:10.0365 0x1ee8 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:17:10.0655 0x1ee8 iphlpsvc - ok
08:17:10.0673 0x1ee8 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:17:10.0869 0x1ee8 IPMIDRV - ok
08:17:10.0930 0x1ee8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:17:11.0106 0x1ee8 IPNAT - ok
08:17:11.0198 0x1ee8 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:17:11.0314 0x1ee8 iPod Service - ok
08:17:11.0334 0x1ee8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:17:11.0523 0x1ee8 IRENUM - ok
08:17:11.0531 0x1ee8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
08:17:11.0583 0x1ee8 isapnp - ok
08:17:11.0626 0x1ee8 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:17:11.0677 0x1ee8 iScsiPrt - ok
08:17:11.0709 0x1ee8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:17:11.0773 0x1ee8 kbdclass - ok
08:17:11.0802 0x1ee8 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:17:11.0924 0x1ee8 kbdhid - ok
08:17:11.0941 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
08:17:11.0983 0x1ee8 KeyIso - ok
08:17:12.0061 0x1ee8 [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:17:12.0110 0x1ee8 KSecDD - ok
08:17:12.0151 0x1ee8 [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:17:12.0209 0x1ee8 KSecPkg - ok
08:17:12.0229 0x1ee8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:17:12.0375 0x1ee8 ksthunk - ok
08:17:12.0437 0x1ee8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:17:12.0628 0x1ee8 KtmRm - ok
08:17:12.0655 0x1ee8 [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
08:17:12.0737 0x1ee8 L1C - ok
08:17:12.0775 0x1ee8 [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\system32\srvsvc.dll
08:17:12.0918 0x1ee8 LanmanServer - ok
08:17:12.0951 0x1ee8 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:17:13.0064 0x1ee8 LanmanWorkstation - ok
08:17:13.0122 0x1ee8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:17:13.0256 0x1ee8 lltdio - ok
08:17:13.0287 0x1ee8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:17:13.0470 0x1ee8 lltdsvc - ok
08:17:13.0484 0x1ee8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:17:13.0604 0x1ee8 lmhosts - ok
08:17:13.0631 0x1ee8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:17:13.0659 0x1ee8 LSI_FC - ok
08:17:13.0707 0x1ee8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:17:13.0735 0x1ee8 LSI_SAS - ok
08:17:13.0768 0x1ee8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:17:13.0794 0x1ee8 LSI_SAS2 - ok
08:17:13.0834 0x1ee8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:17:13.0920 0x1ee8 LSI_SCSI - ok
08:17:14.0021 0x1ee8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:17:14.0253 0x1ee8 luafv - ok
08:17:14.0293 0x1ee8 [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
08:17:14.0362 0x1ee8 mbamchameleon - ok
08:17:14.0384 0x1ee8 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
08:17:14.0429 0x1ee8 MBAMSwissArmy - ok
08:17:14.0461 0x1ee8 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:17:14.0639 0x1ee8 Mcx2Svc - ok
08:17:14.0709 0x1ee8 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:17:14.0785 0x1ee8 MDM - detected UnsignedFile.Multi.Generic ( 1 )
08:17:17.0404 0x1ee8 Detect skipped due to KSN trusted
08:17:17.0404 0x1ee8 MDM - ok
08:17:17.0446 0x1ee8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:17:17.0525 0x1ee8 megasas - ok
08:17:17.0550 0x1ee8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:17:17.0661 0x1ee8 MegaSR - ok
08:17:17.0696 0x1ee8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:17:18.0048 0x1ee8 MMCSS - ok
08:17:18.0066 0x1ee8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:17:18.0232 0x1ee8 Modem - ok
08:17:18.0274 0x1ee8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:17:18.0418 0x1ee8 monitor - ok
08:17:18.0450 0x1ee8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:17:18.0518 0x1ee8 mouclass - ok
08:17:18.0536 0x1ee8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:17:18.0658 0x1ee8 mouhid - ok
08:17:18.0683 0x1ee8 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:17:18.0718 0x1ee8 mountmgr - ok
08:17:18.0819 0x1ee8 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:17:18.0893 0x1ee8 MozillaMaintenance - ok
08:17:18.0921 0x1ee8 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
08:17:19.0001 0x1ee8 mpio - ok
08:17:19.0046 0x1ee8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:17:19.0178 0x1ee8 mpsdrv - ok
08:17:19.0411 0x1ee8 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
08:17:19.0755 0x1ee8 MpsSvc - ok
08:17:19.0792 0x1ee8 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:17:19.0953 0x1ee8 MRxDAV - ok
08:17:19.0991 0x1ee8 [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:17:20.0148 0x1ee8 mrxsmb - ok
08:17:20.0180 0x1ee8 [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:17:20.0340 0x1ee8 mrxsmb10 - ok
08:17:20.0390 0x1ee8 [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:17:20.0567 0x1ee8 mrxsmb20 - ok
08:17:20.0620 0x1ee8 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
08:17:20.0687 0x1ee8 msahci - ok
08:17:20.0707 0x1ee8 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
08:17:20.0734 0x1ee8 msdsm - ok
08:17:20.0779 0x1ee8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:17:20.0984 0x1ee8 MSDTC - ok
08:17:21.0014 0x1ee8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:17:21.0151 0x1ee8 Msfs - ok
08:17:21.0174 0x1ee8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:17:21.0420 0x1ee8 mshidkmdf - ok
08:17:21.0444 0x1ee8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
08:17:21.0491 0x1ee8 msisadrv - ok
08:17:21.0533 0x1ee8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:17:21.0753 0x1ee8 MSiSCSI - ok
08:17:21.0758 0x1ee8 msiserver - ok
08:17:21.0793 0x1ee8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:17:21.0920 0x1ee8 MSKSSRV - ok
08:17:21.0941 0x1ee8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:17:22.0083 0x1ee8 MSPCLOCK - ok
08:17:22.0101 0x1ee8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:17:22.0249 0x1ee8 MSPQM - ok
08:17:22.0283 0x1ee8 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:17:22.0485 0x1ee8 MsRPC - ok
08:17:22.0502 0x1ee8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:17:22.0597 0x1ee8 mssmbios - ok
08:17:22.0638 0x1ee8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:17:22.0811 0x1ee8 MSTEE - ok
08:17:22.0824 0x1ee8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:17:23.0019 0x1ee8 MTConfig - ok
08:17:23.0065 0x1ee8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:17:23.0156 0x1ee8 Mup - ok
08:17:23.0233 0x1ee8 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
08:17:23.0492 0x1ee8 napagent - ok
08:17:23.0548 0x1ee8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:17:23.0770 0x1ee8 NativeWifiP - ok
08:17:23.0857 0x1ee8 [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:17:24.0007 0x1ee8 NAUpdate - ok
08:17:24.0065 0x1ee8 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
08:17:24.0362 0x1ee8 NDIS - ok
08:17:24.0407 0x1ee8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:17:24.0657 0x1ee8 NdisCap - ok
08:17:24.0677 0x1ee8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:17:24.0841 0x1ee8 NdisTapi - ok
08:17:24.0882 0x1ee8 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:17:25.0072 0x1ee8 Ndisuio - ok
08:17:25.0119 0x1ee8 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:17:25.0314 0x1ee8 NdisWan - ok
08:17:25.0343 0x1ee8 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:17:25.0484 0x1ee8 NDProxy - ok
08:17:25.0567 0x1ee8 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
08:17:25.0724 0x1ee8 Netaapl - ok
08:17:25.0748 0x1ee8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:17:25.0883 0x1ee8 NetBIOS - ok
