| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Makrovirus Böttcher BüromarktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.12.2015, 15:14
| #1 |
 |  Makrovirus Böttcher Büromarkt Guten Tag, liebe Community Ich bekam gestern eine Mail von Böttcher Büromarkt mit angehängter Rechnungsdatei im .doc-Format. Ich kopierte diese Datei auf den Desktop, überprüfte sie durch Norton Security (Ergebnis: kein Virusfund) und öffnete sie dann, da eine Rechnung dieser Firma durchaus denkbar gewesen wäre. Beim Anklicken erschien neben dem Desktop-Icon der dorthin kopierten doc.Datei ein weiteres Datei-Icon, aber so kurz, dass ich den Namen nicht so schnell lesen konnte und verschwand dann wieder, die geöffnete .doc-Datei seigte ein leeres Word-Blatt an. Im Word-Trust-Center ist die Makro-Einstellung auf "Makros mit Benachrichtigung deaktivieren" eingestellt. Kann unter diesen Bedingungen überhaupt ein Makrovirus ausgeführt worden sein ? Ein anschließender Total-Scan mittels Norton war ohne Ergebnis, Malwarebytes hatte heute einige PUP/PUM gefunden (hab ich entfernt). Besteht noch Handlungsbedarf ? PS: Ich hatte die Datei vorher auf einem Android-Tablet versucht zu öffnen, ohne Erfolg (dort befindet sich als APP Polaris Office. Kann das Tablet infiziert werden durch Word-Makroviren ? Vielen Dank für jegliche Hilfe eurerseits Gruß Oligitim |
|
16.12.2015, 15:41
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Makrovirus Böttcher Büromarkt Hast Du die Email noch?
__________________ |
|
16.12.2015, 16:26
| #3 |
| | Makrovirus Böttcher Büromarkt Ja, habe ich noch.
__________________ |
|
16.12.2015, 16:28
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher Büromarkt Bitte weiterleiten:
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer Geändert von deeprybka (16.12.2015 um 16:48 Uhr) |
|
16.12.2015, 16:31
| #5 |
| | Makrovirus Böttcher Büromarkt Hab ich gemacht. |
|
16.12.2015, 16:48
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher BüromarktMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Makrovirus Böttcher Büromarkt |
|
16.12.2015, 18:01
| #7 |
| | Makrovirus Böttcher Büromarkt Das Programm startet nicht (32 Bit-Version) Nach Installation von FRST ließ sich das Programm einmal starten, einen Scan hatte ich nicht durchgeführt, dann jedoch nicht mehr (auch nicht mit Administratorrechten Habe es jetzt im abgesicherten Modus probiert und es ging, ich hoffe die log-files sind auch so verwertbar: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:16-12-2015
durchgeführt von Karsten Weikamp (Administrator) auf ACERLAPTOP (16-12-2015 17:43:43)
Gestartet von C:\Users\Karsten Weikamp\Desktop
Geladene Profile: Karsten Weikamp (Verfügbare Profile: Karsten Weikamp & Gast)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Safe Mode (minimal)
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2012-03-03] (Apple Computer, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2009-06-26] (UPEK Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [Google Update] => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr
Lsa: [Notification Packages] c:\Program Files\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{BF7E5DEF-B77F-47F0-A686-E2B632F5A62E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CA012B11-2991-418E-984A-650F75D89C46}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{DB448D58-EC26-405A-84D8-F68D63EE46EC}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll [2008-07-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Search the web (Softonic)
FF SelectedSearchEngine:
FF Homepage:
FF Keyword.URL: hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=4a066299000000000000001e6590db58&toi=16073&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin: @Citrix.com/npagee,version=10.5.55.8 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2015-01-25] (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [Keine Datei]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-281819993-3161343549-3081365374-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-281819993-3161343549-3081365374-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karsten Weikamp\AppData\Roaming\mozilla\plugins\npagee.dll [2015-01-25] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\englische-ergebnisse.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\gmx-suche.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\ixquick-https---deutsch.xml [2014-06-29]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\lastminute.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\safesearch.xml [2013-02-18]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\webde-suche.xml [2013-05-03]
FF Extension: Foxy Secure - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\extensions\admin@foxysecure.com [2014-06-30] [ist nicht signiert]
FF Extension: German Dictionary - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-25] [ist nicht signiert]
FF Extension: ProxTube - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\ich@maltegoetz.de.xpi [2015-05-31]
FF Extension: Video DownloadHelper - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-31]
FF Extension: Adblock Plus - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFAddon [2015-12-16]
Chrome:
=======
CHR Profile: C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1898168 2015-11-24] (Microsoft Corporation)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-12] () [Datei ist nicht signiert]
S2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 IGBASVC; c:\Program Files\Acer Bio Protection\BASVC.exe [3453440 2009-08-06] (Egis Technology Inc.) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NS; C:\Program Files\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [163064 2015-01-25] (Citrix Systems, Inc)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-13] (O2Micro International)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [Datei ist nicht signiert]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [Datei ist nicht signiert]
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20151207.001\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
S2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189200 2013-04-01] (Citrix Systems, Inc.)
S1 ccSet_NS; C:\Windows\system32\drivers\NS\1605050.00F\ccSetx86.sys [137456 2015-07-11] (Symantec Corporation)
S3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [42744 2015-01-25] (Citrix Systems, Inc.)
S1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-27] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [Datei ist nicht signiert]
S1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20151215.002\IDSvix86.sys [580344 2015-11-26] (Symantec Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151215.018\NAVENG.SYS [104440 2015-11-27] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151215.018\NAVEX15.SYS [1647216 2015-11-27] (Symantec Corporation)
R0 nhcDriverDevice; C:\Windows\System32\drivers\nhcDriver.sys [71680 2011-06-12] (Notebook Hardware Control) [Datei ist nicht signiert]
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
S3 SRTSP; C:\Windows\System32\Drivers\NS\1605050.00F\SRTSP.SYS [712944 2015-11-12] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NS\1605050.00F\SRTSPX.SYS [44792 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NS\1605050.00F\SYMEFASI.SYS [1287408 2015-11-12] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-08-06] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NS\1605050.00F\Ironx86.SYS [234744 2015-07-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NS\1605050.00F\SYMNETS.SYS [431328 2015-11-12] (Symantec Corporation)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-16 17:43 - 2015-12-16 17:44 - 00020063 _____ C:\Users\Karsten Weikamp\Desktop\FRST.txt
2015-12-16 17:42 - 2015-12-16 17:43 - 00220700 _____ C:\Windows\ntbtlog.txt
2015-12-16 17:01 - 2015-12-16 17:01 - 01721344 _____ (Farbar) C:\Users\Karsten Weikamp\Desktop\FRST.exe
2015-12-16 16:53 - 2015-12-16 17:43 - 00000000 ____D C:\FRST
2015-12-16 14:25 - 2015-12-16 14:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 14:25 - 2015-12-16 14:25 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-16 14:24 - 2015-12-16 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-16 14:24 - 2015-12-16 14:24 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-12-16 14:24 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 14:24 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-16 14:24 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 20:27 - 2015-12-13 20:27 - 09794560 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016_Teil2.ppt
2015-12-13 20:26 - 2015-12-13 20:26 - 20567040 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016_Teil1.ppt
2015-12-13 18:10 - 2015-12-13 18:10 - 19883008 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016Kopie.ppt
2015-12-13 18:06 - 2015-12-13 20:47 - 30146560 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016.ppt
2015-12-12 22:28 - 2015-12-12 22:28 - 02414771 _____ C:\Users\Karsten Weikamp\Downloads\Myocardial Infarction (online-video-cutter.com).mp4
2015-12-12 18:50 - 2015-12-12 18:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-12 14:50 - 2015-11-20 19:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-12 14:50 - 2015-11-20 19:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-12 14:50 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-12 14:50 - 2015-11-20 19:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-12 14:50 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-12 14:50 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-12 14:50 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-12 14:50 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-12 14:50 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-12 14:50 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-12 14:50 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-12 14:50 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-12 14:50 - 2015-11-10 18:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-12 14:50 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-12 14:50 - 2015-11-10 01:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-12 14:50 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-12 14:50 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-12 14:50 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-12 14:50 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-12 14:50 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-12 14:50 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-12 14:50 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-12 14:50 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-12 14:50 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-12 14:50 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-12 14:50 - 2015-11-10 01:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-12 14:50 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-12 14:50 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-12 14:50 - 2015-11-10 00:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-12 14:50 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 14:50 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-12 14:50 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-12 14:50 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-12 14:50 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-12 14:50 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-12 14:50 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-12 14:50 - 2015-11-10 00:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-12 14:50 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-12 14:50 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-12 14:50 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-12 14:50 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-12 14:50 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-12 14:50 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-12 14:50 - 2015-11-05 10:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-12 14:50 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-12 14:50 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-11-29 20:25 - 2015-11-29 20:25 - 00004822 _____ C:\Users\Karsten Weikamp\Documents\cc_20151129_202457.reg
2015-11-27 21:23 - 2015-11-27 21:23 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\CEF
2015-11-27 21:18 - 2015-12-12 17:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 21:00 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-27 21:00 - 2015-10-20 01:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-27 21:00 - 2015-10-20 01:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-27 21:00 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 21:00 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-27 21:00 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-27 21:00 - 2015-10-20 01:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-27 21:00 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-27 21:00 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-27 21:00 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-27 21:00 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 21:00 - 2015-10-20 00:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-27 21:00 - 2015-10-20 00:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-27 21:00 - 2015-10-20 00:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-27 21:00 - 2015-10-13 17:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-27 21:00 - 2015-10-13 17:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-27 21:00 - 2015-10-13 05:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-27 20:59 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-27 20:59 - 2015-10-01 18:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-27 20:59 - 2015-09-23 14:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-27 20:59 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-16 14:33 - 2015-11-16 14:33 - 00532880 _____ C:\Users\Karsten Weikamp\Desktop\Kursskript 20152016 Version 12 - Neues LJG - PF - Schlussfassung.pdf
2015-11-16 14:33 - 2015-11-16 14:33 - 00429904 _____ C:\Users\Karsten Weikamp\Desktop\Kursskript 20152016 Anlagen - Schlussfassung.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-16 17:43 - 2015-02-24 18:47 - 00339456 ___SH C:\Users\Karsten Weikamp\Desktop\Thumbs.db
2015-12-16 17:43 - 2009-05-07 10:03 - 00000000 ____D C:\Windows
2015-12-16 17:19 - 2012-04-25 21:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 17:10 - 2009-07-14 05:34 - 00028800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-16 17:10 - 2009-07-14 05:34 - 00028800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-16 17:02 - 2014-10-21 07:01 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754.job
2015-12-16 16:57 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 14:55 - 2009-07-28 05:26 - 00000000 ____D C:\Windows\Panther
2015-12-16 14:53 - 2014-01-03 15:32 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\genienext
2015-12-16 14:53 - 2014-01-03 15:31 - 00000000 ____D C:\Program Files\Mobogenie
2015-12-16 14:24 - 2011-08-28 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-16 14:23 - 2014-10-21 07:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c.job
2015-12-16 14:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 18:17 - 2009-11-25 18:09 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\ElevatedDiagnostics
2015-12-15 15:39 - 2014-06-29 21:56 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Roaming\Security Systems
2015-12-13 17:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-12-13 13:51 - 2009-07-14 05:33 - 00446904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-13 13:50 - 2009-09-19 01:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 13:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-13 13:33 - 2010-06-05 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 13:33 - 2009-09-19 01:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-13 13:19 - 2013-08-14 17:57 - 00000000 ____D C:\Windows\system32\MRT
2015-12-13 13:19 - 2009-11-08 14:19 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-12 22:18 - 2010-02-02 14:32 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Roaming\vlc
2015-12-12 14:19 - 2012-04-25 21:46 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-12 14:19 - 2011-05-21 14:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-12 14:00 - 2015-02-09 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-12 13:59 - 2015-02-09 13:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-12 13:59 - 2009-11-12 21:11 - 00000000 ____D C:\Users\Karsten Weikamp\Documents\VorträgeJagdkurs
2015-12-07 20:25 - 2009-11-06 21:05 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-12-07 18:36 - 2010-12-06 14:29 - 00916480 ___SH C:\Users\Karsten Weikamp\Documents\Thumbs.db
2015-11-30 18:28 - 2009-10-06 07:59 - 00710134 _____ C:\Windows\system32\perfh007.dat
2015-11-30 18:28 - 2009-10-06 07:59 - 00154538 _____ C:\Windows\system32\perfc007.dat
2015-11-30 18:28 - 2009-07-28 04:34 - 01649420 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 20:24 - 2010-01-09 17:19 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\CrashDumps
2015-11-29 17:27 - 2015-03-27 16:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-11-29 17:27 - 2015-03-27 16:42 - 00000000 ____D C:\Windows\system32\Drivers\NS
2015-11-28 15:32 - 2009-09-16 09:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-27 21:23 - 2014-08-24 14:02 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\ProgramData\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\Program Files\Adobe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-11-12 21:04 - 2014-11-19 12:30 - 0025088 _____ () C:\Users\Karsten Weikamp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-06 18:16 - 2010-12-06 18:16 - 0000103 _____ () C:\Users\Karsten Weikamp\AppData\Local\fusioncache.dat
2011-10-06 13:26 - 2011-10-06 13:26 - 0007605 _____ () C:\Users\Karsten Weikamp\AppData\Local\Resmon.ResmonCfg
2011-06-14 11:51 - 2011-06-14 11:51 - 0000000 _____ () C:\Users\Karsten Weikamp\AppData\Local\{D0077FEE-69E4-4E64-A744-A5727758C71D}
2014-01-03 15:38 - 2014-01-23 13:16 - 0000085 ___SH () C:\ProgramData\.zreglib
2009-11-06 21:05 - 2015-12-07 20:25 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-13 17:52
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:16-12-2015
durchgeführt von Karsten Weikamp (2015-12-16 17:44:48)
Gestartet von C:\Users\Karsten Weikamp\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2009-11-06 20:54:43)
Start-Modus: Safe Mode (minimal)
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-281819993-3161343549-3081365374-500 - Administrator - Disabled)
ASPNET (S-1-5-21-281819993-3161343549-3081365374-1009 - Limited - Enabled)
Gast (S-1-5-21-281819993-3161343549-3081365374-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-281819993-3161343549-3081365374-1007 - Limited - Enabled)
Karsten Weikamp (S-1-5-21-281819993-3161343549-3081365374-1003 - Administrator - Enabled) => C:\Users\Karsten Weikamp
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.48 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric)
Amazon Kindle (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Amazon Kindle) (Version: - Amazon)
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ATI AVIVO Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D168D111-C33C-A437-0D63-E300EC7C938A}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
calibre (HKLM\...\{6A64AE0B-9CAB-4811-980F-406376C5E44A}) (Version: 0.9.36 - Kovid Goyal)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.7.3.0 - Canon Inc.)
ccc-core-static (Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
EVEREST Corporate Edition v4.60 (HKLM\...\EVEREST Corporate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
Fingerprint Solution (Version: 6.1.48.0 - Egis Technology Inc.) Hidden
fit zur schriftlichen Jägerprüfung (HKLM\...\{13153F10-CAE7-4C15-A0B0-C51B9BA3CAAA}_is1) (Version: - Deutscher Landwirtschaftsverlag GmbH)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Fritz11 WM Edition (HKLM\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 1.0 - ChessBase)
Fritz11 WM Edition (Version: 1.0 - ChessBase) Hidden
Google Chrome (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagd- und Waffenrecht 08.10 (HKLM\...\{DFAF662D-8482-4EFD-B75E-A937095159C7}) (Version: 1.30.0003 - Hergarten-Media)
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Acer Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedQM-Tool (HKLM\...\{F43D5373-0B9C-4A6D-ABB8-1F100CF599A7}) (Version: 2.1.4 - Medizin QM GmbH)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{BA2F05A3-080A-4371-AAC1-F15404605982}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7FB12670-0F93-4E1E-B2F5-4F339199A03A}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 de) (HKLM\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetScaler Gateway Plug-in (HKLM\...\{7A0D7123-35B2-4220-B8E9-81976BF4B952}) (Version: 10.5.55.8 - Citrix Systems, Inc.)
Norton Security (HKLM\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.56 - NewTech Infosystems) Hidden
O2Micro Flash Memory Card Reader Driver (HKLM\...\{C631FB9D-81D2-4E4E-A688-901AC748322D}) (Version: 3.31.02 - O2Micro)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
QM Management (HKLM\...\QM Management) (Version: 1.0.0.0 - VR Medien & Events GmbH)
QuickLOAD (HKLM\...\ST5UNST #1) (Version: - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPBA 5.8 (HKLM\...\{ECCD28B2-8798-4D16-8126-625D728294A1}) (Version: 5.8.2.5652 - UPEK Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
==================== Wiederherstellungspunkte =========================
15-12-2015 18:16:39 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2013-02-03 20:50 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02360D7C-9276-4A01-90EC-5C682F37E035} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {07E1F414-A126-4682-A02F-2BD35205B5C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {0BA4CC67-A772-4902-8F3F-A068B2ECC33F} - System32\Tasks\{596C63C0-829D-4768-8DC6-BA00960A0AA4} => E:\DataCard_Setup.exe
Task: {180B5116-F991-4A54-9D6C-34296065CDB8} - System32\Tasks\{44D512B8-E7EA-48CC-B5B3-F1325B33B540} => pcalua.exe -a E:\DataCard_Setup.exe -d E:\
Task: {27647861-0D8D-4BD0-A659-25106B1575D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {30267D00-5F18-4571-9B30-0DEDD73B53D6} - System32\Tasks\{4893EDB9-E5C7-4967-8A2B-FB39295BC65A} => F:\DataCard_Setup.exe
Task: {31DB48EE-5679-4A84-90C7-BD2E34E02A4A} - System32\Tasks\{563B5C85-C449-490E-B048-9010B408C65A} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {32F87DCE-F9DF-4EC3-8DCD-DBF473E861F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {345F6378-C0DC-44E3-807A-75B5D4D48117} - System32\Tasks\{6FA4F0E5-4FD5-49C0-9207-7A4CA23A7B2C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Desktop\STIscreensaver.exe" -d "C:\Users\Karsten Weikamp\Desktop"
Task: {3B3A55E5-1A79-42C9-9D3B-4A20AB8B3EE3} - System32\Tasks\{FCCE8D94-9652-4819-93D0-31B7B6C564E8} => E:\DataCard_Setup.exe
Task: {4660CED4-1E64-4487-8F7B-C20C769475BC} - System32\Tasks\{558E76A3-D8BC-43F7-B35B-2F4FC10E2294} => pcalua.exe -a "C:\Users\Karsten Weikamp\AppData\Local\Temp\Temp1_STI_1911ScreensaverSetup.zip\STI_TrojanScreensaverSetup.exe"
Task: {523AB1D8-6749-4125-A7C0-F724E1782262} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {531542BA-F604-4BE5-AB8C-24F682666B06} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {656FE5AD-D148-4222-851D-71B02CF6EB1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {6FAE089F-5899-4920-AF93-C418CC47B53A} - System32\Tasks\{678A528F-6BB9-40FD-AE15-52311C5DDF84} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {7297E281-CC46-45AE-96BA-6B32738C1E0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {7DA9F786-F9E3-4F94-9E46-62284E23DBCB} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {874D704E-94FA-4F45-8CB3-58209A3056C4} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8CAB19BD-7D6B-4F58-B790-D4AE5701244C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {8FDC1668-486D-42B9-B085-9CFF349F671C} - System32\Tasks\{72B5F123-9171-4F66-A2A1-CBE83D0953D7} => E:\DataCard_Setup.exe
Task: {9106611C-A7E0-4A9C-A9C0-045F14D7B885} - System32\Tasks\{3250A409-A99B-4C9E-B430-B75BCA0177B2} => E:\DataCard_Setup.exe
Task: {913F612C-7B4E-4E8B-A06D-5C38840FBAAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {93FC67B0-C3C7-46AA-9AB1-E1C5E7BE7510} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {B6FDDAF3-881D-4E5B-AF74-32FDB2C1A1E0} - System32\Tasks\{8745E8DB-900B-46AD-B2C4-B8E1D305355C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\RootkitBuster_v5_1061.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {BD80F298-050C-42E6-9DDF-000E6C50636E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-12] (Microsoft Corporation)
Task: {BFCC35EC-66CE-487B-81C3-A70336B3DA9A} - System32\Tasks\{610699F9-1BBE-4A26-9A66-E0AF485A1FF7} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\Vistumbler_v9-8.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {C0A6790A-59E4-4449-899F-8B5A7095D7EF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {C8C5F05B-8130-4E01-8AF7-DA570A2ADA46} - System32\Tasks\{1AA33ED0-A144-49FB-A683-C25FEE57166C} => E:\DataCard_Setup.exe
Task: {DA4BFE19-3A0A-42B7-B84A-9AE333FF8513} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {FBF74640-9E75-41D3-837A-F26D2B2C3F02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754 => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Karsten Weikamp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NetScaler Gateway.lnk => C:\Windows\pss\NetScaler Gateway.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1435598673
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DataCardMonitor => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Karsten Weikamp\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Updater shortcut => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
MSCONFIG\startupreg: VitaKeyPdtWzd => "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37028EB4-9C11-485B-A29E-533D68CDD3FB}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{7A1C0A54-8602-4F9B-9F46-91D449C2A8C6}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{85D33B3E-CC32-4E62-8BC9-658413B5A8DA}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8E4955C8-BC7A-45D2-A678-F433E5C5983B}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{2DB83C04-3B90-405C-B122-75C588FB60BE}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{6F338580-CB63-4CB7-A1F1-8AD662C50A59}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{DE4AF4D5-4B51-4CA0-A351-6A719E2F69EA}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EFBFADBD-DC21-47A7-883D-979DCD9D2D9D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AA7FA340-2B96-4BFA-AE14-EF7EF2B762C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5A240972-9F07-49AC-AA89-D9F2D3569EC7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{8C45C8A9-BDB1-4C66-92B6-317C23D145E0}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{BFB19199-9DB9-4FD5-B740-5E0F470FE4E2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{C3E035AA-5C58-4A70-994C-10CC810326F6}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{13731A6D-F88F-4634-91C9-DBFC61F2369C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{689A8B9C-DBED-489E-A7FC-7C54A4FCB080}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/12/2015 05:28:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: ACERLAPTOP)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 06:26:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3284) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 529) (User: )
Description: taskhost (3284) WebCacheLocal: Fehler bei der Überprüfung des aus der Datei 'C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log' bei Offset 126976 (0x000000000001f000) für 512 (0x00000200) Bytes gelesenen Protokollbereichs aufgrund eines fehlerhaften Prüfsummenprotokolldatensatzes. Fehler -501 (0xfffffe0b) des Lesenvorgangs. Wenn dieser Zustand andauert, stellen Sie sie Protokolldatei aus einer früheren Sicherung wieder her.
Error: (11/29/2015 08:00:38 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Systemfehler:
=============
Error: (12/16/2015 05:44:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:43:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 3066.95 MB
Verfügbarer physikalischer RAM: 2310.42 MB
Summe virtueller Speicher: 6132.22 MB
Verfügbarer virtueller Speicher: 5443.19 MB
==================== Laufwerke ================================
Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:312.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Lehrmittel 2016) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 36083607)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
|
|
16.12.2015, 18:55
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher Büromarkt Bitte Scan im Normalmodus versuchen. Du kannst doch im Normalmodus arbeiten? Ggf. Norton deaktivieren.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
16.12.2015, 19:20
| #9 |
| | Makrovirus Böttcher Büromarkt Nur nach Auschalten von Norton war Scan im Normalbetrieb möglich, jetzt bleibt trotz Wiedereinschalten von Norton die Warnung "Der Computer ist gefährdet" (erweitertes SONAR nicht ausgeführt) ?? Anbei die Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:16-12-2015 01
durchgeführt von Karsten Weikamp (Administrator) auf ACERLAPTOP (16-12-2015 19:02:00)
Gestartet von C:\Users\Karsten Weikamp\Desktop
Geladene Profile: Karsten Weikamp (Verfügbare Profile: Karsten Weikamp & Gast)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.5.15\ns.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.5.15\ns.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2012-03-03] (Apple Computer, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2009-06-26] (UPEK Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [Google Update] => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr
Lsa: [Notification Packages] c:\Program Files\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Karsten Weikamp\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-22] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{BF7E5DEF-B77F-47F0-A686-E2B632F5A62E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CA012B11-2991-418E-984A-650F75D89C46}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{DB448D58-EC26-405A-84D8-F68D63EE46EC}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE353
SearchScopes: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-281819993-3161343549-3081365374-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-06] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll [2008-07-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Search the web (Softonic)
FF SelectedSearchEngine:
FF Homepage:
FF Keyword.URL: hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=4a066299000000000000001e6590db58&toi=16073&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin: @Citrix.com/npagee,version=10.5.55.8 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2015-01-25] (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [Keine Datei]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-281819993-3161343549-3081365374-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-281819993-3161343549-3081365374-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-03-03] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karsten Weikamp\AppData\Roaming\mozilla\plugins\npagee.dll [2015-01-25] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\englische-ergebnisse.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\gmx-suche.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\ixquick-https---deutsch.xml [2014-06-29]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\lastminute.xml [2013-05-03]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\safesearch.xml [2013-02-18]
FF SearchPlugin: C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\webde-suche.xml [2013-05-03]
FF Extension: Foxy Secure - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\extensions\admin@foxysecure.com [2014-06-30] [ist nicht signiert]
FF Extension: German Dictionary - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-25] [ist nicht signiert]
FF Extension: ProxTube - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\ich@maltegoetz.de.xpi [2015-05-31]
FF Extension: Video DownloadHelper - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-31]
FF Extension: Adblock Plus - C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFAddon [2015-12-16]
Chrome:
=======
CHR Profile: C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1898168 2015-11-24] (Microsoft Corporation)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-12] () [Datei ist nicht signiert]
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 IGBASVC; c:\Program Files\Acer Bio Protection\BASVC.exe [3453440 2009-08-06] (Egis Technology Inc.) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NS; C:\Program Files\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [163064 2015-01-25] (Citrix Systems, Inc)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-13] (O2Micro International)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [Datei ist nicht signiert]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [Datei ist nicht signiert]
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20151207.001\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189200 2013-04-01] (Citrix Systems, Inc.)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1605050.00F\ccSetx86.sys [137456 2015-07-11] (Symantec Corporation)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [42744 2015-01-25] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-27] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [Datei ist nicht signiert]
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20151215.002\IDSvix86.sys [580344 2015-11-26] (Symantec Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151215.018\NAVENG.SYS [104440 2015-11-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151215.018\NAVEX15.SYS [1647216 2015-11-27] (Symantec Corporation)
R0 nhcDriverDevice; C:\Windows\System32\drivers\nhcDriver.sys [71680 2011-06-12] (Notebook Hardware Control) [Datei ist nicht signiert]
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
R3 SRTSP; C:\Windows\System32\Drivers\NS\1605050.00F\SRTSP.SYS [712944 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1605050.00F\SRTSPX.SYS [44792 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NS\1605050.00F\SYMEFASI.SYS [1287408 2015-11-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-08-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1605050.00F\Ironx86.SYS [234744 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NS\1605050.00F\SYMNETS.SYS [431328 2015-11-12] (Symantec Corporation)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-16 19:02 - 2015-12-16 19:02 - 00022441 _____ C:\Users\Karsten Weikamp\Desktop\FRST.txt
2015-12-16 19:01 - 2015-12-16 19:01 - 01721344 _____ (Farbar) C:\Users\Karsten Weikamp\Desktop\FRST.exe
2015-12-16 18:59 - 2015-12-16 18:59 - 00000000 ____D C:\Users\Karsten Weikamp\Desktop\Neuer Ordner
2015-12-16 17:42 - 2015-12-16 17:43 - 00220700 _____ C:\Windows\ntbtlog.txt
2015-12-16 16:53 - 2015-12-16 19:02 - 00000000 ____D C:\FRST
2015-12-16 14:25 - 2015-12-16 18:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 14:25 - 2015-12-16 14:25 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-16 14:24 - 2015-12-16 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-12-16 14:24 - 2015-12-16 14:24 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-12-16 14:24 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 14:24 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-16 14:24 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 20:27 - 2015-12-13 20:27 - 09794560 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016_Teil2.ppt
2015-12-13 20:26 - 2015-12-13 20:26 - 20567040 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016_Teil1.ppt
2015-12-13 18:10 - 2015-12-13 18:10 - 19883008 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016Kopie.ppt
2015-12-13 18:06 - 2015-12-13 20:47 - 30146560 _____ C:\Users\Karsten Weikamp\Desktop\FAS2016.ppt
2015-12-12 22:28 - 2015-12-12 22:28 - 02414771 _____ C:\Users\Karsten Weikamp\Downloads\Myocardial Infarction (online-video-cutter.com).mp4