08:17:25.0932 0x1ee8 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:17:26.0094 0x1ee8 NetBT - ok
08:17:26.0118 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
08:17:26.0174 0x1ee8 Netlogon - ok
08:17:26.0289 0x1ee8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:17:26.0494 0x1ee8 Netman - ok
08:17:26.0540 0x1ee8 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:26.0574 0x1ee8 NetMsmqActivator - ok
08:17:26.0580 0x1ee8 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:26.0651 0x1ee8 NetPipeActivator - ok
08:17:26.0691 0x1ee8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:17:26.0917 0x1ee8 netprofm - ok
08:17:27.0217 0x1ee8 [ 074B8A2277D3373E0D4F03E7611A2316, 89F37C24D69E98AD3FADEC412FF58946DCEF362F2FE81276D007C49F891D4523 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
08:17:27.0542 0x1ee8 netr28ux - ok
08:17:27.0573 0x1ee8 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:27.0638 0x1ee8 NetTcpActivator - ok
08:17:27.0648 0x1ee8 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:27.0671 0x1ee8 NetTcpPortSharing - ok
08:17:27.0730 0x1ee8 [ 2263727032E9B19231A706046B8C82D3, AAAE23FF8164BC03F9C331C324F4C4AC7298535CC0BBBB14E9319D009D92D9E1 ] NetworkX C:\Windows\system32\ckldrv.sys
08:17:27.0781 0x1ee8 NetworkX - ok
08:17:27.0804 0x1ee8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:17:27.0831 0x1ee8 nfrd960 - ok
08:17:27.0973 0x1ee8 [ BDEE86431510E7D0C3AD7E7C6BEB14F9, 9F2C4AFF6BF17952A56CC603C4F1A81AF574E9F54BDE2302732FBD628A152785 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
08:17:28.0013 0x1ee8 NitroReaderDriverReadSpool3 - ok
08:17:28.0061 0x1ee8 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
08:17:28.0254 0x1ee8 NlaSvc - ok
08:17:28.0269 0x1ee8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:17:28.0391 0x1ee8 Npfs - ok
08:17:28.0411 0x1ee8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:17:28.0578 0x1ee8 nsi - ok
08:17:28.0602 0x1ee8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:17:28.0773 0x1ee8 nsiproxy - ok
08:17:28.0951 0x1ee8 [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:17:29.0267 0x1ee8 Ntfs - ok
08:17:29.0293 0x1ee8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:17:29.0456 0x1ee8 Null - ok
08:17:30.0826 0x1ee8 [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:17:33.0812 0x1ee8 nvlddmkm - ok
08:17:33.0881 0x1ee8 [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:17:33.0972 0x1ee8 nvraid - ok
08:17:34.0019 0x1ee8 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:17:34.0113 0x1ee8 nvstor - ok
08:17:34.0195 0x1ee8 [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc C:\Windows\system32\nvvsvc.exe
08:17:34.0369 0x1ee8 nvsvc - ok
08:17:34.0627 0x1ee8 [ AA130938A27BB80A8B6438EF83232275, 7C5A4863CD22413723C9F7658855E34088A2F89DF740531ED7986F67A30935E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:17:35.0052 0x1ee8 nvUpdatusService - ok
08:17:35.0093 0x1ee8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
08:17:35.0196 0x1ee8 nv_agp - ok
08:17:35.0285 0x1ee8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:17:35.0431 0x1ee8 odserv - ok
08:17:35.0451 0x1ee8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:17:35.0539 0x1ee8 ohci1394 - ok
08:17:35.0604 0x1ee8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:17:35.0648 0x1ee8 ose - ok
08:17:35.0683 0x1ee8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:17:35.0832 0x1ee8 p2pimsvc - ok
08:17:35.0882 0x1ee8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:17:36.0049 0x1ee8 p2psvc - ok
08:17:36.0109 0x1ee8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:17:36.0232 0x1ee8 Parport - ok
08:17:36.0283 0x1ee8 [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:17:36.0320 0x1ee8 partmgr - ok
08:17:36.0383 0x1ee8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
08:17:36.0520 0x1ee8 PcaSvc - ok
08:17:36.0542 0x1ee8 pccsmcfd - ok
08:17:36.0575 0x1ee8 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
08:17:36.0618 0x1ee8 pci - ok
08:17:36.0642 0x1ee8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
08:17:36.0693 0x1ee8 pciide - ok
08:17:36.0716 0x1ee8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:17:36.0750 0x1ee8 pcmcia - ok
08:17:36.0790 0x1ee8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:17:36.0847 0x1ee8 pcw - ok
08:17:36.0912 0x1ee8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:17:37.0284 0x1ee8 PEAUTH - ok
08:17:37.0643 0x1ee8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:17:37.0842 0x1ee8 PerfHost - ok
08:17:37.0984 0x1ee8 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
08:17:38.0336 0x1ee8 pla - ok
08:17:38.0404 0x1ee8 [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:17:38.0602 0x1ee8 PlugPlay - ok
08:17:38.0636 0x1ee8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:17:38.0752 0x1ee8 PNRPAutoReg - ok
08:17:38.0807 0x1ee8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:17:38.0914 0x1ee8 PNRPsvc - ok
08:17:39.0039 0x1ee8 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:17:39.0298 0x1ee8 PolicyAgent - ok
08:17:39.0368 0x1ee8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:17:39.0483 0x1ee8 Power - ok
08:17:39.0524 0x1ee8 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:17:39.0714 0x1ee8 PptpMiniport - ok
08:17:39.0748 0x1ee8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:17:39.0923 0x1ee8 Processor - ok
08:17:40.0067 0x1ee8 [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
08:17:40.0208 0x1ee8 ProfSvc - ok
08:17:40.0227 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:17:40.0282 0x1ee8 ProtectedStorage - ok
08:17:40.0326 0x1ee8 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:17:40.0487 0x1ee8 Psched - ok
08:17:40.0562 0x1ee8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:17:40.0941 0x1ee8 ql2300 - ok
08:17:40.0980 0x1ee8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:17:41.0038 0x1ee8 ql40xx - ok
08:17:41.0088 0x1ee8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:17:41.0231 0x1ee8 QWAVE - ok
08:17:41.0248 0x1ee8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:17:41.0370 0x1ee8 QWAVEdrv - ok
08:17:41.0448 0x1ee8 [ F4C083E290BCBC8DA05C6E2C7F8053B9, 968103B2F49A05B1DE99FA38CEB7B2F5E90B60901B9AF802A908F819DA64822E ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
08:17:41.0521 0x1ee8 RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
08:17:44.0052 0x1ee8 Detect skipped due to KSN trusted
08:17:44.0052 0x1ee8 RalinkRegistryWriter - ok
08:17:44.0129 0x1ee8 [ C3B515559046A89BB0E0F2CEEF73CABC, EC967620BADCA66BEE5DE0A44EC858AE2FB08BED6774673CDB3C1F53B7C7E22B ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
08:17:44.0220 0x1ee8 RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic ( 1 )
08:17:46.0837 0x1ee8 Detect skipped due to KSN trusted
08:17:46.0838 0x1ee8 RalinkRegistryWriter64 - ok
08:17:47.0034 0x1ee8 [ ACCFA0846D9C7BD6A9F506982B812A5C, FE48D5016C2EBDB95A594D359E9F7873A1EF5C927E109F59755C892B6C3C5506 ] RaMediaServer C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
08:17:47.0175 0x1ee8 RaMediaServer - ok
08:17:47.0206 0x1ee8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:17:47.0382 0x1ee8 RasAcd - ok
08:17:47.0411 0x1ee8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:17:47.0561 0x1ee8 RasAgileVpn - ok
08:17:47.0595 0x1ee8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:17:47.0741 0x1ee8 RasAuto - ok
08:17:47.0770 0x1ee8 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:17:47.0931 0x1ee8 Rasl2tp - ok
08:17:47.0976 0x1ee8 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
08:17:48.0146 0x1ee8 RasMan - ok
08:17:48.0168 0x1ee8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:17:48.0310 0x1ee8 RasPppoe - ok
08:17:48.0334 0x1ee8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:17:48.0562 0x1ee8 RasSstp - ok
08:17:48.0626 0x1ee8 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:17:48.0872 0x1ee8 rdbss - ok
08:17:48.0895 0x1ee8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:17:49.0085 0x1ee8 rdpbus - ok
08:17:49.0116 0x1ee8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:17:49.0325 0x1ee8 RDPCDD - ok
08:17:49.0351 0x1ee8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:17:49.0543 0x1ee8 RDPENCDD - ok
08:17:49.0551 0x1ee8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:17:49.0775 0x1ee8 RDPREFMP - ok
08:17:49.0850 0x1ee8 [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:17:49.0987 0x1ee8 RDPWD - ok
08:17:50.0041 0x1ee8 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:17:50.0071 0x1ee8 rdyboost - ok
08:17:50.0106 0x1ee8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:17:50.0306 0x1ee8 RemoteAccess - ok
08:17:50.0375 0x1ee8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:17:50.0529 0x1ee8 RemoteRegistry - ok
08:17:50.0564 0x1ee8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:17:50.0723 0x1ee8 RpcEptMapper - ok
08:17:50.0743 0x1ee8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:17:50.0986 0x1ee8 RpcLocator - ok
08:17:51.0030 0x1ee8 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
08:17:51.0151 0x1ee8 RpcSs - ok
08:17:51.0185 0x1ee8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:17:51.0300 0x1ee8 rspndr - ok
08:17:51.0329 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
08:17:51.0378 0x1ee8 SamSs - ok
08:17:51.0425 0x1ee8 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
08:17:51.0468 0x1ee8 sbp2port - ok
08:17:51.0525 0x1ee8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:17:51.0687 0x1ee8 SCardSvr - ok
08:17:51.0710 0x1ee8 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:17:51.0865 0x1ee8 scfilter - ok
08:17:52.0046 0x1ee8 [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
08:17:52.0447 0x1ee8 Schedule - ok
08:17:52.0501 0x1ee8 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:17:52.0594 0x1ee8 SCPolicySvc - ok
08:17:52.0629 0x1ee8 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:17:52.0769 0x1ee8 SDRSVC - ok
08:17:52.0821 0x1ee8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:17:53.0051 0x1ee8 secdrv - ok
08:17:53.0108 0x1ee8 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
08:17:53.0318 0x1ee8 seclogon - ok
08:17:53.0351 0x1ee8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:17:53.0404 0x1ee8 SENS - ok
08:17:53.0447 0x1ee8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:17:53.0603 0x1ee8 SensrSvc - ok
08:17:53.0662 0x1ee8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:17:53.0799 0x1ee8 Serenum - ok
08:17:53.0823 0x1ee8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:17:53.0921 0x1ee8 Serial - ok
08:17:53.0934 0x1ee8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:17:54.0012 0x1ee8 sermouse - ok
08:17:54.0071 0x1ee8 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
08:17:54.0217 0x1ee8 SessionEnv - ok
08:17:54.0273 0x1ee8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:17:54.0430 0x1ee8 sffdisk - ok
08:17:54.0463 0x1ee8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:17:54.0643 0x1ee8 sffp_mmc - ok
08:17:54.0661 0x1ee8 [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:17:54.0796 0x1ee8 sffp_sd - ok
08:17:54.0832 0x1ee8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:17:55.0058 0x1ee8 sfloppy - ok
08:17:55.0101 0x1ee8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:17:55.0291 0x1ee8 SharedAccess - ok
08:17:55.0378 0x1ee8 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:17:55.0565 0x1ee8 ShellHWDetection - ok
08:17:55.0625 0x1ee8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:17:55.0660 0x1ee8 SiSRaid2 - ok
08:17:55.0690 0x1ee8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:17:55.0743 0x1ee8 SiSRaid4 - ok
08:17:55.0930 0x1ee8 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:17:56.0042 0x1ee8 SkypeUpdate - ok
08:17:56.0067 0x1ee8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:17:56.0257 0x1ee8 Smb - ok
08:17:56.0308 0x1ee8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:17:56.0416 0x1ee8 SNMPTRAP - ok
08:17:56.0454 0x1ee8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:17:56.0551 0x1ee8 spldr - ok
08:17:56.0604 0x1ee8 [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
08:17:56.0797 0x1ee8 Spooler - ok
08:17:57.0034 0x1ee8 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
08:17:57.0388 0x1ee8 sppsvc - ok
08:17:57.0419 0x1ee8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:17:57.0603 0x1ee8 sppuinotify - ok
08:17:57.0642 0x1ee8 [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:17:57.0848 0x1ee8 srv - ok
08:17:57.0885 0x1ee8 [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:17:58.0140 0x1ee8 srv2 - ok
08:17:58.0171 0x1ee8 [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:17:58.0325 0x1ee8 srvnet - ok
08:17:58.0349 0x1ee8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:17:58.0495 0x1ee8 SSDPSRV - ok
08:17:58.0531 0x1ee8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:17:58.0728 0x1ee8 SstpSvc - ok
08:17:58.0770 0x1ee8 [ B4C983DA20E2970E21893BF0E4EE2AD8, 473D0E5339A8914775A03F76A805DAD4727FC045E3984F85F54BB92D5214E06F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
08:17:58.0851 0x1ee8 ssudmdm - ok
08:17:58.0892 0x1ee8 [ 609380EF89848478E8142E99112B8ADF, D44041D3365FB282CA6CF1905EC3CD8DDA49BE7707FCBBDB0D2C73175237B956 ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys
08:17:58.0935 0x1ee8 ssudserd - ok
08:17:59.0041 0x1ee8 [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:17:59.0184 0x1ee8 Stereo Service - ok
08:17:59.0210 0x1ee8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:17:59.0267 0x1ee8 stexstor - ok
08:17:59.0303 0x1ee8 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:17:59.0481 0x1ee8 StillCam - ok
08:17:59.0550 0x1ee8 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
08:17:59.0769 0x1ee8 stisvc - ok
08:17:59.0792 0x1ee8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:17:59.0853 0x1ee8 swenum - ok
08:17:59.0883 0x1ee8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:18:00.0067 0x1ee8 swprv - ok
08:18:00.0379 0x1ee8 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
08:18:01.0251 0x1ee8 SysMain - ok
08:18:01.0281 0x1ee8 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:18:01.0412 0x1ee8 TabletInputService - ok
08:18:01.0449 0x1ee8 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:18:01.0644 0x1ee8 TapiSrv - ok
08:18:01.0697 0x1ee8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
08:18:01.0856 0x1ee8 TBS - ok
08:18:01.0991 0x1ee8 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:18:02.0307 0x1ee8 Tcpip - ok
08:18:02.0402 0x1ee8 [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:18:02.0890 0x1ee8 TCPIP6 - ok
08:18:02.0921 0x1ee8 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:18:03.0041 0x1ee8 tcpipreg - ok
08:18:03.0080 0x1ee8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:18:03.0195 0x1ee8 TDPIPE - ok
08:18:03.0246 0x1ee8 [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:18:03.0438 0x1ee8 TDTCP - ok
08:18:03.0457 0x1ee8 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:18:03.0615 0x1ee8 tdx - ok
08:18:03.0646 0x1ee8 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:18:03.0705 0x1ee8 TermDD - ok
08:18:03.0787 0x1ee8 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
08:18:04.0050 0x1ee8 TermService - ok
08:18:04.0083 0x1ee8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:18:04.0224 0x1ee8 Themes - ok
08:18:04.0249 0x1ee8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:18:04.0320 0x1ee8 THREADORDER - ok
08:18:04.0363 0x1ee8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:18:04.0496 0x1ee8 TrkWks - ok