2015-12-12 18:50 - 2015-12-12 18:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-12 14:50 - 2015-11-20 19:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-12 14:50 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-12 14:50 - 2015-11-20 19:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-12 14:50 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-12 14:50 - 2015-11-20 19:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-12 14:50 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-12 14:50 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-12 14:50 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-12 14:50 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-12 14:50 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-12 14:50 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-12 14:50 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-12 14:50 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-12 14:50 - 2015-11-10 19:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-12 14:50 - 2015-11-10 18:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-12 14:50 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-12 14:50 - 2015-11-10 01:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-12 14:50 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-12 14:50 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-12 14:50 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-12 14:50 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-12 14:50 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-12 14:50 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-12 14:50 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-12 14:50 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-12 14:50 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-12 14:50 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-12 14:50 - 2015-11-10 01:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-12 14:50 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-12 14:50 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-12 14:50 - 2015-11-10 00:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-12 14:50 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 14:50 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-12 14:50 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-12 14:50 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-12 14:50 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-12 14:50 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-12 14:50 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-12 14:50 - 2015-11-10 00:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-12 14:50 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-12 14:50 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-12 14:50 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-12 14:50 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-12 14:50 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-12 14:50 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-12 14:50 - 2015-11-05 10:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-12 14:50 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-12 14:50 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-11-29 20:25 - 2015-11-29 20:25 - 00004822 _____ C:\Users\Karsten Weikamp\Documents\cc_20151129_202457.reg
2015-11-27 21:23 - 2015-11-27 21:23 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\CEF
2015-11-27 21:18 - 2015-12-12 17:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 21:00 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-27 21:00 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 21:00 - 2015-10-20 01:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-27 21:00 - 2015-10-20 01:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-27 21:00 - 2015-10-20 01:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-27 21:00 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 21:00 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 21:00 - 2015-10-20 01:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-27 21:00 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-27 21:00 - 2015-10-20 01:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-27 21:00 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-27 21:00 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-27 21:00 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-27 21:00 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 21:00 - 2015-10-20 00:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-27 21:00 - 2015-10-20 00:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-27 21:00 - 2015-10-20 00:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-27 21:00 - 2015-10-13 17:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-27 21:00 - 2015-10-13 17:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-27 21:00 - 2015-10-13 05:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-27 20:59 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-27 20:59 - 2015-10-01 18:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-27 20:59 - 2015-09-23 14:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-27 20:59 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-16 14:33 - 2015-11-16 14:33 - 00532880 _____ C:\Users\Karsten Weikamp\Desktop\Kursskript 20152016 Version 12 - Neues LJG - PF - Schlussfassung.pdf
2015-11-16 14:33 - 2015-11-16 14:33 - 00429904 _____ C:\Users\Karsten Weikamp\Desktop\Kursskript 20152016 Anlagen - Schlussfassung.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-16 19:02 - 2014-10-21 07:01 - 00001160 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754.job
2015-12-16 18:19 - 2012-04-25 21:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 17:58 - 2009-07-14 05:34 - 00028800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-16 17:58 - 2009-07-14 05:34 - 00028800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-16 17:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 17:43 - 2015-02-24 18:47 - 00339456 ___SH C:\Users\Karsten Weikamp\Desktop\Thumbs.db
2015-12-16 17:43 - 2009-05-07 10:03 - 00000000 ____D C:\Windows
2015-12-16 14:55 - 2009-07-28 05:26 - 00000000 ____D C:\Windows\Panther
2015-12-16 14:53 - 2014-01-03 15:32 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\genienext
2015-12-16 14:53 - 2014-01-03 15:31 - 00000000 ____D C:\Program Files\Mobogenie
2015-12-16 14:24 - 2011-08-28 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-16 14:23 - 2014-10-21 07:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c.job
2015-12-16 14:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 18:17 - 2009-11-25 18:09 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\ElevatedDiagnostics
2015-12-15 15:39 - 2014-06-29 21:56 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Roaming\Security Systems
2015-12-13 17:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-12-13 13:51 - 2009-07-14 05:33 - 00446904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-13 13:50 - 2009-09-19 01:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 13:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-13 13:33 - 2010-06-05 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 13:33 - 2009-09-19 01:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-13 13:19 - 2013-08-14 17:57 - 00000000 ____D C:\Windows\system32\MRT
2015-12-13 13:19 - 2009-11-08 14:19 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-12 22:18 - 2010-02-02 14:32 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Roaming\vlc
2015-12-12 14:19 - 2012-04-25 21:46 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-12 14:19 - 2011-05-21 14:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-12 14:00 - 2015-02-09 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-12 13:59 - 2015-02-09 13:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-12 13:59 - 2009-11-12 21:11 - 00000000 ____D C:\Users\Karsten Weikamp\Documents\VorträgeJagdkurs
2015-12-07 20:25 - 2009-11-06 21:05 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-12-07 18:36 - 2010-12-06 14:29 - 00916480 ___SH C:\Users\Karsten Weikamp\Documents\Thumbs.db
2015-11-30 18:28 - 2009-10-06 07:59 - 00710134 _____ C:\Windows\system32\perfh007.dat
2015-11-30 18:28 - 2009-10-06 07:59 - 00154538 _____ C:\Windows\system32\perfc007.dat
2015-11-30 18:28 - 2009-07-28 04:34 - 01649420 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 20:24 - 2010-01-09 17:19 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\CrashDumps
2015-11-29 17:27 - 2015-03-27 16:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-11-29 17:27 - 2015-03-27 16:42 - 00000000 ____D C:\Windows\system32\Drivers\NS
2015-11-28 15:32 - 2009-09-16 09:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-27 21:23 - 2014-08-24 14:02 - 00000000 ____D C:\Users\Karsten Weikamp\AppData\Local\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\ProgramData\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-27 21:18 - 2009-09-16 08:12 - 00000000 ____D C:\Program Files\Adobe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2009-11-12 21:04 - 2014-11-19 12:30 - 0025088 _____ () C:\Users\Karsten Weikamp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-06 18:16 - 2010-12-06 18:16 - 0000103 _____ () C:\Users\Karsten Weikamp\AppData\Local\fusioncache.dat
2011-10-06 13:26 - 2011-10-06 13:26 - 0007605 _____ () C:\Users\Karsten Weikamp\AppData\Local\Resmon.ResmonCfg
2011-06-14 11:51 - 2011-06-14 11:51 - 0000000 _____ () C:\Users\Karsten Weikamp\AppData\Local\{D0077FEE-69E4-4E64-A744-A5727758C71D}
2014-01-03 15:38 - 2014-01-23 13:16 - 0000085 ___SH () C:\ProgramData\.zreglib
2009-11-06 21:05 - 2015-12-07 20:25 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-13 17:52
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:16-12-2015 01
durchgeführt von Karsten Weikamp (2015-12-16 19:02:39)
Gestartet von C:\Users\Karsten Weikamp\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2009-11-06 20:54:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-281819993-3161343549-3081365374-500 - Administrator - Disabled)
ASPNET (S-1-5-21-281819993-3161343549-3081365374-1009 - Limited - Enabled)
Gast (S-1-5-21-281819993-3161343549-3081365374-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-281819993-3161343549-3081365374-1007 - Limited - Enabled)
Karsten Weikamp (S-1-5-21-281819993-3161343549-3081365374-1003 - Administrator - Enabled) => C:\Users\Karsten Weikamp
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.48 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric)
Amazon Kindle (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Amazon Kindle) (Version: - Amazon)
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ATI AVIVO Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D168D111-C33C-A437-0D63-E300EC7C938A}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
calibre (HKLM\...\{6A64AE0B-9CAB-4811-980F-406376C5E44A}) (Version: 0.9.36 - Kovid Goyal)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.7.3.0 - Canon Inc.)
ccc-core-static (Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
EVEREST Corporate Edition v4.60 (HKLM\...\EVEREST Corporate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
Fingerprint Solution (Version: 6.1.48.0 - Egis Technology Inc.) Hidden
fit zur schriftlichen Jägerprüfung (HKLM\...\{13153F10-CAE7-4C15-A0B0-C51B9BA3CAAA}_is1) (Version: - Deutscher Landwirtschaftsverlag GmbH)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Fritz11 WM Edition (HKLM\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 1.0 - ChessBase)
Fritz11 WM Edition (Version: 1.0 - ChessBase) Hidden
Google Chrome (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagd- und Waffenrecht 08.10 (HKLM\...\{DFAF662D-8482-4EFD-B75E-A937095159C7}) (Version: 1.30.0003 - Hergarten-Media)
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Acer Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedQM-Tool (HKLM\...\{F43D5373-0B9C-4A6D-ABB8-1F100CF599A7}) (Version: 2.1.4 - Medizin QM GmbH)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{BA2F05A3-080A-4371-AAC1-F15404605982}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7FB12670-0F93-4E1E-B2F5-4F339199A03A}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 de) (HKLM\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetScaler Gateway Plug-in (HKLM\...\{7A0D7123-35B2-4220-B8E9-81976BF4B952}) (Version: 10.5.55.8 - Citrix Systems, Inc.)
Norton Security (HKLM\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.56 - NewTech Infosystems) Hidden
O2Micro Flash Memory Card Reader Driver (HKLM\...\{C631FB9D-81D2-4E4E-A688-901AC748322D}) (Version: 3.31.02 - O2Micro)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
QM Management (HKLM\...\QM Management) (Version: 1.0.0.0 - VR Medien & Events GmbH)
QuickLOAD (HKLM\...\ST5UNST #1) (Version: - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPBA 5.8 (HKLM\...\{ECCD28B2-8798-4D16-8126-625D728294A1}) (Version: 5.8.2.5652 - UPEK Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
==================== Wiederherstellungspunkte =========================
15-12-2015 18:16:39 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2013-02-03 20:50 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02360D7C-9276-4A01-90EC-5C682F37E035} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {07E1F414-A126-4682-A02F-2BD35205B5C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {0BA4CC67-A772-4902-8F3F-A068B2ECC33F} - System32\Tasks\{596C63C0-829D-4768-8DC6-BA00960A0AA4} => E:\DataCard_Setup.exe
Task: {180B5116-F991-4A54-9D6C-34296065CDB8} - System32\Tasks\{44D512B8-E7EA-48CC-B5B3-F1325B33B540} => pcalua.exe -a E:\DataCard_Setup.exe -d E:\
Task: {27647861-0D8D-4BD0-A659-25106B1575D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {30267D00-5F18-4571-9B30-0DEDD73B53D6} - System32\Tasks\{4893EDB9-E5C7-4967-8A2B-FB39295BC65A} => F:\DataCard_Setup.exe
Task: {31DB48EE-5679-4A84-90C7-BD2E34E02A4A} - System32\Tasks\{563B5C85-C449-490E-B048-9010B408C65A} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {32F87DCE-F9DF-4EC3-8DCD-DBF473E861F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {345F6378-C0DC-44E3-807A-75B5D4D48117} - System32\Tasks\{6FA4F0E5-4FD5-49C0-9207-7A4CA23A7B2C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Desktop\STIscreensaver.exe" -d "C:\Users\Karsten Weikamp\Desktop"
Task: {3B3A55E5-1A79-42C9-9D3B-4A20AB8B3EE3} - System32\Tasks\{FCCE8D94-9652-4819-93D0-31B7B6C564E8} => E:\DataCard_Setup.exe
Task: {4660CED4-1E64-4487-8F7B-C20C769475BC} - System32\Tasks\{558E76A3-D8BC-43F7-B35B-2F4FC10E2294} => pcalua.exe -a "C:\Users\Karsten Weikamp\AppData\Local\Temp\Temp1_STI_1911ScreensaverSetup.zip\STI_TrojanScreensaverSetup.exe"
Task: {523AB1D8-6749-4125-A7C0-F724E1782262} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {531542BA-F604-4BE5-AB8C-24F682666B06} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {656FE5AD-D148-4222-851D-71B02CF6EB1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {6FAE089F-5899-4920-AF93-C418CC47B53A} - System32\Tasks\{678A528F-6BB9-40FD-AE15-52311C5DDF84} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {7297E281-CC46-45AE-96BA-6B32738C1E0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {73916610-3ED4-42D4-B4B7-17FB236FB20B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {7DA9F786-F9E3-4F94-9E46-62284E23DBCB} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {874D704E-94FA-4F45-8CB3-58209A3056C4} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8CAB19BD-7D6B-4F58-B790-D4AE5701244C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {8FDC1668-486D-42B9-B085-9CFF349F671C} - System32\Tasks\{72B5F123-9171-4F66-A2A1-CBE83D0953D7} => E:\DataCard_Setup.exe
Task: {9106611C-A7E0-4A9C-A9C0-045F14D7B885} - System32\Tasks\{3250A409-A99B-4C9E-B430-B75BCA0177B2} => E:\DataCard_Setup.exe
Task: {913F612C-7B4E-4E8B-A06D-5C38840FBAAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {93FC67B0-C3C7-46AA-9AB1-E1C5E7BE7510} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {B6FDDAF3-881D-4E5B-AF74-32FDB2C1A1E0} - System32\Tasks\{8745E8DB-900B-46AD-B2C4-B8E1D305355C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\RootkitBuster_v5_1061.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {BD80F298-050C-42E6-9DDF-000E6C50636E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-12] (Microsoft Corporation)
Task: {BFCC35EC-66CE-487B-81C3-A70336B3DA9A} - System32\Tasks\{610699F9-1BBE-4A26-9A66-E0AF485A1FF7} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\Vistumbler_v9-8.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {C8C5F05B-8130-4E01-8AF7-DA570A2ADA46} - System32\Tasks\{1AA33ED0-A144-49FB-A683-C25FEE57166C} => E:\DataCard_Setup.exe
Task: {DA4BFE19-3A0A-42B7-B84A-9AE333FF8513} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {FBF74640-9E75-41D3-837A-F26D2B2C3F02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754 => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-09 13:57 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2009-09-19 01:09 - 2009-08-12 00:29 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-09-19 01:09 - 2009-09-19 01:09 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2015-11-16 17:55 - 2015-11-16 17:55 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2009-07-29 12:10 - 2009-07-29 12:10 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-05 22:06 - 2009-10-05 22:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Karsten Weikamp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NetScaler Gateway.lnk => C:\Windows\pss\NetScaler Gateway.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1435598673
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DataCardMonitor => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Karsten Weikamp\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Updater shortcut => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
MSCONFIG\startupreg: VitaKeyPdtWzd => "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37028EB4-9C11-485B-A29E-533D68CDD3FB}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{7A1C0A54-8602-4F9B-9F46-91D449C2A8C6}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{85D33B3E-CC32-4E62-8BC9-658413B5A8DA}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8E4955C8-BC7A-45D2-A678-F433E5C5983B}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{2DB83C04-3B90-405C-B122-75C588FB60BE}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{6F338580-CB63-4CB7-A1F1-8AD662C50A59}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{DE4AF4D5-4B51-4CA0-A351-6A719E2F69EA}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EFBFADBD-DC21-47A7-883D-979DCD9D2D9D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AA7FA340-2B96-4BFA-AE14-EF7EF2B762C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5A240972-9F07-49AC-AA89-D9F2D3569EC7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{8C45C8A9-BDB1-4C66-92B6-317C23D145E0}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{BFB19199-9DB9-4FD5-B740-5E0F470FE4E2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{C3E035AA-5C58-4A70-994C-10CC810326F6}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{13731A6D-F88F-4634-91C9-DBFC61F2369C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{689A8B9C-DBED-489E-A7FC-7C54A4FCB080}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/12/2015 05:28:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: ACERLAPTOP)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 06:26:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3284) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 529) (User: )
Description: taskhost (3284) WebCacheLocal: Fehler bei der Überprüfung des aus der Datei 'C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log' bei Offset 126976 (0x000000000001f000) für 512 (0x00000200) Bytes gelesenen Protokollbereichs aufgrund eines fehlerhaften Prüfsummenprotokolldatensatzes. Fehler -501 (0xfffffe0b) des Lesenvorgangs. Wenn dieser Zustand andauert, stellen Sie sie Protokolldatei aus einer früheren Sicherung wieder her.
Error: (11/29/2015 08:00:38 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Systemfehler:
=============
Error: (12/16/2015 06:09:40 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{DB448D58-EC26-405A-84D8-F68D63EE46EC}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (12/16/2015 05:52:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/16/2015 05:52:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.
Error: (12/16/2015 05:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2015 05:48:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (12/16/2015 05:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (12/16/2015 05:44:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 3066.95 MB
Verfügbarer physikalischer RAM: 1673.81 MB
Summe virtueller Speicher: 6132.22 MB
Verfügbarer virtueller Speicher: 4624.04 MB
==================== Laufwerke ================================
Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:312.54 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Lehrmittel 2016) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 36083607)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:16-12-2015 01
durchgeführt von Karsten Weikamp (2015-12-16 19:02:39)
Gestartet von C:\Users\Karsten Weikamp\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2009-11-06 20:54:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-281819993-3161343549-3081365374-500 - Administrator - Disabled)
ASPNET (S-1-5-21-281819993-3161343549-3081365374-1009 - Limited - Enabled)
Gast (S-1-5-21-281819993-3161343549-3081365374-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-281819993-3161343549-3081365374-1007 - Limited - Enabled)
Karsten Weikamp (S-1-5-21-281819993-3161343549-3081365374-1003 - Administrator - Enabled) => C:\Users\Karsten Weikamp
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Bio Protection (HKLM\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.48 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.1103 - Alps Electric)
Amazon Kindle (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Amazon Kindle) (Version: - Amazon)
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ATI AVIVO Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D168D111-C33C-A437-0D63-E300EC7C938A}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
calibre (HKLM\...\{6A64AE0B-9CAB-4811-980F-406376C5E44A}) (Version: 0.9.36 - Kovid Goyal)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.7.3.0 - Canon Inc.)
ccc-core-static (Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
EVEREST Corporate Edition v4.60 (HKLM\...\EVEREST Corporate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
Fingerprint Solution (Version: 6.1.48.0 - Egis Technology Inc.) Hidden
fit zur schriftlichen Jägerprüfung (HKLM\...\{13153F10-CAE7-4C15-A0B0-C51B9BA3CAAA}_is1) (Version: - Deutscher Landwirtschaftsverlag GmbH)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Fritz11 WM Edition (HKLM\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 1.0 - ChessBase)
Fritz11 WM Edition (Version: 1.0 - ChessBase) Hidden
Google Chrome (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagd- und Waffenrecht 08.10 (HKLM\...\{DFAF662D-8482-4EFD-B75E-A937095159C7}) (Version: 1.30.0003 - Hergarten-Media)
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Acer Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedQM-Tool (HKLM\...\{F43D5373-0B9C-4A6D-ABB8-1F100CF599A7}) (Version: 2.1.4 - Medizin QM GmbH)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{BA2F05A3-080A-4371-AAC1-F15404605982}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-281819993-3161343549-3081365374-1003\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7FB12670-0F93-4E1E-B2F5-4F339199A03A}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{849A32C3-E75A-4791-9B11-E568BA3525A4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 de) (HKLM\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetScaler Gateway Plug-in (HKLM\...\{7A0D7123-35B2-4220-B8E9-81976BF4B952}) (Version: 10.5.55.8 - Citrix Systems, Inc.)
Norton Security (HKLM\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.56 - NewTech Infosystems) Hidden
O2Micro Flash Memory Card Reader Driver (HKLM\...\{C631FB9D-81D2-4E4E-A688-901AC748322D}) (Version: 3.31.02 - O2Micro)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
QM Management (HKLM\...\QM Management) (Version: 1.0.0.0 - VR Medien & Events GmbH)
QuickLOAD (HKLM\...\ST5UNST #1) (Version: - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPBA 5.8 (HKLM\...\{ECCD28B2-8798-4D16-8126-625D728294A1}) (Version: 5.8.2.5652 - UPEK Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-281819993-3161343549-3081365374-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karsten Weikamp\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
==================== Wiederherstellungspunkte =========================
15-12-2015 18:16:39 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2013-02-03 20:50 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02360D7C-9276-4A01-90EC-5C682F37E035} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {07E1F414-A126-4682-A02F-2BD35205B5C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {0BA4CC67-A772-4902-8F3F-A068B2ECC33F} - System32\Tasks\{596C63C0-829D-4768-8DC6-BA00960A0AA4} => E:\DataCard_Setup.exe
Task: {180B5116-F991-4A54-9D6C-34296065CDB8} - System32\Tasks\{44D512B8-E7EA-48CC-B5B3-F1325B33B540} => pcalua.exe -a E:\DataCard_Setup.exe -d E:\
Task: {27647861-0D8D-4BD0-A659-25106B1575D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {30267D00-5F18-4571-9B30-0DEDD73B53D6} - System32\Tasks\{4893EDB9-E5C7-4967-8A2B-FB39295BC65A} => F:\DataCard_Setup.exe
Task: {31DB48EE-5679-4A84-90C7-BD2E34E02A4A} - System32\Tasks\{563B5C85-C449-490E-B048-9010B408C65A} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {32F87DCE-F9DF-4EC3-8DCD-DBF473E861F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14] (Google Inc.)
Task: {345F6378-C0DC-44E3-807A-75B5D4D48117} - System32\Tasks\{6FA4F0E5-4FD5-49C0-9207-7A4CA23A7B2C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Desktop\STIscreensaver.exe" -d "C:\Users\Karsten Weikamp\Desktop"
Task: {3B3A55E5-1A79-42C9-9D3B-4A20AB8B3EE3} - System32\Tasks\{FCCE8D94-9652-4819-93D0-31B7B6C564E8} => E:\DataCard_Setup.exe
Task: {4660CED4-1E64-4487-8F7B-C20C769475BC} - System32\Tasks\{558E76A3-D8BC-43F7-B35B-2F4FC10E2294} => pcalua.exe -a "C:\Users\Karsten Weikamp\AppData\Local\Temp\Temp1_STI_1911ScreensaverSetup.zip\STI_TrojanScreensaverSetup.exe"
Task: {523AB1D8-6749-4125-A7C0-F724E1782262} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {531542BA-F604-4BE5-AB8C-24F682666B06} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {656FE5AD-D148-4222-851D-71B02CF6EB1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {6FAE089F-5899-4920-AF93-C418CC47B53A} - System32\Tasks\{678A528F-6BB9-40FD-AE15-52311C5DDF84} => C:\Users\Karsten Weikamp\Downloads\setup (2).exe [2012-03-03] ()
Task: {7297E281-CC46-45AE-96BA-6B32738C1E0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {73916610-3ED4-42D4-B4B7-17FB236FB20B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {7DA9F786-F9E3-4F94-9E46-62284E23DBCB} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {874D704E-94FA-4F45-8CB3-58209A3056C4} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8CAB19BD-7D6B-4F58-B790-D4AE5701244C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {8FDC1668-486D-42B9-B085-9CFF349F671C} - System32\Tasks\{72B5F123-9171-4F66-A2A1-CBE83D0953D7} => E:\DataCard_Setup.exe
Task: {9106611C-A7E0-4A9C-A9C0-045F14D7B885} - System32\Tasks\{3250A409-A99B-4C9E-B430-B75BCA0177B2} => E:\DataCard_Setup.exe
Task: {913F612C-7B4E-4E8B-A06D-5C38840FBAAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {93FC67B0-C3C7-46AA-9AB1-E1C5E7BE7510} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {B6FDDAF3-881D-4E5B-AF74-32FDB2C1A1E0} - System32\Tasks\{8745E8DB-900B-46AD-B2C4-B8E1D305355C} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\RootkitBuster_v5_1061.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {BD80F298-050C-42E6-9DDF-000E6C50636E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-12] (Microsoft Corporation)
Task: {BFCC35EC-66CE-487B-81C3-A70336B3DA9A} - System32\Tasks\{610699F9-1BBE-4A26-9A66-E0AF485A1FF7} => pcalua.exe -a "C:\Users\Karsten Weikamp\Downloads\Vistumbler_v9-8.exe" -d "C:\Users\Karsten Weikamp\Downloads"
Task: {C8C5F05B-8130-4E01-8AF7-DA570A2ADA46} - System32\Tasks\{1AA33ED0-A144-49FB-A683-C25FEE57166C} => E:\DataCard_Setup.exe
Task: {DA4BFE19-3A0A-42B7-B84A-9AE333FF8513} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {FBF74640-9E75-41D3-837A-F26D2B2C3F02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754 => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003Core1cfecf471a1ee0c.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281819993-3161343549-3081365374-1003UA1cfecf471e95754.job => C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-09 13:57 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2009-09-19 01:09 - 2009-08-12 00:29 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-09-19 01:09 - 2009-09-19 01:09 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-09-19 01:09 - 2009-09-19 01:09 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2015-11-16 17:55 - 2015-11-16 17:55 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2009-07-29 12:10 - 2009-07-29 12:10 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-05 22:06 - 2009-10-05 22:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-281819993-3161343549-3081365374-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Karsten Weikamp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NetScaler Gateway.lnk => C:\Windows\pss\NetScaler Gateway.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1435598673
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DataCardMonitor => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Karsten Weikamp\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Updater shortcut => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
MSCONFIG\startupreg: VitaKeyPdtWzd => "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37028EB4-9C11-485B-A29E-533D68CDD3FB}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{7A1C0A54-8602-4F9B-9F46-91D449C2A8C6}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{85D33B3E-CC32-4E62-8BC9-658413B5A8DA}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8E4955C8-BC7A-45D2-A678-F433E5C5983B}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{2DB83C04-3B90-405C-B122-75C588FB60BE}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{6F338580-CB63-4CB7-A1F1-8AD662C50A59}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{DE4AF4D5-4B51-4CA0-A351-6A719E2F69EA}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EFBFADBD-DC21-47A7-883D-979DCD9D2D9D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AA7FA340-2B96-4BFA-AE14-EF7EF2B762C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5A240972-9F07-49AC-AA89-D9F2D3569EC7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{8C45C8A9-BDB1-4C66-92B6-317C23D145E0}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{BFB19199-9DB9-4FD5-B740-5E0F470FE4E2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{C3E035AA-5C58-4A70-994C-10CC810326F6}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{13731A6D-F88F-4634-91C9-DBFC61F2369C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{689A8B9C-DBED-489E-A7FC-7C54A4FCB080}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/12/2015 05:28:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: ACERLAPTOP)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 09:08:03 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {C6615A84-C390-488F-B502-09AE786A8A75}
Error: (12/07/2015 06:26:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (12/07/2015 06:26:52 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0DD4EFC1-A14B-4468-B20E-99F5C9830D74}
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3284) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (11/29/2015 08:00:43 PM) (Source: ESENT) (EventID: 529) (User: )
Description: taskhost (3284) WebCacheLocal: Fehler bei der Überprüfung des aus der Datei 'C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log' bei Offset 126976 (0x000000000001f000) für 512 (0x00000200) Bytes gelesenen Protokollbereichs aufgrund eines fehlerhaften Prüfsummenprotokolldatensatzes. Fehler -501 (0xfffffe0b) des Lesenvorgangs. Wenn dieser Zustand andauert, stellen Sie sie Protokolldatei aus einer früheren Sicherung wieder her.