08:18:04.0618 0x1ee8 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:18:04.0765 0x1ee8 TrustedInstaller - ok
08:18:04.0781 0x1ee8 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:18:04.0921 0x1ee8 tssecsrv - ok
08:18:04.0992 0x1ee8 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:18:05.0283 0x1ee8 tunnel - ok
08:18:05.0302 0x1ee8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:18:05.0378 0x1ee8 uagp35 - ok
08:18:05.0413 0x1ee8 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:18:05.0601 0x1ee8 udfs - ok
08:18:05.0651 0x1ee8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:18:05.0780 0x1ee8 UI0Detect - ok
08:18:05.0813 0x1ee8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
08:18:05.0896 0x1ee8 uliagpkx - ok
08:18:05.0930 0x1ee8 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:18:06.0055 0x1ee8 umbus - ok
08:18:06.0071 0x1ee8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:18:06.0179 0x1ee8 UmPass - ok
08:18:06.0256 0x1ee8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:18:06.0453 0x1ee8 upnphost - ok
08:18:06.0493 0x1ee8 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:18:06.0588 0x1ee8 USBAAPL64 - ok
08:18:06.0644 0x1ee8 [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:18:06.0732 0x1ee8 usbaudio - ok
08:18:06.0793 0x1ee8 [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:18:06.0942 0x1ee8 usbccgp - ok
08:18:06.0997 0x1ee8 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
08:18:07.0189 0x1ee8 usbcir - ok
08:18:07.0226 0x1ee8 [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:18:07.0384 0x1ee8 usbehci - ok
08:18:07.0436 0x1ee8 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:18:07.0601 0x1ee8 usbhub - ok
08:18:07.0630 0x1ee8 [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:18:07.0729 0x1ee8 usbohci - ok
08:18:07.0755 0x1ee8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:18:07.0864 0x1ee8 usbprint - ok
08:18:07.0897 0x1ee8 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:18:08.0013 0x1ee8 usbscan - ok
08:18:08.0052 0x1ee8 [ 0F0C72A657C622286013788B886968AD, A1492B07BD76E60E5228FBCFB73F96CA5B7AA0E2110EB27C72803A618C88C51E ] usbser C:\Windows\system32\DRIVERS\usbser.sys
08:18:08.0197 0x1ee8 usbser - ok
08:18:08.0250 0x1ee8 [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:18:08.0420 0x1ee8 USBSTOR - ok
08:18:08.0464 0x1ee8 [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:18:08.0595 0x1ee8 usbuhci - ok
08:18:08.0642 0x1ee8 [ E388D1507E779D0B499A1D87476E4230, 9818AA09BFBCB5C26B13EF1B0F3702678CA5C5C284A9480E7DF31AFD9DC93197 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
08:18:08.0746 0x1ee8 usb_rndisx - ok
08:18:08.0800 0x1ee8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:18:08.0911 0x1ee8 UxSms - ok
08:18:08.0930 0x1ee8 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
08:18:08.0940 0x1ee8 VaultSvc - ok
08:18:08.0990 0x1ee8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
08:18:09.0049 0x1ee8 vdrvroot - ok
08:18:09.0074 0x1ee8 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
08:18:09.0259 0x1ee8 vds - ok
08:18:09.0277 0x1ee8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:18:09.0397 0x1ee8 vga - ok
08:18:09.0403 0x1ee8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:18:09.0548 0x1ee8 VgaSave - ok
08:18:09.0601 0x1ee8 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
08:18:09.0648 0x1ee8 vhdmp - ok
08:18:09.0669 0x1ee8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
08:18:09.0728 0x1ee8 viaide - ok
08:18:09.0760 0x1ee8 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
08:18:09.0789 0x1ee8 volmgr - ok
08:18:09.0858 0x1ee8 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:18:09.0928 0x1ee8 volmgrx - ok
08:18:09.0965 0x1ee8 [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:18:10.0083 0x1ee8 volsnap - ok
08:18:10.0115 0x1ee8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:18:10.0132 0x1ee8 vsmraid - ok
08:18:10.0237 0x1ee8 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
08:18:10.0661 0x1ee8 VSS - ok
08:18:10.0685 0x1ee8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:18:10.0846 0x1ee8 vwifibus - ok
08:18:10.0963 0x1ee8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:18:11.0180 0x1ee8 vwififlt - ok
08:18:11.0226 0x1ee8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:18:11.0343 0x1ee8 vwifimp - ok
08:18:11.0459 0x1ee8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:18:11.0691 0x1ee8 W32Time - ok
08:18:11.0790 0x1ee8 [ 06D2B9BC146BB0F45F45FF7A296D50C4, A182C30FBA200673132D43E679F17C8F986ADA39B043A73857640C9D587E0DC5 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
08:18:11.0980 0x1ee8 W3SVC - ok
08:18:12.0000 0x1ee8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:18:12.0033 0x1ee8 WacomPen - ok
08:18:12.0094 0x1ee8 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:18:12.0262 0x1ee8 WANARP - ok
08:18:12.0275 0x1ee8 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:18:12.0318 0x1ee8 Wanarpv6 - ok
08:18:12.0398 0x1ee8 [ 06D2B9BC146BB0F45F45FF7A296D50C4, A182C30FBA200673132D43E679F17C8F986ADA39B043A73857640C9D587E0DC5 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
08:18:12.0507 0x1ee8 WAS - ok
08:18:12.0604 0x1ee8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:18:12.0666 0x1ee8 WatAdminSvc - ok
08:18:12.0758 0x1ee8 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
08:18:13.0181 0x1ee8 wbengine - ok
08:18:13.0210 0x1ee8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:18:13.0346 0x1ee8 WbioSrvc - ok
08:18:13.0441 0x1ee8 [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:18:13.0645 0x1ee8 wcncsvc - ok
08:18:13.0708 0x1ee8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:18:13.0856 0x1ee8 WcsPlugInService - ok
08:18:13.0899 0x1ee8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:18:14.0128 0x1ee8 Wd - ok
08:18:14.0185 0x1ee8 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:18:14.0318 0x1ee8 Wdf01000 - ok
08:18:14.0359 0x1ee8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:18:14.0490 0x1ee8 WdiServiceHost - ok
08:18:14.0497 0x1ee8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:18:14.0574 0x1ee8 WdiSystemHost - ok
08:18:14.0606 0x1ee8 [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
08:18:14.0742 0x1ee8 WebClient - ok
08:18:14.0811 0x1ee8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:18:14.0976 0x1ee8 Wecsvc - ok
08:18:15.0008 0x1ee8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:18:15.0160 0x1ee8 wercplsupport - ok
08:18:15.0186 0x1ee8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:18:15.0331 0x1ee8 WerSvc - ok
08:18:15.0354 0x1ee8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:18:15.0489 0x1ee8 WfpLwf - ok
08:18:15.0529 0x1ee8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:18:15.0554 0x1ee8 WIMMount - ok
08:18:15.0591 0x1ee8 WinDefend - ok
08:18:15.0597 0x1ee8 WinHttpAutoProxySvc - ok
08:18:15.0767 0x1ee8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:18:15.0968 0x1ee8 Winmgmt - ok
08:18:16.0216 0x1ee8 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
08:18:16.0719 0x1ee8 WinRM - ok
08:18:16.0769 0x1ee8 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:18:16.0952 0x1ee8 WinUsb - ok
08:18:17.0064 0x1ee8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:18:17.0498 0x1ee8 Wlansvc - ok
08:18:17.0558 0x1ee8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:18:17.0602 0x1ee8 wlcrasvc - ok
08:18:17.0885 0x1ee8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:18:18.0424 0x1ee8 wlidsvc - ok
08:18:18.0450 0x1ee8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:18:18.0544 0x1ee8 WmiAcpi - ok
08:18:18.0576 0x1ee8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:18:18.0713 0x1ee8 wmiApSrv - ok