Error: (11/29/2015 08:00:38 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3284) WebCacheLocal: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\Users\Karsten Weikamp\AppData\Local\Microsoft\Windows\WebCache\V01.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position 248:193. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 792 auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Systemfehler:
=============
Error: (12/16/2015 06:09:40 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{DB448D58-EC26-405A-84D8-F68D63EE46EC}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (12/16/2015 05:52:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/16/2015 05:52:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.
Error: (12/16/2015 05:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2015 05:48:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/16/2015 05:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (12/16/2015 05:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (12/16/2015 05:44:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 3066.95 MB
Verfügbarer physikalischer RAM: 1673.81 MB
Summe virtueller Speicher: 6132.22 MB
Verfügbarer virtueller Speicher: 4624.04 MB
==================== Laufwerke ================================
Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:312.54 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Lehrmittel 2016) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 36083607)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Norton läuft nach Neustart wieder korrekt. |
|
17.12.2015, 16:32
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher Büromarkt Hi, die EMail ist nicht angekommen. Kannst Du diese bitte nochmals senden? Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
17.12.2015, 20:08
| #11 |
| | Makrovirus Böttcher Büromarkt Hab die Mail nochmals geschickt (angekommen ?, irgendwie zickt Windows-Mail sewit gestern, "Zeitüberschreitung" o.ä.) Anbei das Logfile Code:
ATTFilter 20:02:23.0702 0x1038 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:02:27.0149 0x1038 ============================================================
20:02:27.0149 0x1038 Current date / time: 2015/12/17 20:02:27.0149
20:02:27.0149 0x1038 SystemInfo:
20:02:27.0149 0x1038
20:02:27.0149 0x1038 OS Version: 6.1.7601 ServicePack: 1.0
20:02:27.0149 0x1038 Product type: Workstation
20:02:27.0149 0x1038 ComputerName: ACERLAPTOP
20:02:27.0149 0x1038 UserName: Karsten Weikamp
20:02:27.0149 0x1038 Windows directory: C:\Windows
20:02:27.0149 0x1038 System windows directory: C:\Windows
20:02:27.0149 0x1038 Processor architecture: Intel x86
20:02:27.0149 0x1038 Number of processors: 2
20:02:27.0149 0x1038 Page size: 0x1000
20:02:27.0149 0x1038 Boot type: Normal boot
20:02:27.0149 0x1038 ============================================================
20:02:27.0430 0x1038 KLMD registered as C:\Windows\system32\drivers\54518109.sys
20:02:27.0992 0x1038 System UUID: {383E3974-36A7-2D80-A203-16A24BDA1429}
20:02:28.0756 0x1038 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:02:28.0756 0x1038 ============================================================
20:02:28.0756 0x1038 \Device\Harddisk0\DR0:
20:02:28.0756 0x1038 MBR partitions:
20:02:28.0756 0x1038 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
20:02:28.0756 0x1038 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
20:02:28.0756 0x1038 ============================================================
20:02:28.0803 0x1038 C: <-> \Device\Harddisk0\DR0\Partition2
20:02:28.0803 0x1038 ============================================================
20:02:28.0803 0x1038 Initialize success
20:02:28.0803 0x1038 ============================================================
20:03:07.0132 0x15d8 ============================================================
20:03:07.0132 0x15d8 Scan started
20:03:07.0132 0x15d8 Mode: Manual; SigCheck; TDLFS;
20:03:07.0132 0x15d8 ============================================================
20:03:07.0132 0x15d8 KSN ping started
20:03:09.0550 0x15d8 KSN ping finished: true
20:03:10.0549 0x15d8 ================ Scan system memory ========================
20:03:10.0549 0x15d8 System memory - ok
20:03:10.0549 0x15d8 ================ Scan services =============================
20:03:11.0157 0x15d8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:03:11.0266 0x15d8 1394ohci - ok
20:03:11.0376 0x15d8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:03:11.0391 0x15d8 ACPI - ok
20:03:11.0438 0x15d8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:03:11.0469 0x15d8 AcpiPmi - ok
20:03:11.0610 0x15d8 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:03:11.0625 0x15d8 AdobeARMservice - ok
20:03:11.0734 0x15d8 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:03:11.0750 0x15d8 AdobeFlashPlayerUpdateSvc - ok
20:03:11.0812 0x15d8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:03:11.0828 0x15d8 adp94xx - ok
20:03:11.0859 0x15d8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:03:11.0890 0x15d8 adpahci - ok
20:03:11.0922 0x15d8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:03:11.0937 0x15d8 adpu320 - ok
20:03:12.0000 0x15d8 [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:03:12.0312 0x15d8 AeLookupSvc - ok
20:03:12.0405 0x15d8 [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD C:\Windows\system32\drivers\afd.sys
20:03:12.0468 0x15d8 AFD - ok
20:03:12.0514 0x15d8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:03:12.0530 0x15d8 agp440 - ok
20:03:12.0592 0x15d8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:03:12.0608 0x15d8 aic78xx - ok
20:03:12.0670 0x15d8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:03:12.0733 0x15d8 ALG - ok
20:03:12.0764 0x15d8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:03:12.0780 0x15d8 aliide - ok
20:03:12.0858 0x15d8 [ 92543DA5BB9775978FDBC1650C24A058, AB39C7A4A9FB7097C35FD7F36D5CEEC97A5B4A5D6143F1B75077ACA84A592E80 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:03:12.0889 0x15d8 AMD External Events Utility - ok
20:03:12.0904 0x15d8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:03:12.0920 0x15d8 amdagp - ok
20:03:12.0982 0x15d8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:03:12.0998 0x15d8 amdide - ok
20:03:13.0045 0x15d8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:03:13.0092 0x15d8 AmdK8 - ok
20:03:13.0123 0x15d8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:03:13.0154 0x15d8 AmdPPM - ok
20:03:13.0201 0x15d8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:03:13.0216 0x15d8 amdsata - ok
20:03:13.0279 0x15d8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:03:13.0294 0x15d8 amdsbs - ok
20:03:13.0560 0x15d8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:03:13.0560 0x15d8 amdxata - ok
20:03:13.0622 0x15d8 Andbus - ok
20:03:13.0653 0x15d8 AndDiag - ok
20:03:13.0669 0x15d8 AndGps - ok
20:03:13.0778 0x15d8 ANDModem - ok
20:03:13.0840 0x15d8 [ F5621E9033CF5B3DAE91691F74D2C41F, 3A66BEFB88F362BFBEE8C6E5D7AF2B323D95DECDC117E1794B06FBCBFFC13ED8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:03:13.0856 0x15d8 ApfiltrService - ok
20:03:13.0918 0x15d8 [ FE4F2ADE5DBB3B888E9EB0A1FBA1F152, B17053A912C73835A2E80176D79885B530E15240B988125114B6B877C903D61C ] AppID C:\Windows\system32\drivers\appid.sys
20:03:13.0965 0x15d8 AppID - ok
20:03:14.0012 0x15d8 [ A4DA304773AC1396792C5DE1D1EB601A, ECD23FF67FB1C4B94DBE23F6724E2DA0917CE0E479DE9C9F790A8635A2234950 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:03:14.0043 0x15d8 AppIDSvc - ok
20:03:14.0074 0x15d8 [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo C:\Windows\System32\appinfo.dll
20:03:14.0106 0x15d8 Appinfo - ok
20:03:14.0199 0x15d8 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:03:14.0215 0x15d8 AppMgmt - ok
20:03:14.0262 0x15d8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:03:14.0277 0x15d8 arc - ok
20:03:14.0324 0x15d8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:03:14.0340 0x15d8 arcsas - ok
20:03:14.0527 0x15d8 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:03:14.0542 0x15d8 aspnet_state - ok
20:03:14.0558 0x15d8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:03:14.0652 0x15d8 AsyncMac - ok
20:03:14.0698 0x15d8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:03:14.0714 0x15d8 atapi - ok
20:03:14.0792 0x15d8 [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr C:\Windows\system32\DRIVERS\athr.sys
20:03:14.0886 0x15d8 athr - ok
20:03:15.0088 0x15d8 [ 632A5BE70D168B84F658A82AC8DBBEAD, BCF9A97C8304C79911F02A86A85A013B63836945E271EB98F68445099AB09BB5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:03:15.0213 0x15d8 atikmdag - ok
20:03:15.0338 0x15d8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:03:15.0385 0x15d8 AudioEndpointBuilder - ok
20:03:15.0432 0x15d8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:03:15.0463 0x15d8 Audiosrv - ok
20:03:15.0525 0x15d8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:03:15.0588 0x15d8 AxInstSV - ok
20:03:15.0666 0x15d8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:03:15.0712 0x15d8 b06bdrv - ok
20:03:15.0853 0x15d8 [ 6F41A4C5745BB99F89406F57164F099E, EE4779C2BA2AC55080F6AEE9A134DCA03BE25FBC51E56EC32E1146A8DE5EAA0F ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:03:15.0868 0x15d8 b57nd60x - ok
20:03:15.0931 0x15d8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:03:15.0978 0x15d8 BDESVC - ok
20:03:16.0009 0x15d8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:03:16.0056 0x15d8 Beep - ok
20:03:16.0648 0x15d8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:03:16.0711 0x15d8 BFE - ok
20:03:16.0929 0x15d8 [ B3CF66E166544B3A20917554D775C3B3, 8804C3765FBBF6BF533BB840B86458F4F9FF2DAB152D1118740BE2A86AEA6013 ] BHDrvx86 C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20151207.001\BHDrvx86.sys
20:03:16.0976 0x15d8 BHDrvx86 - ok
20:03:17.0038 0x15d8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:03:17.0194 0x15d8 BITS - ok
20:03:17.0241 0x15d8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:03:17.0257 0x15d8 blbdrive - ok
20:03:17.0335 0x15d8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:03:17.0382 0x15d8 bowser - ok
20:03:17.0413 0x15d8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:03:17.0428 0x15d8 BrFiltLo - ok
20:03:17.0475 0x15d8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:03:17.0522 0x15d8 BrFiltUp - ok
20:03:17.0569 0x15d8 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:03:17.0616 0x15d8 BridgeMP - ok
20:03:17.0694 0x15d8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
20:03:17.0850 0x15d8 Browser - ok
20:03:17.0896 0x15d8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:03:17.0943 0x15d8 Brserid - ok
20:03:17.0990 0x15d8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:03:18.0006 0x15d8 BrSerWdm - ok
20:03:18.0037 0x15d8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:03:18.0052 0x15d8 BrUsbMdm - ok
20:03:18.0068 0x15d8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:03:18.0099 0x15d8 BrUsbSer - ok
20:03:18.0193 0x15d8 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:03:18.0333 0x15d8 BthEnum - ok
20:03:18.0364 0x15d8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:03:18.0380 0x15d8 BTHMODEM - ok
20:03:18.0442 0x15d8 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:03:18.0474 0x15d8 BthPan - ok
20:03:18.0536 0x15d8 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:03:18.0630 0x15d8 BTHPORT - ok
20:03:19.0082 0x15d8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:03:19.0113 0x15d8 bthserv - ok
20:03:19.0191 0x15d8 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:03:19.0222 0x15d8 BTHUSB - ok
20:03:19.0269 0x15d8 [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:03:19.0269 0x15d8 btwaudio - ok
20:03:19.0332 0x15d8 [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:03:19.0347 0x15d8 btwavdt - ok
20:03:19.0456 0x15d8 [ 528AAEA4BEA415F7DBC30653EF2CDCA5, C28315AB64AC7E8AAE46475F3A022D6C1B7BE34B4F3802AEBBA9344F61133195 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:03:19.0472 0x15d8 btwdins - ok
20:03:19.0550 0x15d8 [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:03:19.0566 0x15d8 btwl2cap - ok
20:03:19.0612 0x15d8 [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:03:19.0612 0x15d8 btwrchid - ok
20:03:19.0753 0x15d8 [ FDC7146917EDF7AA279C78B2BB7A2E30, B2B50593453B778CDE8CC00135235A53426E83CF848A9043C7536C091751DC34 ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
20:03:19.0768 0x15d8 cag - ok
20:03:19.0878 0x15d8 [ AEC565D88F32D950F13951526CED215E, E42DE25B46A6CF22E0E28D13B03799035302E64BD24A0BD1789B3E2E663B2DBD ] ccSet_NS C:\Windows\system32\drivers\NS\1605050.00F\ccSetx86.sys
20:03:19.0893 0x15d8 ccSet_NS - ok
20:03:19.0971 0x15d8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:03:20.0002 0x15d8 cdfs - ok
20:03:20.0065 0x15d8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:03:20.0127 0x15d8 cdrom - ok
20:03:20.0190 0x15d8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:03:20.0252 0x15d8 CertPropSvc - ok
20:03:20.0283 0x15d8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:03:20.0314 0x15d8 circlass - ok
20:03:20.0361 0x15d8 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
20:03:20.0377 0x15d8 CLFS - ok
20:03:20.0548 0x15d8 [ E331B20EE1A56CDF490DE0793FCB4338, DEFD33B160239BD0EFA7A9D9A58E62A02714013C6CF0BE09D80F18D8C13D4A10 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
20:03:20.0595 0x15d8 ClickToRunSvc - ok
20:03:20.0860 0x15d8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:20.0876 0x15d8 clr_optimization_v2.0.50727_32 - ok
20:03:20.0970 0x15d8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:03:20.0985 0x15d8 clr_optimization_v4.0.30319_32 - ok
20:03:21.0032 0x15d8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:03:21.0063 0x15d8 CmBatt - ok
20:03:21.0110 0x15d8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:03:21.0126 0x15d8 cmdide - ok
20:03:21.0188 0x15d8 [ 780FFC005741C9316576086155E55F56, D863E5657F1468410BBDD657D5EA8A2FDDB70FED459CDE3178CB8FDB910058EC ] CNG C:\Windows\system32\Drivers\cng.sys
20:03:21.0204 0x15d8 CNG - ok
20:03:21.0282 0x15d8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:03:21.0297 0x15d8 Compbatt - ok
20:03:21.0391 0x15d8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:03:21.0422 0x15d8 CompositeBus - ok
20:03:21.0469 0x15d8 COMSysApp - ok
20:03:21.0484 0x15d8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:03:21.0500 0x15d8 crcdisk - ok
20:03:21.0547 0x15d8 [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:03:21.0594 0x15d8 CryptSvc - ok
20:03:21.0734 0x15d8 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
20:03:21.0828 0x15d8 CSC - ok
20:03:21.0890 0x15d8 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
20:03:21.0921 0x15d8 CscService - ok
20:03:21.0968 0x15d8 [ 24520A8AEA61863087FA508755151B3F, 84A6DA598D87957A5BD87EFB6B244628762C0D39407BD26FED2C6D80803CB306 ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
20:03:21.0984 0x15d8 ctxva51 - ok
20:03:22.0046 0x15d8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
20:03:22.0108 0x15d8 DcomLaunch - ok
20:03:22.0140 0x15d8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:03:22.0171 0x15d8 defragsvc - ok
20:03:22.0233 0x15d8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:03:22.0264 0x15d8 DfsC - ok
20:03:22.0311 0x15d8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:03:22.0405 0x15d8 Dhcp - ok
20:03:22.0498 0x15d8 [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack C:\Windows\system32\diagtrack.dll
20:03:22.0592 0x15d8 DiagTrack - ok
20:03:22.0639 0x15d8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:03:22.0670 0x15d8 discache - ok
20:03:22.0717 0x15d8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:03:22.0732 0x15d8 Disk - ok
20:03:22.0779 0x15d8 [ C701324C9E0C25DD9D60311BD87FBC84, 86BE238FCC60A55C92D303452A9D5DFA838AE560BDC03A5C6F0F9ABE92062B5A ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
20:03:22.0795 0x15d8 DKbFltr - ok
20:03:22.0826 0x15d8 [ 2C9F60FEE93E7D75101EE837A3391EFD, FC1FBC75E1DBBD756DEB59FB9B7F7B08760210293095AA8FCCE4C12F0D06E524 ] DNE C:\Windows\system32\DRIVERS\dnelwf.sys
20:03:22.0842 0x15d8 DNE - ok
20:03:22.0857 0x15d8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:03:22.0920 0x15d8 Dnscache - ok
20:03:22.0951 0x15d8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:03:23.0029 0x15d8 dot3svc - ok
20:03:23.0060 0x15d8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:03:23.0076 0x15d8 DPS - ok
20:03:23.0122 0x15d8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:03:23.0169 0x15d8 drmkaud - ok
20:03:23.0216 0x15d8 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:03:23.0263 0x15d8 DXGKrnl - ok
20:03:23.0294 0x15d8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:03:23.0341 0x15d8 EapHost - ok
20:03:23.0497 0x15d8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:03:23.0637 0x15d8 ebdrv - ok
20:03:23.0887 0x15d8 [ 5B33CBD7A91BA6959EF3C1E24D32424A, AF16E222135D5CFB3F5312D6477CEB55E255984FB21EF4AA46D9B27FE0A01422 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:03:23.0918 0x15d8 eeCtrl - ok
20:03:23.0965 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] EFS C:\Windows\System32\lsass.exe
20:03:24.0012 0x15d8 EFS - ok
20:03:24.0105 0x15d8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:03:24.0214 0x15d8 ehRecvr - ok
20:03:24.0246 0x15d8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
20:03:24.0292 0x15d8 ehSched - ok
20:03:24.0339 0x15d8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:03:24.0386 0x15d8 elxstor - ok
20:03:24.0480 0x15d8 [ 5ED5B2DFBD4AAB5BD6EEEE79A12ACA3E, CB27C9E80C9E05E35F2A3B50E2850AE95E3D7641EE9BAB2F9BDBDAE028FC69A4 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:03:24.0495 0x15d8 EraserUtilRebootDrv - ok
20:03:24.0526 0x15d8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:03:24.0558 0x15d8 ErrDev - ok
20:03:24.0636 0x15d8 [ 2F6D55DC521C557880116B51925A792A, A21CC7CC67F30B90CB5EF04F6AAA8B139312671F7E1DC889EE89A6EEEA2B164E ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
20:03:24.0651 0x15d8 ETService - detected UnsignedFile.Multi.Generic ( 1 )
20:03:27.0178 0x15d8 Detect skipped due to KSN trusted
20:03:27.0178 0x15d8 ETService - ok
20:03:27.0256 0x15d8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:03:27.0319 0x15d8 EventSystem - ok
20:03:27.0381 0x15d8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:03:27.0428 0x15d8 exfat - ok
20:03:27.0475 0x15d8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:03:27.0506 0x15d8 fastfat - ok
20:03:27.0553 0x15d8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:03:27.0631 0x15d8 Fax - ok
20:03:27.0865 0x15d8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:03:27.0896 0x15d8 fdc - ok
20:03:27.0943 0x15d8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:03:28.0021 0x15d8 fdPHost - ok
20:03:28.0052 0x15d8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:03:28.0099 0x15d8 FDResPub - ok
20:03:28.0114 0x15d8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:03:28.0130 0x15d8 FileInfo - ok
20:03:28.0146 0x15d8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:03:28.0177 0x15d8 Filetrace - ok
20:03:28.0224 0x15d8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:03:28.0255 0x15d8 flpydisk - ok
20:03:28.0270 0x15d8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:03:28.0286 0x15d8 FltMgr - ok
20:03:28.0364 0x15d8 [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache C:\Windows\system32\FntCache.dll
20:03:28.0489 0x15d8 FontCache - ok
20:03:28.0551 0x15d8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:03:28.0567 0x15d8 FontCache3.0.0.0 - ok
20:03:28.0598 0x15d8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:03:28.0629 0x15d8 FsDepends - ok
20:03:28.0645 0x15d8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:03:28.0660 0x15d8 Fs_Rec - ok
20:03:28.0738 0x15d8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:03:28.0754 0x15d8 fvevol - ok
20:03:28.0770 0x15d8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:03:28.0785 0x15d8 gagp30kx - ok
20:03:28.0832 0x15d8 [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
20:03:28.0848 0x15d8 giveio - detected UnsignedFile.Multi.Generic ( 1 )
20:03:31.0281 0x15d8 Detect skipped due to KSN trusted
20:03:31.0281 0x15d8 giveio - ok
20:03:31.0328 0x15d8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:03:31.0406 0x15d8 gpsvc - ok
20:03:31.0515 0x15d8 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files\Acer\Registration\GregHSRW.exe
20:03:31.0609 0x15d8 Greg_Service - ok
20:03:31.0999 0x15d8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:03:32.0014 0x15d8 gupdate - ok
20:03:32.0077 0x15d8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:03:32.0092 0x15d8 gupdatem - ok
20:03:32.0139 0x15d8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:03:32.0155 0x15d8 gusvc - ok
20:03:32.0186 0x15d8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:03:32.0233 0x15d8 hcw85cir - ok
20:03:32.0264 0x15d8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:03:32.0295 0x15d8 HdAudAddService - ok
20:03:32.0326 0x15d8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:03:32.0358 0x15d8 HDAudBus - ok
20:03:32.0373 0x15d8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:03:32.0389 0x15d8 HidBatt - ok
20:03:32.0404 0x15d8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:03:32.0451 0x15d8 HidBth - ok
20:03:32.0467 0x15d8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:03:32.0498 0x15d8 HidIr - ok
20:03:32.0514 0x15d8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
20:03:32.0545 0x15d8 hidserv - ok
20:03:32.0592 0x15d8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:03:32.0638 0x15d8 HidUsb - ok
20:03:32.0670 0x15d8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:03:32.0748 0x15d8 hkmsvc - ok
20:03:32.0779 0x15d8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:03:32.0841 0x15d8 HomeGroupListener - ok
20:03:32.0872 0x15d8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:03:32.0904 0x15d8 HomeGroupProvider - ok
20:03:32.0950 0x15d8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:03:32.0966 0x15d8 HpSAMD - ok
20:03:33.0013 0x15d8 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:03:33.0060 0x15d8 HTTP - ok
20:03:33.0122 0x15d8 [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:03:33.0169 0x15d8 hwdatacard - ok
20:03:33.0184 0x15d8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:03:33.0200 0x15d8 hwpolicy - ok
20:03:33.0278 0x15d8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:03:33.0294 0x15d8 i8042prt - ok
20:03:33.0403 0x15d8 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:03:33.0434 0x15d8 IAANTMON - ok
20:03:33.0512 0x15d8 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:03:33.0528 0x15d8 iaStor - ok
20:03:33.0606 0x15d8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:03:33.0621 0x15d8 iaStorV - ok
20:03:33.0746 0x15d8 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:03:33.0808 0x15d8 idsvc - ok
20:03:33.0933 0x15d8 [ F6604AD79EF77852A024A2BB65E24F3E, B59EB0755B46DFAA20A25128F30CF59511D23221A203922AC81F2BFC7932FA24 ] IDSVix86 C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20151215.002\IDSvix86.sys
20:03:33.0980 0x15d8 IDSVix86 - ok
20:03:34.0011 0x15d8 IEEtwCollectorService - ok
20:03:34.0152 0x15d8 [ 884243A20ECCF90F747854E2F0954719, BDCFF696EA638BB226EE606FEE44D9634CC05DBD2249020815B4AD2C2E383C33 ] IGBASVC c:\Program Files\Acer Bio Protection\BASVC.exe
20:03:34.0339 0x15d8 IGBASVC - detected UnsignedFile.Multi.Generic ( 1 )
20:03:36.0757 0x15d8 Detect skipped due to KSN trusted
20:03:36.0757 0x15d8 IGBASVC - ok
20:03:36.0975 0x15d8 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:03:37.0194 0x15d8 igfx - ok
20:03:37.0225 0x15d8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:03:37.0240 0x15d8 iirsp - ok
20:03:37.0303 0x15d8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
20:03:37.0365 0x15d8 IKEEXT - ok
20:03:37.0396 0x15d8 [ 58FF11C95C3681C9250914521CB9F036, 21249A7F85FCCC5DF56F67C92D3964CFBD3E9855EABDD2148075200A86868372 ] int15 C:\Windows\system32\drivers\int15.sys
20:03:37.0412 0x15d8 int15 - ok
20:03:37.0552 0x15d8 [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:03:37.0662 0x15d8 IntcAzAudAddService - ok
20:03:37.0880 0x15d8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:03:37.0896 0x15d8 intelide - ok
20:03:37.0958 0x15d8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:03:37.0989 0x15d8 intelppm - ok
20:03:38.0020 0x15d8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:03:38.0067 0x15d8 IPBusEnum - ok
20:03:38.0098 0x15d8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:03:38.0130 0x15d8 IpFilterDriver - ok
20:03:38.0176 0x15d8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:03:38.0239 0x15d8 iphlpsvc - ok
20:03:38.0254 0x15d8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:03:38.0270 0x15d8 IPMIDRV - ok
20:03:38.0317 0x15d8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:03:38.0364 0x15d8 IPNAT - ok
20:03:38.0395 0x15d8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:03:38.0426 0x15d8 IRENUM - ok
20:03:38.0457 0x15d8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:03:38.0473 0x15d8 isapnp - ok
20:03:38.0504 0x15d8 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:03:38.0520 0x15d8 iScsiPrt - ok
20:03:38.0566 0x15d8 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:03:38.0566 0x15d8 IviRegMgr - ok
20:03:38.0598 0x15d8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:03:38.0613 0x15d8 kbdclass - ok
20:03:38.0644 0x15d8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:03:38.0676 0x15d8 kbdhid - ok
20:03:38.0707 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] KeyIso C:\Windows\system32\lsass.exe
20:03:38.0722 0x15d8 KeyIso - ok
20:03:38.0769 0x15d8 [ A061E519ACDE34843DFA3F1C7358DAA2, 457417DF5BDC267EA4649A2E65D72FC8308899C1E4F0D26113D31F42767E618E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:03:38.0785 0x15d8 KSecDD - ok
20:03:38.0800 0x15d8 [ 523091605C05F5DE880426A2FBA0F87C, 96884B50032B70F455D519934671940ED2493CA62CAACF68E89CCC2E5B0D3F01 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:03:38.0816 0x15d8 KSecPkg - ok
20:03:38.0863 0x15d8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:03:38.0894 0x15d8 KtmRm - ok
20:03:38.0925 0x15d8 [ 8C804B1FFAD1EFA952B747E8285C3B76, 10424290F13F0BF719992B2CFFCDC58121AB2149C149D3B17EF7ECDFF853D67D ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
20:03:38.0956 0x15d8 L1E - ok
20:03:39.0003 0x15d8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:03:39.0050 0x15d8 LanmanServer - ok
20:03:39.0081 0x15d8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:03:39.0112 0x15d8 LanmanWorkstation - ok
20:03:39.0144 0x15d8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:03:39.0190 0x15d8 lltdio - ok
20:03:39.0222 0x15d8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:03:39.0268 0x15d8 lltdsvc - ok
20:03:39.0284 0x15d8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:03:39.0331 0x15d8 lmhosts - ok
20:03:39.0362 0x15d8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:03:39.0378 0x15d8 LSI_FC - ok
20:03:39.0393 0x15d8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:03:39.0409 0x15d8 LSI_SAS - ok
20:03:39.0424 0x15d8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:03:39.0440 0x15d8 LSI_SAS2 - ok
20:03:39.0456 0x15d8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:03:39.0471 0x15d8 LSI_SCSI - ok