08:18:18.0741 0x1ee8 WMPNetworkSvc - ok
08:18:18.0754 0x1ee8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:18:18.0894 0x1ee8 WPCSvc - ok
08:18:18.0913 0x1ee8 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:18:19.0045 0x1ee8 WPDBusEnum - ok
08:18:19.0090 0x1ee8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:18:19.0241 0x1ee8 ws2ifsl - ok
08:18:19.0298 0x1ee8 [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\System32\wscsvc.dll
08:18:19.0390 0x1ee8 wscsvc - ok
08:18:19.0427 0x1ee8 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
08:18:19.0560 0x1ee8 WSDPrintDevice - ok
08:18:19.0609 0x1ee8 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
08:18:19.0690 0x1ee8 WSDScan - ok
08:18:19.0695 0x1ee8 WSearch - ok
08:18:19.0939 0x1ee8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
08:18:20.0399 0x1ee8 wuauserv - ok
08:18:20.0443 0x1ee8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:18:20.0557 0x1ee8 WudfPf - ok
08:18:20.0603 0x1ee8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:18:20.0740 0x1ee8 WUDFRd - ok
08:18:20.0776 0x1ee8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:18:20.0877 0x1ee8 wudfsvc - ok
08:18:20.0910 0x1ee8 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:18:21.0079 0x1ee8 WwanSvc - ok
08:18:21.0117 0x1ee8 ================ Scan global ===============================
08:18:21.0140 0x1ee8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:18:21.0185 0x1ee8 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
08:18:21.0234 0x1ee8 [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
08:18:21.0282 0x1ee8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:18:21.0321 0x1ee8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:18:21.0337 0x1ee8 [ Global ] - ok
08:18:21.0339 0x1ee8 ================ Scan MBR ==================================
08:18:21.0345 0x1ee8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:18:22.0378 0x1ee8 \Device\Harddisk0\DR0 - ok
08:18:22.0379 0x1ee8 ================ Scan VBR ==================================
08:18:22.0385 0x1ee8 [ 81234EF3C05DBE2301F4FC95E9FEDB83 ] \Device\Harddisk0\DR0\Partition1
08:18:22.0454 0x1ee8 \Device\Harddisk0\DR0\Partition1 - ok
08:18:22.0474 0x1ee8 [ 2E9ACB280E19410B255F008AC50934D0 ] \Device\Harddisk0\DR0\Partition2
08:18:22.0519 0x1ee8 \Device\Harddisk0\DR0\Partition2 - ok
08:18:22.0543 0x1ee8 [ CB25FDCCD226C7DBC9793608D977F52B ] \Device\Harddisk0\DR0\Partition3
08:18:22.0562 0x1ee8 \Device\Harddisk0\DR0\Partition3 - ok
08:18:22.0563 0x1ee8 ================ Scan generic autorun ======================
08:18:22.0704 0x1ee8 [ C02B401242B4D1639AC921DC2029D5FF, D8C3D79DCCAC60892700C9D668A54DAAD835C6E22C477422D6BF1070D1AF5198 ] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe
08:18:23.0585 0x1ee8 ApplyEsf-eDocPrintPro - detected UnsignedFile.Multi.Generic ( 1 )
08:18:26.0210 0x1ee8 Detect skipped due to KSN trusted
08:18:26.0210 0x1ee8 ApplyEsf-eDocPrintPro - ok
08:18:26.0264 0x1ee8 [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
08:18:26.0395 0x1ee8 iTunesHelper - ok
08:18:26.0587 0x1ee8 [ 46D3D19A4745B67DCA6692AFAB0E136D, 4CC62A94C62B7D1DBE592AF29D4251F3A8A13FE3F55A3A8A7DC6495D990093E4 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
08:18:26.0828 0x1ee8 EEventManager - ok
08:18:26.0887 0x1ee8 [ 635DFB2E71D6359E07977E74703ED47E, C45F9208304421A5992C2A16B2B29D12C20C9E314850E1A23264B9162E671C02 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
08:18:27.0110 0x1ee8 FUFAXSTM - ok
08:18:27.0164 0x1ee8 [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
08:18:27.0199 0x1ee8 APSDaemon - ok
08:18:27.0268 0x1ee8 [ C9A9D02D6C1C4D0F9148153B733B4209, 2D1A0E61219398E694BA69FBB0FE82C5143C26737BE23809BA21CF5F1640A62E ] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe
08:18:27.0295 0x1ee8 NSU_agent - ok
08:18:27.0353 0x1ee8 [ FBDC0E172AA0D341FF0084A3DBFD00F5, 5B452DFD516CE88EBCBE5AC6CB7649767FBD68FFF85D62783278FD5670C1D550 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
08:18:27.0437 0x1ee8 FUFAXRCV - ok
08:18:27.0487 0x1ee8 [ 30E2F8DE27C2375B36D24D546105333B, 806B627A3EE54920EBA99427A59A4353FA7F03F2D4B86C9F2CCB42790BE7CD36 ] C:\Program Files (x86)\ROL Secure\fshoster32.exe
08:18:27.0513 0x1ee8 F-Secure Hoster (41035) - ok
08:18:27.0607 0x1ee8 [ 8D2E3694A6E416C30589183A2D32B17D, 7969A325C435A0A9A92A4FA8C6B95391472DC5A3907635842B10DD005C34FDD1 ] C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
08:18:27.0698 0x1ee8 F-Secure Manager - ok
08:18:27.0783 0x1ee8 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:18:27.0977 0x1ee8 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:18:30.0587 0x1ee8 Detect skipped due to KSN trusted
08:18:30.0587 0x1ee8 QuickTime Task - ok
08:18:30.0652 0x1ee8 [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:18:30.0724 0x1ee8 SunJavaUpdateSched - ok
08:18:30.0805 0x1ee8 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:31.0369 0x1ee8 Sidebar - ok
08:18:31.0393 0x1ee8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:31.0544 0x1ee8 mctadmin - ok
08:18:31.0588 0x1ee8 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:31.0783 0x1ee8 Sidebar - ok
08:18:31.0794 0x1ee8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:31.0826 0x1ee8 mctadmin - ok
08:18:31.0856 0x1ee8 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:32.0057 0x1ee8 Sidebar - ok
08:18:32.0084 0x1ee8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:32.0157 0x1ee8 mctadmin - ok
08:18:32.0158 0x1ee8 Waiting for KSN requests completion. In queue: 14
08:18:33.0158 0x1ee8 Waiting for KSN requests completion. In queue: 7
08:18:34.0158 0x1ee8 Waiting for KSN requests completion. In queue: 7
08:18:35.0201 0x1ee8 AV detected via SS2: ROL Secure, C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsavwsch.exe ( 9.10.15260.0 ), 0x41000 ( enabled : updated )
08:18:35.0206 0x1ee8 Win FW state via NFP2: enabled
08:18:37.0711 0x1ee8 ============================================================
08:18:37.0711 0x1ee8 Scan finished
08:18:37.0711 0x1ee8 ============================================================
08:18:37.0724 0x19b4 Detected object count: 0
08:18:37.0724 0x19b4 Actual detected object count: 0
08:20:44.0001 0x1f8c Deinitialize success
P.s.: Ich habe festgestellt dass ich die geposteten FRST Logfiles nicht ändern kann. Gibt es darin keine potentiell gefährlichen Informationen, die jemand nutzen könnte, der den Inhalt dieses Forums aufruft? |
|
10.03.2015, 19:47
| #8 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Nö, ausser vielleicht dem Realnamen als Usernamen, aber ansonsten ist da nix wildes drin Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 20:46
| #9 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Habe das Programm laufen lassen (hat meine Geduld ganz schön strapaziert  , vor allem weil nicht zu verstehen war, ob das Programm blockiert ist oder im Hintergrund noch was läuft.) Wie auch immer, ich habe nicht gearbeitet und auch die Maus nicht bewegt. Nach etwa 10 Minuten hat sich der Bildschirm verdunkelt (Stromsprmodus oder so ähnlich). Ich habe einige Minuten zugewartet, bis der Rechner nicht mehr zu arbeiten schien und dann 2x die Leerzeichen-Taste gedrückt, damit der Bildschirm wieder aktiv ist. Das Programm lief noch immer, aber ich denke, das sollte kein Problem gewesen sein. Hier also das Resultat: Combofix Logfile: Code:
ATTFilter ComboFix 15-03-09.01 - XXXX 10.03.2015 20:00:03.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4087.2425 [GMT 1:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
AV: ROL Secure *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: ROL Secure *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\AdobePDF.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-10 bis 2015-03-10 ))))))))))))))))))))))))))))))
.
.