20:03:39.0487 0x15d8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:03:39.0534 0x15d8 luafv - ok
20:03:39.0580 0x15d8 [ 40C7F4B63337414F967AC53E0520B06B, 1E42F17F17B8BF748EFB15112EDA2DBD76761A011673B654020084AEC02089F1 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:03:39.0596 0x15d8 MBAMProtector - ok
20:03:39.0736 0x15d8 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
20:03:39.0768 0x15d8 MBAMService - ok
20:03:39.0830 0x15d8 [ 63254775FE0F974F5316B4EC3F163038, 05C83C2A8C29075C25E506AA4554906096320DF5517EE550724A1DE35A7A5206 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:03:39.0846 0x15d8 MBAMWebAccessControl - ok
20:03:39.0892 0x15d8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:03:39.0908 0x15d8 Mcx2Svc - ok
20:03:39.0939 0x15d8 mdmxsdk - ok
20:03:39.0970 0x15d8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:03:39.0986 0x15d8 megasas - ok
20:03:40.0048 0x15d8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:03:40.0064 0x15d8 MegaSR - ok
20:03:40.0111 0x15d8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:03:40.0142 0x15d8 MMCSS - ok
20:03:40.0158 0x15d8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:03:40.0189 0x15d8 Modem - ok
20:03:40.0204 0x15d8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:03:40.0236 0x15d8 monitor - ok
20:03:40.0267 0x15d8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:03:40.0282 0x15d8 mouclass - ok
20:03:40.0314 0x15d8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:03:40.0329 0x15d8 mouhid - ok
20:03:40.0376 0x15d8 [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:03:40.0392 0x15d8 mountmgr - ok
20:03:40.0470 0x15d8 [ 6215DA3AD492CFBEBEE2ADBED0A6CC22, 07B290B58EF722825D50AF97E10B7098A2118B3F335E1FFF8F9E5E9AF7A0A6CE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:03:40.0485 0x15d8 MozillaMaintenance - ok
20:03:40.0516 0x15d8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:03:40.0532 0x15d8 mpio - ok
20:03:40.0594 0x15d8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:03:40.0610 0x15d8 mpsdrv - ok
20:03:40.0657 0x15d8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:03:40.0719 0x15d8 MpsSvc - ok
20:03:40.0813 0x15d8 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:03:40.0860 0x15d8 MRxDAV - ok
20:03:40.0891 0x15d8 [ C7492026F6691A92C4508DDDB041CE4E, 98B05C6B7EE5FE4F4BFCFDB807612897E692B4C07524506EB84B318535076ADD ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:03:40.0922 0x15d8 mrxsmb - ok
20:03:41.0000 0x15d8 [ 34779EBCFEAB87A236B33C365A637144, B2091C423A4767CC0616B4385FF3B8AC2CBDBCC9BF82F2C79670CC1BC1E49A02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:03:41.0047 0x15d8 mrxsmb10 - ok
20:03:41.0078 0x15d8 [ C34DE43FDAD9C32383BB4A5EE60126D4, 5F82D803ABB2817D9384D87435849A5EEE946B1C431348F26FA0220262DB1798 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:03:41.0109 0x15d8 mrxsmb20 - ok
20:03:41.0140 0x15d8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:03:41.0156 0x15d8 msahci - ok
20:03:41.0172 0x15d8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:03:41.0187 0x15d8 msdsm - ok
20:03:41.0218 0x15d8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:03:41.0234 0x15d8 MSDTC - ok
20:03:41.0281 0x15d8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:03:41.0328 0x15d8 Msfs - ok
20:03:41.0343 0x15d8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:03:41.0359 0x15d8 mshidkmdf - ok
20:03:41.0406 0x15d8 [ 956741C67ABAA78B19AADC5474936842, 8D0B04E0E03CFF5A004500C8587BDD3C4E7FFACA552CC90C193CAE16F36A96E3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
20:03:41.0452 0x15d8 MSHUSBVideo - ok
20:03:41.0468 0x15d8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:03:41.0484 0x15d8 msisadrv - ok
20:03:41.0515 0x15d8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:03:41.0562 0x15d8 MSiSCSI - ok
20:03:41.0562 0x15d8 msiserver - ok
20:03:41.0593 0x15d8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:03:41.0624 0x15d8 MSKSSRV - ok
20:03:41.0655 0x15d8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:03:41.0702 0x15d8 MSPCLOCK - ok
20:03:41.0718 0x15d8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:03:41.0749 0x15d8 MSPQM - ok
20:03:41.0780 0x15d8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:03:41.0796 0x15d8 MsRPC - ok
20:03:41.0842 0x15d8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:03:41.0858 0x15d8 mssmbios - ok
20:03:41.0858 0x15d8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:03:41.0905 0x15d8 MSTEE - ok
20:03:41.0920 0x15d8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:03:41.0952 0x15d8 MTConfig - ok
20:03:41.0967 0x15d8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:03:41.0983 0x15d8 Mup - ok
20:03:42.0030 0x15d8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:03:42.0076 0x15d8 napagent - ok
20:03:42.0108 0x15d8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:03:42.0139 0x15d8 NativeWifiP - ok
20:03:42.0248 0x15d8 [ 92204BD4E896436037573D5A3BA41D80, 0F9D45A5DB5C7A02EFC802DE278098E93442A331C7221275BBEBB96BF8513BC6 ] NAVENG C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151216.004\NAVENG.SYS
20:03:42.0264 0x15d8 NAVENG - ok
20:03:42.0404 0x15d8 [ B2D7ED6950CCB2DBB9B6D67A1AF4E016, 23E59A40D3E0187350997D638B4F1072F856F652B4F9A971ED5CA9DD733A1EC6 ] NAVEX15 C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20151216.004\NAVEX15.SYS
20:03:42.0498 0x15d8 NAVEX15 - ok
20:03:42.0560 0x15d8 [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:03:42.0591 0x15d8 NDIS - ok
20:03:42.0622 0x15d8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:03:42.0654 0x15d8 NdisCap - ok
20:03:42.0669 0x15d8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:03:42.0716 0x15d8 NdisTapi - ok
20:03:42.0763 0x15d8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:03:42.0810 0x15d8 Ndisuio - ok
20:03:42.0903 0x15d8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:03:42.0950 0x15d8 NdisWan - ok
20:03:42.0997 0x15d8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:03:43.0028 0x15d8 NDProxy - ok
20:03:43.0059 0x15d8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:03:43.0090 0x15d8 NetBIOS - ok
20:03:43.0137 0x15d8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:03:43.0168 0x15d8 NetBT - ok
20:03:43.0215 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] Netlogon C:\Windows\system32\lsass.exe
20:03:43.0231 0x15d8 Netlogon - ok
20:03:43.0278 0x15d8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:03:43.0324 0x15d8 Netman - ok
20:03:43.0371 0x15d8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:03:43.0387 0x15d8 NetMsmqActivator - ok
20:03:43.0418 0x15d8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:03:43.0434 0x15d8 NetPipeActivator - ok
20:03:43.0480 0x15d8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:03:43.0527 0x15d8 netprofm - ok
20:03:43.0558 0x15d8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:03:43.0574 0x15d8 NetTcpActivator - ok
20:03:43.0574 0x15d8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:03:43.0590 0x15d8 NetTcpPortSharing - ok
20:03:43.0824 0x15d8 [ AF1AE2E42B03395560B1CDE03230205C, 7874C185A3DBFD3F7AD8FF5B5DE06FAD9752691EBE927A1865EDA0421489A722 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:03:44.0058 0x15d8 netw5v32 - ok
20:03:44.0089 0x15d8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:03:44.0104 0x15d8 nfrd960 - ok
20:03:44.0151 0x15d8 [ 9F967A6DB0E6E0E01F898C26FEDD418B, 01B010AAB0F7AD389A1AF72468389E37F9504C6C9EB7DA8DE18EDCFF0F9C9733 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
20:03:44.0167 0x15d8 nhcDriverDevice - detected UnsignedFile.Multi.Generic ( 1 )
20:03:46.0585 0x15d8 Detect skipped due to KSN trusted
20:03:46.0585 0x15d8 nhcDriverDevice - ok
20:03:47.0521 0x15d8 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:03:47.0583 0x15d8 NlaSvc - ok
20:03:47.0614 0x15d8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:03:47.0630 0x15d8 Npfs - ok
20:03:47.0942 0x15d8 [ AC11ABBEFC5EBA3116D5D15AE41B108C, 60222331169042DE4F783BD3661F99F6D15CB3A0E835E4588E50BD0E3C09EAD6 ] NS C:\Program Files\Norton Security\Engine\22.5.5.15\NS.exe
20:03:47.0989 0x15d8 NS - ok
20:03:48.0020 0x15d8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:03:48.0051 0x15d8 nsi - ok
20:03:48.0067 0x15d8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:03:48.0098 0x15d8 nsiproxy - ok
20:03:48.0160 0x15d8 [ EA55B2903E3265512A2468202BB6D199, 8B73D4DC5E3748A0A76D1CA4D70FED6D12FBA9D4B80474409750913AE3A39D54 ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
20:03:48.0176 0x15d8 nsverctl - ok
20:03:48.0270 0x15d8 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:03:48.0348 0x15d8 Ntfs - ok
20:03:48.0410 0x15d8 [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:03:48.0426 0x15d8 NTIBackupSvc - ok
20:03:48.0472 0x15d8 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F, 97CE08B0797A6A13567B49A2AD9BE95C019E3F199857823005F68702CD6A5B08 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
20:03:48.0488 0x15d8 NTIDrvr - ok
20:03:48.0535 0x15d8 [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:03:48.0550 0x15d8 NTISchedulerSvc - ok
20:03:48.0582 0x15d8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:03:48.0613 0x15d8 Null - ok
20:03:48.0675 0x15d8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:03:48.0691 0x15d8 nvraid - ok
20:03:48.0738 0x15d8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:03:48.0753 0x15d8 nvstor - ok
20:03:48.0800 0x15d8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:03:48.0816 0x15d8 nv_agp - ok
20:03:48.0894 0x15d8 [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
20:03:48.0925 0x15d8 O2FLASH - ok
20:03:48.0956 0x15d8 [ 922046F114AC0C1B2484BCDD5CA43C07, 33F9AA2252EB0F4D0A9E611C63530907454C3915B5B0A10B035BD540DCC1D595 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
20:03:48.0972 0x15d8 O2MDRDR - ok
20:03:49.0034 0x15d8 [ 51C368F577513FEB59ED70B45E930076, 402894B838398FD1A27BE3E8D2F631CE5CA6ED2AE78D698F2967BB0B95C623F4 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
20:03:49.0050 0x15d8 O2SDRDR - ok
20:03:49.0096 0x15d8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:03:49.0128 0x15d8 ohci1394 - ok
20:03:49.0206 0x15d8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:03:49.0221 0x15d8 ose - ok
20:03:49.0486 0x15d8 [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:03:49.0689 0x15d8 osppsvc - ok
20:03:49.0892 0x15d8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:03:49.0970 0x15d8 p2pimsvc - ok
20:03:50.0001 0x15d8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:03:50.0048 0x15d8 p2psvc - ok
20:03:50.0064 0x15d8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:03:50.0095 0x15d8 Parport - ok
20:03:50.0110 0x15d8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:03:50.0126 0x15d8 partmgr - ok
20:03:50.0142 0x15d8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:03:50.0173 0x15d8 Parvdm - ok
20:03:50.0204 0x15d8 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
20:03:50.0235 0x15d8 PcaSvc - ok
20:03:50.0266 0x15d8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:03:50.0298 0x15d8 pci - ok
20:03:50.0313 0x15d8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:03:50.0329 0x15d8 pciide - ok
20:03:50.0344 0x15d8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:03:50.0360 0x15d8 pcmcia - ok
20:03:50.0376 0x15d8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:03:50.0391 0x15d8 pcw - ok
20:03:50.0438 0x15d8 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:03:50.0500 0x15d8 PEAUTH - ok
20:03:50.0547 0x15d8 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:03:50.0656 0x15d8 PeerDistSvc - ok
20:03:50.0766 0x15d8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:03:50.0922 0x15d8 pla - ok
20:03:50.0968 0x15d8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:03:51.0015 0x15d8 PlugPlay - ok
20:03:51.0031 0x15d8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:03:51.0046 0x15d8 PNRPAutoReg - ok
20:03:51.0078 0x15d8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:03:51.0093 0x15d8 PNRPsvc - ok
20:03:51.0124 0x15d8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:03:51.0187 0x15d8 PolicyAgent - ok
20:03:51.0218 0x15d8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:03:51.0265 0x15d8 Power - ok
20:03:51.0312 0x15d8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:03:51.0358 0x15d8 PptpMiniport - ok
20:03:51.0374 0x15d8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:03:51.0390 0x15d8 Processor - ok
20:03:51.0436 0x15d8 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
20:03:51.0483 0x15d8 ProfSvc - ok
20:03:51.0499 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:03:51.0530 0x15d8 ProtectedStorage - ok
20:03:51.0561 0x15d8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:03:51.0592 0x15d8 Psched - ok
20:03:51.0639 0x15d8 [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:03:51.0655 0x15d8 PSI_SVC_2 - ok
20:03:51.0889 0x15d8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:03:51.0982 0x15d8 ql2300 - ok
20:03:52.0029 0x15d8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:03:52.0045 0x15d8 ql40xx - ok
20:03:52.0107 0x15d8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:03:52.0123 0x15d8 QWAVE - ok
20:03:52.0170 0x15d8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:03:52.0201 0x15d8 QWAVEdrv - ok
20:03:52.0201 0x15d8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:03:52.0248 0x15d8 RasAcd - ok
20:03:52.0279 0x15d8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:03:52.0326 0x15d8 RasAgileVpn - ok
20:03:52.0357 0x15d8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:03:52.0388 0x15d8 RasAuto - ok
20:03:52.0388 0x15d8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:03:52.0435 0x15d8 Rasl2tp - ok