2015-03-10 19:13 . 2015-03-10 19:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-10 19:13 . 2015-03-10 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-10 19:13 . 2015-03-10 19:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-03-09 09:16 . 2015-03-09 09:16 -------- d-----w- c:\programdata\Malwarebytes
2015-03-09 09:16 . 2015-03-10 07:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-09 09:16 . 2015-03-10 07:30 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 09:14 . 2015-03-09 09:14 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 08:35 . 2015-03-09 08:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-03-07 12:32 . 2015-03-07 12:34 -------- d-----w- C:\FRST
2015-03-06 07:21 . 2015-03-06 07:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-23 07:19 . 2015-02-23 07:19 -------- d-----w- c:\program files (x86)\iTunes
2015-02-23 07:19 . 2015-02-23 07:19 -------- d-----w- c:\program files\iPod
2015-02-23 07:19 . 2015-02-23 07:20 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 07:19 . 2015-02-23 07:20 -------- d-----w- c:\program files\iTunes
2015-02-13 11:13 . 2007-03-23 15:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 07:20 . 2015-01-16 07:56 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 10:24 . 2012-04-05 07:00 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 10:24 . 2011-10-01 08:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"F-Secure Hoster (41035)"="c:\program files (x86)\ROL Secure\fshoster32.exe" [2013-12-11 191528]
"F-Secure Manager"="c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2014-10-14 310312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
c:\users\marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CI1T0V405KC;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-3 110592]
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2010-12-13 155136]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe -s [2014-8-1 12660072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\ROL Secure\fshoster32.exe;c:\program files (x86)\ROL Secure\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsni;fsni;c:\program files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25994746
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 25994746
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:24]
.
2015-03-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 05:54]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 05:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplyEsf-eDocPrintPro"="c:\program files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe" [2014-04-17 2566144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {3C90111F-03C3-4522-96FE-DEA700CC0517} - hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: {EE0D7DAF-0F59-4245-924C-488EE3339CA1} - hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
FF - ProfilePath - c:\users\marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN65823296474436112&UM=&q=
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 1875d5c80000000000004487fc8b29e2
FF - user.js: extensions.Softonic.instlDay - 15501
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.321:16
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)
Wow6432Node-HKCU-Run-Akidynivi - c:\users\Marvin\AppData\Roaming\Koet\ilti.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\ROL Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,22,93,
5f,f3,8a,4a,11,82,a3,4f,45,e1,ad,ef,8e
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=hex:51,66,7a,6c,4c,1d,3b,1b,98,4c,3b,
9f,83,c7,7f,13,a0,db,eb,44,96,10,a6,e8
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,c7,6c,
b6,57,b2,20,18,9f,78,43,19,ed,51,5a,0d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,4f,90,
b6,6a,74,bb,1e,92,70,b6,ab,86,5d,07,8a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,d8,
c3,73,fe,34,13,a1,7f,db,79,c2,82,cb,b4
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,3b,1b,ae,d7,3e,
00,26,0b,a7,19,bd,69,f9,ed,d3,6d,61,16
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,89,15,
e7,6c,96,41,1e,a2,30,d1,b5,2a,91,16,1e
"{7057B18B-A9DC-4A3E-9A6F-773828BE3E27}"=hex:51,66,7a,6c,4c,1d,3b,1b,9b,a6,47,
68,ea,f3,51,1a,87,64,30,64,2b,f9,7d,3a
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c9,fa,
a5,53,98,bf,41,a1,e6,47,fc,ca,4d,f6,12
"{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=hex:51,66,7a,6c,4c,1d,3b,1b,20,e6,0c,
38,aa,b8,33,1e,ba,34,8a,45,7e,a8,e5,b3
"{45BBE08D-81C5-4A67-AF20-B2A077C67747}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,f7,ab,
5d,f3,db,08,1a,b2,2b,f5,fc,74,81,34,5a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,80,04,
6e,c6,8c,43,16,ab,e0,93,86,f2,9e,6e,5e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c3,20,
88,34,16,d0,1a,93,c7,16,38,75,4f,20,db
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,f6,cd,
87,59,d9,69,18,b6,14,53,09,c8,a8,b1,94
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:92,c4,7a,b3,1f,6a,cf,01
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,9e,ed,f1,6b,8b,96,47,b9,08,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,9e,ed,f1,6b,8b,96,47,b9,08,89,\
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="85bb6ba3-79b2-4673-b0f5-e989f9f7bcc1"
"AuthorizationCode"="T1Z4vMNLrH3IDBvfp41bsfn4fkhnl9NRzchiPq11r5PgFbJBNgyzFQ"
"41035_AgentIdentifier"="85bb6ba3-79b2-4673-b0f5-e989f9f7bcc1"
"41035_AuthorizationCode"="T1Z4vMNLrH3IDBvfp41bsfn4fkhnl9NRzchiPq11r5PgFbJBNgyzFQ"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-10 20:27:58
ComboFix-quarantined-files.txt 2015-03-10 19:27
.
Vor Suchlauf: 13 Verzeichnis(se), 248.375.877.632 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 248.877.322.240 Bytes frei
.
- - End Of File - - 8633A7D68A70AE724C82826B263AB221
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] Übrigens. Diese Woche habe ich noch keine solche dubiosen Mails erhalten. Hat vielleicht Revo Uninstaller oder sonst etwas schon Wirkung gezeigt?? Andererseits gab es sonst auch schon Mal 3-4 Tage Ruhe, bis es dann wieder von Neuem anfing. Oder ist mein ganzes Adressbuch schon durch und ich hab deshalb endgültig Ruhe? |
|
11.03.2015, 10:40
| #10 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Du musst das Passwort vom Account ändern, die Passwörter werden meist online gehackt, ohne Zutun auf dem Rechner. Wir entfernen trotzdem die Adware die zu sehen ist. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2015, 17:37
| #11 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Das Password vom E-Mail-Account meinst du doch, oder? Nicht, dass vom Router für die Internetverbindung? Ich finde es nur verwunderlich, dass gleich alle 3 Passwörter von den 3 verschiedenen Mail-Adressen zusammen gehackt wurden? mato@mato.de familie@mato.de frau@mato.de HILFEE!!! Habe jetzt Malwarebytes Anti-Malware laufen lassen, alles in Quarantäne verschoben und Neustart gemacht. Ich kann mich jetzt nur nuch als Administrator anmelden, aber darin ist nichts installiert. Mein Benutzer lässt sich nicht mehr anmelden!! Gebe ich ein falsches Passwort ein erkennt er es, gebe ich das korrekte Passwort ein, scheint es den Bruchteil einer Sekunde eine Anmeldung zu geben, aber dann erscheint sofort die Schrift "ABMELDEN" und ich komme wieder auf den Startbildschirm mit der Benutzerauswahl zurück. Ich habe versucht unter dem Administrator-Benutzer mit Malwarebytes Anti-Malware alle in Quarantäne verschobene Daten wiederherzustellen. Trotzdem bleibt alles unverändert. Ich kann mich nicht mehr mit meinem Benutzer anmelden!! HILFEE!!! Die MBAM.TXT enthält nur folgenden TExt, nichts weiter: Malwarebytes Anti-Malware www.malwarebytes.org Geändert von mato (11.03.2015 um 17:44 Uhr) |
|
12.03.2015, 09:18
| #12 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Kannste mit FRST aus dem Admin Konto scannen? Und das MBAM log enthält echt nicht mehr?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 09:53
| #13 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Also folgendes Update: 1) Heute sind wieder 2 dieser Mails angekommen. Das Problem besteht also weiter 2) Ich habe jetzt versucht mein Benutzerkonto im abgesicherten Modus zu starten. Ich hoffe es ist ein gutes Zeichen, dass ich mein Konto im abgesicherten Modus, auch im abgesicherten Modus mit Netzwerktreibern und auch im abgesicherten Modus mit Eingabeaufforderungen starten kann. 3) Im abgesicherten Modus unter meinem Benutzerkonto kann ich auch nicht an ein inhaltsreicheres Logfile ran. Folgendes glaube ich ist wenig hilfreich: Malwarebytes Anti-Malware www.malwarebytes.org Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1, Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1, Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.11.4, Scan, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 15 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 677-Malwareerkennung, (end) 4) mit FRST kann ich aus dem Admin Konto scannen. Hier das Resultat: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Administrator (administrator) on MARVIN-PC on 12-03-2015 09:55:30
Running from C:\Users\Administrator\Desktop
Loaded Profiles: UpdatusUser & Administrator (Available profiles: Marvin & UpdatusUser & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJAE.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [2566144 2014-04-17] (May Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2011-12-13] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [F-Secure Hoster (41035)] => C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-921190-1051346105-2666659791-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb
HKU\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> {C7BE57D7-037B-4C7F-BFCF-C1740E1AC7DC} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^IT&gct=&itbv=12.23.0.15&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^IT&apn_dbr=ie_9.0.8112.16476&doi=2015-01-16&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2014-12-09] (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: No Name -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2014-12-09] (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -> C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2015-03-11] (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2015-03-11] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3C90111F-03C3-4522-96FE-DEA700CC0517} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EE0D7DAF-0F59-4245-924C-488EE3339CA1} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-06-18] (Nitro PDF)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{b4208cd3-a949-4cce-a44a-a5e217608fe5}] - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: ROL Secure Total Care - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-28]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/ROL Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-09-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-27] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-26] (Freemake) [File not signed]
R2 fshoster; C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [45824 2009-12-15] (Advanced Card Systems Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-24] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-04-07] ()
R3 fsni; C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 09:55 - 2015-03-12 09:56 - 00023461 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-03-12 09:54 - 2015-03-12 09:54 - 02095616 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-03-12 09:24 - 2015-03-12 09:25 - 00000532 _____ () C:\Users\marvin\Desktop\mbam11.txt
2015-03-12 08:32 - 2015-03-12 08:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-03-11 19:05 - 2015-03-11 19:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2015-03-11 18:19 - 2015-03-11 18:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nitro PDF
2015-03-11 17:19 - 2015-03-11 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-03-11 13:12 - 2015-03-11 13:16 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoftTB
2015-03-11 13:12 - 2015-03-11 13:12 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Mozilla
2015-03-11 13:01 - 2015-03-11 13:01 - 00000020 ___SH () C:\Users\marvin\ntuser.ini
2015-03-11 12:13 - 2015-03-11 12:13 - 00001058 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-11 12:13 - 2015-03-11 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-11 12:13 - 2015-03-11 12:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-11 12:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-11 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-10 19:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-10 19:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-10 19:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-10 19:57 - 2015-03-10 20:28 - 00000000 ____D () C:\Qoobox
2015-03-10 19:57 - 2015-03-10 20:23 - 00000000 ____D () C:\Windows\erdnt
2015-03-09 10:16 - 2015-03-12 09:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 10:16 - 2015-03-11 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-09 10:16 - 2015-03-11 12:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 10:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 09:35 - 2015-03-09 09:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-07 13:32 - 2015-03-12 09:55 - 00000000 ____D () C:\FRST
2015-03-06 14:31 - 2015-03-06 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-23 08:20 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-13 12:13 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 09:51 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:51 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:47 - 2010-12-24 20:05 - 01642972 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 09:43 - 2011-07-21 07:22 - 00149792 _____ () C:\Windows\error.log
2015-03-12 09:43 - 2011-04-14 22:06 - 00195861 _____ () C:\Windows\setupact.log
2015-03-12 09:43 - 2011-01-01 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 09:43 - 2010-12-24 20:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 09:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 09:42 - 2011-07-21 07:22 - 00035449 _____ () C:\Windows\errord.log
2015-03-12 09:28 - 2010-12-24 22:01 - 00000000 ____D () C:\Users\marvin
2015-03-12 09:10 - 2011-01-01 16:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 08:32 - 2010-12-25 17:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 08:24 - 2012-04-05 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 19:47 - 2011-12-01 07:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2015-03-11 18:19 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-11 18:12 - 2009-07-14 18:58 - 00054252 _____ () C:\Windows\system32\perfh007.dat
2015-03-11 18:12 - 2009-07-14 18:58 - 00016384 _____ () C:\Windows\system32\perfc007.dat
2015-03-11 18:12 - 2009-07-14 06:13 - 00064968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 17:20 - 2011-05-29 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-03-11 13:04 - 2011-08-01 13:06 - 00078576 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 13:00 - 2011-07-12 08:21 - 00302174 _____ () C:\Windows\PFRO.log
2015-03-11 12:58 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 12:57 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2015-03-11 12:24 - 2011-02-15 12:24 - 00000254 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-03-10 20:15 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-09 10:02 - 2013-05-30 13:30 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-09 10:01 - 2013-05-30 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-09 09:49 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 09:16 - 2013-05-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 08:27 - 2014-05-07 19:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 08:20 - 2015-01-16 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 08:20 - 2015-01-16 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 08:19 - 2010-12-28 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-23 08:19 - 2013-01-06 11:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-13 12:13 - 2010-12-27 20:41 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk
2015-02-13 12:13 - 2010-12-27 20:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
==================== Files in the root of some directories =======
2013-05-30 13:30 - 2013-05-30 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-27 21:27 - 2010-12-27 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 08:37
==================== End Of Log ============================
und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-12 09:56:20
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ROL Secure (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: ROL Secure (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version: - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM-x32\...\Adobe Acrobat 8 Standard - Italiano, Español, Nederlands_831) (Version: - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard - Italiano, Español, Nederlands) (Version: 8.3.1 - Adobe Systems)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced PDF Repair v2.0 (HKLM-x32\...\Advanced PDF Repair v2.0) (Version: - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bit4Id - miniLector (HKLM-x32\...\Bit4Id - miniLector) (Version: 3.0 - Bit4id)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 14.99.105.0 (release) (x32 Version: 14.99.105.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Druckerdeinstallation für EPSON PX810FW Series (HKLM\...\EPSON PX810FW Series) (Version: - SEIKO EPSON Corporation)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: - )
eDocPrintPro (HKLM\...\{BAC11FF6-53BC-432B-84AD-9141C19F2352}) (Version: 3.20.1 - MAY Computer)
Epson Benutzerhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Useg) (Version: - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.60.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch) (Version: - )
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Free Audio CD Burner version 2.0.21.1031 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.1 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Free Screen Video Recorder version 2.5.39.1122 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1122 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
gs_x64 (HKLM\...\{344BD061-2564-422E-860F-9E5DC49983AE}) (Version: 9.10 - MAY Computer)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intr@Web Stand-Alone 13.0.0.0 (HKLM-x32\...\Intr@Web Stand-Alone 13.0.0.0) (Version: 13.0.0.0 - Sogei S.p.A.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kernel for Outlook PST Repair Evaluation ver 10.10.01 (HKLM-x32\...\Kernel for Outlook PST Repair - Evaluation Version_is1) (Version: - Nucleus Data Recovery .com)
Kernel For PDF Repair Evaluation ver 9.11.01 (HKLM-x32\...\Kernel For PDF Repair Evaluation version_is1) (Version: - Nucleus Data Recovery .com)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0407-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nitro Reader 3 (HKLM\...\{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}) (Version: 3.5.5.2 - Nitro)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (x32 Version: 3.4.49.0 - Nokia) Hidden
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Online Safety 2.99.2307.1728 (x32 Version: 2.99.2307.1728 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook)
PDF Fixer (HKLM-x32\...\PDF Fixer) (Version: 1.0 - PCVARE Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Recovery Toolbox for Word 1.1 (HKLM-x32\...\Recovery Toolbox for Word_is1) (Version: - Recovery Toolbox, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROL Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 41035) (Version: 1.99.192.0 - F-Secure Corporation)
ROL Secure Launch pad (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SolidWorks eDrawings 2013 x64 (HKLM\...\{C218FF91-5C92-4DEC-AA05-322A9D065EE4}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysInfoTools PDF Repair v1.0 (HKLM-x32\...\{B6CA247E-DB92-4F38-B0BC-C5C93E5A3914}_is1) (Version: - SysInfoTools)
Unigine Heaven Benchmark v2.0 (HKLM-x32\...\{5E9709F3-B39F-4133-AE60-3EC634971E75}) (Version: 2.0 - Unigine Corp.)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Watchtower Library 2004 - Deutsche Ausgabe (HKLM-x32\...\{3112AC55-B32E-4FE8-81D9-D55374961D5B}) (Version: - )
Watchtower Library 2007 - Deutsch (HKLM-x32\...\{E1E02530-0475-4A86-9071-5524C64CF4CB}) (Version: 9.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - Deutsch (HKLM-x32\...\{8BE514E8-4486-4730-8B68-FA15EEDC942E}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-02-2015 09:54:33 Geplanter Prüfpunkt
24-02-2015 11:37:47 Geplanter Prüfpunkt
04-03-2015 13:37:16 Geplanter Prüfpunkt
09-03-2015 09:37:15 Revo Uninstaller's restore point - Search App by Ask
09-03-2015 09:40:33 Revo Uninstaller's restore point - Shopping App by Ask
09-03-2015 09:41:50 Revo Uninstaller's restore point - Softonic toolbar on IE
09-03-2015 09:43:28 Revo Uninstaller's restore point - HP FWUpdateEDO2
09-03-2015 09:44:06 Revo Uninstaller's restore point - Feedback Tool
09-03-2015 09:45:35 Revo Uninstaller's restore point - Mein Gutscheincode Finder 1.0.0.0
09-03-2015 09:46:10 Revo Uninstaller's restore point - Word Password DEMO version 15.0
09-03-2015 09:53:11 Revo Uninstaller's restore point - Word Password Recovery Lastic 1.1
09-03-2015 09:59:57 Revo Uninstaller's restore point - HP Update
09-03-2015 10:00:09 Removed HP Update.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-10 20:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05697B83-4949-4368-8B24-133394F6C920} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29] (Adobe Systems Incorporated)
Task: {11637952-1AAF-47F0-B99F-35F4358E54D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {342B828C-8CAE-4210-A3E6-AB7C0781DFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43B02A80-5DE4-4895-8C55-E4DD70B7DA4B} - System32\Tasks\{108C941C-308A-467B-A730-09E7C54A5CFB} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {554D857C-0D3C-4DC9-B80C-6E38EE80128F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {55CF7C53-A9BE-4397-ABA2-38DB6F4BA60B} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5944B75D-7124-4BA3-B638-F06EB5520F3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7566BAB7-99B8-4631-B67B-DBD278DD5A14} - System32\Tasks\{F6C27C40-9C4A-476D-A0DB-9E3F6438D981} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {A443A926-D7C2-43A7-A065-7FDA6C489615} - System32\Tasks\{372BBC43-B6A1-4427-BE02-50ECC45EE383} => pcalua.exe -a C:\Users\Marvin\Desktop\Setup.exe -d C:\Users\Marvin\Desktop
Task: {ABBBE6EA-AA4E-457F-BB5C-94EB08A46940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {ADC89731-447A-4ECD-B38B-C3361A31230D} - System32\Tasks\{BE987430-777E-472C-BAB6-099B2F4B0F14} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe [2011-08-30] (Adobe Systems Incorporated)
Task: {AF436C3F-6EC0-479B-8BE7-DD95E4C37B79} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-19 20:33 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00340480 _____ () C:\Windows\system32\siecaces.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00229376 _____ () C:\Windows\system32\gmp4_2_1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-921190-1051346105-2666659791-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-921190-1051346105-2666659791-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-921190-1051346105-2666659791-501 - Limited - Disabled)
Marvin (S-1-5-21-921190-1051346105-2666659791-1000 - Administrator - Enabled) => C:\Users\Marvin
UpdatusUser (S-1-5-21-921190-1051346105-2666659791-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2015 09:56:25 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1 2015-03-12 09:56:25+02:00 MARVIN-PC SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae
Error: (03/12/2015 09:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:40:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:39:05 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:36:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:36:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:20:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:15:15 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:15:15 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (03/12/2015 09:12:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 12.0.6691.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f30
Startzeit: 01d05c9a9cf59fe2
Endzeit: 5085
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Berichts-ID: 71c12837-c88f-11e4-8c87-4487fc8b29e2
System errors:
=============
Error: (03/12/2015 09:44:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/12/2015 09:40:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
DfsC
discache
NetBIOS
NetBT
NetworkX
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Epson Scanner Service" ist vom Dienst "Windows-Bilderfassung (WIA)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (03/11/2015 11:19:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9395 seconds with 5820 seconds of active time. This session ended with a crash.
Error: (03/05/2015 00:47:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/04/2015 00:57:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18751 seconds with 9540 seconds of active time. This session ended with a crash.
Error: (01/17/2015 02:55:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15738 seconds with 5820 seconds of active time. This session ended with a crash.
Error: (10/21/2014 07:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45807 seconds with 15780 seconds of active time. This session ended with a crash.
Error: (09/10/2014 11:35:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160 seconds with 120 seconds of active time. This session ended with a crash.
Error: (09/10/2014 07:53:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/25/2014 04:49:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34243 seconds with 7380 seconds of active time. This session ended with a crash.
Error: (08/04/2014 04:00:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30055 seconds with 12360 seconds of active time. This session ended with a crash.
Error: (07/24/2014 10:17:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8083 seconds with 3360 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-03-10 20:10:57.372
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-10 20:10:57.298
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-19 13:41:28.366
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dxgi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-15 07:45:31.242
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-15 07:45:31.195
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:54:47.524
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:54:47.493
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:53:44.680
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-12 07:53:44.633
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-10-11 08:13:59.170
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 4087.12 MB
Available physical RAM: 2217.69 MB
Total Pagefile: 8172.37 MB
Available Pagefile: 5879.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:215.17 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:377.5 GB) NTFS
Drive e: (ORANIER) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00040336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von mato (12.03.2015 um 10:00 Uhr) |
|
12.03.2015, 19:37
| #14 |
| /// the machine /// TB-Ausbilder | SPAM wird von meiner Mail aus an meine Kontakte versendet Downloade dir bitte Rogue Killer von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 21:57
| #15 |
| | SPAM wird von meiner Mail aus an meine Kontakte versendet Nach dem Download des Programms unter dem angegebenen Link, kam eine Notiz die Version sei überholt und ich wurde auf die Seite des Entwicklers gebracht. Habe dann dort die Version (Local) Portable 64 bits heruntergeladen und den scan laufen lassen. Zugegeben: IE war während dem Scan noch offen. Hoffe das verfälscht nichts. Hier das File Code:
ATTFilter RogueKiller V10.5.4.0 (x64) [Mar 12 2015] by Adlice Software
Mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com
Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version
gestarted in : normaler Modus
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKillerX64.exe
Modus : Scannen -- Datum : 03/12/2015 21:53:59
¤¤¤ Prozesse : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> Gefunden
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} -> Gefunden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Gefunden
¤¤¤ Aufgaben : 0 ¤¤¤
¤¤¤ Dateien : 1 ¤¤¤
[Hj.Name][Datei] Tintenwarnungen überwachen - .lnk -- D:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [LNK@] C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CI1T0V405KC;CONNECTION=USB;MONITOR=1; -> Gefunden
¤¤¤ Host Dateien : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 4 (Driver: geladen) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\??\C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x744c3344)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x74573344)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x74503344)
¤¤¤ Web Browser : 0 ¤¤¤
¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] ddd5f93721360178b27f37d3d42fdeee
[BSP] 8531e45a81582aeb5c8cd5bd651b88f4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
|
|
| Themen zu SPAM wird von meiner Mail aus an meine Kontakte versendet |
| bat, bericht, cmd, dll, eigene kontakte, email, exe, folge, frage, gesendet, html, job, links, mail, malware, netzwerk, online, outlook, pdf, quarantäne, rechner, scr, spam, system, tmp, vbs, virus, wma |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