20:03:52.0497 0x15d8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:03:52.0528 0x15d8 RasMan - ok
20:03:52.0560 0x15d8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:03:52.0575 0x15d8 RasPppoe - ok
20:03:52.0622 0x15d8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:03:52.0638 0x15d8 RasSstp - ok
20:03:52.0700 0x15d8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:03:52.0716 0x15d8 rdbss - ok
20:03:52.0747 0x15d8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:03:52.0762 0x15d8 rdpbus - ok
20:03:52.0778 0x15d8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:03:52.0825 0x15d8 RDPCDD - ok
20:03:52.0856 0x15d8 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:03:52.0887 0x15d8 RDPDR - ok
20:03:52.0903 0x15d8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:03:52.0950 0x15d8 RDPENCDD - ok
20:03:52.0965 0x15d8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:03:52.0981 0x15d8 RDPREFMP - ok
20:03:53.0012 0x15d8 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:03:53.0043 0x15d8 RDPWD - ok
20:03:53.0090 0x15d8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:03:53.0106 0x15d8 rdyboost - ok
20:03:53.0152 0x15d8 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
20:03:53.0168 0x15d8 regi - ok
20:03:53.0199 0x15d8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:03:53.0230 0x15d8 RemoteAccess - ok
20:03:53.0277 0x15d8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:03:53.0308 0x15d8 RemoteRegistry - ok
20:03:53.0371 0x15d8 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:03:53.0386 0x15d8 RFCOMM - ok
20:03:53.0418 0x15d8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:03:53.0449 0x15d8 RpcEptMapper - ok
20:03:53.0480 0x15d8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:03:53.0496 0x15d8 RpcLocator - ok
20:03:53.0542 0x15d8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
20:03:53.0589 0x15d8 RpcSs - ok
20:03:53.0652 0x15d8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:03:53.0698 0x15d8 rspndr - ok
20:03:53.0917 0x15d8 [ B5A4B7D779CF4070DF408DE18BD33B02, 45D68D32AE10DB0D76F3455DF84ACD2289485C38FC411B71C2DD3E0FB9923473 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
20:03:53.0948 0x15d8 RS_Service - detected UnsignedFile.Multi.Generic ( 1 )
20:03:56.0366 0x15d8 Detect skipped due to KSN trusted
20:03:56.0366 0x15d8 RS_Service - ok
20:03:56.0600 0x15d8 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:03:56.0647 0x15d8 s3cap - ok
20:03:56.0694 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] SamSs C:\Windows\system32\lsass.exe
20:03:56.0694 0x15d8 SamSs - ok
20:03:56.0756 0x15d8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:03:56.0772 0x15d8 sbp2port - ok
20:03:56.0834 0x15d8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:03:56.0912 0x15d8 SCardSvr - ok
20:03:56.0943 0x15d8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:03:56.0990 0x15d8 scfilter - ok
20:03:57.0068 0x15d8 [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule C:\Windows\system32\schedsvc.dll
20:03:57.0146 0x15d8 Schedule - ok
20:03:57.0193 0x15d8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:03:57.0224 0x15d8 SCPolicySvc - ok
20:03:57.0255 0x15d8 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:03:57.0286 0x15d8 sdbus - ok
20:03:57.0318 0x15d8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:03:57.0364 0x15d8 SDRSVC - ok
20:03:57.0411 0x15d8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:03:57.0442 0x15d8 secdrv - ok
20:03:57.0474 0x15d8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
20:03:57.0505 0x15d8 seclogon - ok
20:03:57.0536 0x15d8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
20:03:57.0567 0x15d8 SENS - ok
20:03:57.0598 0x15d8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:03:57.0630 0x15d8 SensrSvc - ok
20:03:57.0645 0x15d8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:03:57.0676 0x15d8 Serenum - ok
20:03:57.0708 0x15d8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:03:57.0723 0x15d8 Serial - ok
20:03:57.0754 0x15d8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:03:57.0786 0x15d8 sermouse - ok
20:03:57.0864 0x15d8 [ 2D841B7B7F6DEC32162EDFCC69D61F42, B9E49A15EA78DDCBDF2CC0EFB864BDB19ABCB73F107AEBF6CED0B13726AEB511 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:03:57.0910 0x15d8 ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
20:04:00.0344 0x15d8 Detect skipped due to KSN trusted
20:04:00.0344 0x15d8 ServiceLayer - ok
20:04:00.0438 0x15d8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:04:00.0484 0x15d8 SessionEnv - ok
20:04:00.0609 0x15d8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:04:00.0625 0x15d8 sffdisk - ok
20:04:00.0656 0x15d8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:04:00.0687 0x15d8 sffp_mmc - ok
20:04:00.0718 0x15d8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:04:00.0921 0x15d8 sffp_sd - ok
20:04:01.0030 0x15d8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:04:01.0062 0x15d8 sfloppy - ok
20:04:01.0108 0x15d8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:04:01.0140 0x15d8 SharedAccess - ok
20:04:01.0202 0x15d8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:01.0233 0x15d8 ShellHWDetection - ok
20:04:01.0280 0x15d8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:04:01.0296 0x15d8 sisagp - ok
20:04:01.0327 0x15d8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:04:01.0342 0x15d8 SiSRaid2 - ok
20:04:01.0389 0x15d8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:04:01.0405 0x15d8 SiSRaid4 - ok
20:04:01.0452 0x15d8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:04:01.0498 0x15d8 Smb - ok
20:04:01.0530 0x15d8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:04:01.0545 0x15d8 SNMPTRAP - ok
20:04:01.0576 0x15d8 [ 9F70CD5EDCC4EFC48AE21E04FB03BE9D, AD23D77A38655ACB71216824E363DF8AC41A48A1A0080F35A0D23AA14B54460B ] speedfan C:\Windows\system32\speedfan.sys
20:04:01.0592 0x15d8 speedfan - ok
20:04:01.0623 0x15d8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:04:01.0639 0x15d8 spldr - ok
20:04:01.0732 0x15d8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
20:04:01.0795 0x15d8 Spooler - ok
20:04:01.0935 0x15d8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:04:02.0091 0x15d8 sppsvc - ok
20:04:02.0138 0x15d8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:04:02.0169 0x15d8 sppuinotify - ok
20:04:02.0216 0x15d8 [ D2F4F32B59440011174B4F8137AF4E0C, 82862C39B34D1ED6ED170DAAB385B6ABE5078A6CC995E396828695F2CE2542D9 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:04:02.0216 0x15d8 SQLWriter - ok
20:04:02.0310 0x15d8 [ 34FF2BA6FA0F3722648C2E5F0745C5BD, 66F0B9B98FF3E70E7BF94AEC3AF79CC1C766301BFA297289F1812F030E64CCD1 ] SRTSP C:\Windows\System32\Drivers\NS\1605050.00F\SRTSP.SYS
20:04:02.0341 0x15d8 SRTSP - ok
20:04:02.0403 0x15d8 [ 19676873F68D12EAE8224B5EF4F14B3F, 1954E98C4C138087542450A38AC1DF62A4AA1679C9615A9A788D473ABD1867AC ] SRTSPX C:\Windows\system32\drivers\NS\1605050.00F\SRTSPX.SYS
20:04:02.0419 0x15d8 SRTSPX - ok
20:04:02.0450 0x15d8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:04:02.0512 0x15d8 srv - ok
20:04:02.0575 0x15d8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:04:02.0637 0x15d8 srv2 - ok
20:04:02.0715 0x15d8 [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:04:02.0731 0x15d8 SrvHsfHDA - ok
20:04:02.0793 0x15d8 [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:04:02.0902 0x15d8 SrvHsfV92 - ok
20:04:02.0949 0x15d8 [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:04:03.0012 0x15d8 SrvHsfWinac - ok
20:04:03.0043 0x15d8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:04:03.0058 0x15d8 srvnet - ok
20:04:03.0090 0x15d8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:04:03.0121 0x15d8 SSDPSRV - ok
20:04:03.0136 0x15d8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:04:03.0168 0x15d8 SstpSvc - ok
20:04:03.0168 0x15d8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:04:03.0183 0x15d8 stexstor - ok
20:04:03.0246 0x15d8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:04:03.0308 0x15d8 StiSvc - ok
20:04:03.0324 0x15d8 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:04:03.0339 0x15d8 storflt - ok
20:04:03.0370 0x15d8 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
20:04:03.0386 0x15d8 StorSvc - ok
20:04:03.0417 0x15d8 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:04:03.0433 0x15d8 storvsc - ok
20:04:03.0464 0x15d8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:04:03.0480 0x15d8 swenum - ok
20:04:03.0511 0x15d8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:04:03.0573 0x15d8 swprv - ok
20:04:03.0682 0x15d8 [ 267C914667C94E5F47D342311C1C577F, E4FE7A8E41680E6845AD4D0FEEF4EDA6DACAE7728D2401520175AAD8ED16ABAD ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
20:04:03.0714 0x15d8 Symantec RemoteAssist - ok
20:04:03.0807 0x15d8 [ 5861385D31B1AECFE0589E5B8AF1F0D1, 8F23C9A1C7FE7B394F3C801A35835F51891F9B082D6CEADCB99AAA7003275253 ] SymEFASI C:\Windows\system32\drivers\NS\1605050.00F\SYMEFASI.SYS
20:04:03.0885 0x15d8 SymEFASI - ok
20:04:03.0948 0x15d8 [ 649B20996B62B0E76DC2B93976D32B72, A73268F0BE3720C7538A682C0E1D5419D3E69D620F56F683B11582AD7A85EF89 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:04:03.0963 0x15d8 SymEvent - ok
20:04:04.0026 0x15d8 [ EC714F7D571AC5CCC7E5F5427316C261, E418A0C5A0FA877242DD4E9925EE5FEEA8D2AED11D38D295EE8B48F75A9D0CEA ] SymIRON C:\Windows\system32\drivers\NS\1605050.00F\Ironx86.SYS
20:04:04.0041 0x15d8 SymIRON - ok
20:04:04.0088 0x15d8 [ 1F6ADE9C4EF414C78AD8020206AF488C, 05E04AC7F43F1AF6D64D52ED4E2AD7B70625C55C2AA578B70B4112D2521140AF ] SymNetS C:\Windows\System32\Drivers\NS\1605050.00F\SYMNETS.SYS
20:04:04.0119 0x15d8 SymNetS - ok
20:04:04.0182 0x15d8 [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
20:04:04.0275 0x15d8 SysMain - ok
20:04:04.0322 0x15d8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:04.0353 0x15d8 TabletInputService - ok
20:04:04.0400 0x15d8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:04:04.0462 0x15d8 TapiSrv - ok
20:04:04.0494 0x15d8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
20:04:04.0509 0x15d8 TBS - ok
20:04:04.0587 0x15d8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:04:04.0650 0x15d8 Tcpip - ok
20:04:04.0712 0x15d8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:04:04.0743 0x15d8 TCPIP6 - ok
20:04:04.0790 0x15d8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:04:04.0821 0x15d8 tcpipreg - ok
20:04:04.0852 0x15d8 [ 51D4E3F5D221539C0A4A186A27C09AD7, FA7050FBDA6F50B3D5B9CA5FF90C74CEC3883E586107A095D3655583C0DD118E ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
20:04:04.0868 0x15d8 TcUsb - ok
20:04:04.0884 0x15d8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:04:04.0915 0x15d8 TDPIPE - ok
20:04:04.0946 0x15d8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:04:04.0977 0x15d8 TDTCP - ok
20:04:05.0024 0x15d8 [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:04:05.0040 0x15d8 tdx - ok
20:04:05.0102 0x15d8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:04:05.0102 0x15d8 TermDD - ok
20:04:05.0164 0x15d8 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
20:04:05.0242 0x15d8 TermService - ok
20:04:05.0305 0x15d8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:04:05.0367 0x15d8 Themes - ok
20:04:05.0398 0x15d8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:04:05.0430 0x15d8 THREADORDER - ok
20:04:05.0445 0x15d8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:04:05.0476 0x15d8 TrkWks - ok
20:04:05.0539 0x15d8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:05.0570 0x15d8 TrustedInstaller - ok
20:04:05.0601 0x15d8 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:05.0617 0x15d8 tssecsrv - ok
20:04:05.0679 0x15d8 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:04:05.0742 0x15d8 TsUsbFlt - ok
20:04:05.0788 0x15d8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:04:05.0851 0x15d8 tunnel - ok
20:04:05.0882 0x15d8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:04:05.0898 0x15d8 uagp35 - ok
20:04:05.0944 0x15d8 [ D79C0B9BB011218B93705CBF77FA3E5E, 9205A736E110740AD63A2EBB94676BEE2C89A1EF8168E35FBB9CE82EE32D45EB ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:04:05.0944 0x15d8 UBHelper - ok
20:04:05.0976 0x15d8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:04:06.0022 0x15d8 udfs - ok
20:04:06.0054 0x15d8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:04:06.0085 0x15d8 UI0Detect - ok
20:04:06.0116 0x15d8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:04:06.0132 0x15d8 uliagpkx - ok
20:04:06.0178 0x15d8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:04:06.0210 0x15d8 umbus - ok
20:04:06.0272 0x15d8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:04:06.0288 0x15d8 UmPass - ok
20:04:06.0381 0x15d8 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
20:04:06.0444 0x15d8 UmRdpService - ok
20:04:06.0490 0x15d8 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:04:06.0506 0x15d8 Updater Service - ok
20:04:06.0537 0x15d8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:04:06.0584 0x15d8 upnphost - ok
20:04:06.0646 0x15d8 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:04:06.0709 0x15d8 usbaudio - ok
20:04:06.0756 0x15d8 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:04:06.0787 0x15d8 usbccgp - ok
20:04:06.0802 0x15d8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:04:06.0818 0x15d8 usbcir - ok
20:04:06.0849 0x15d8 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:04:06.0880 0x15d8 usbehci - ok
20:04:06.0927 0x15d8 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:04:06.0943 0x15d8 usbhub - ok
20:04:06.0974 0x15d8 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:04:06.0990 0x15d8 usbohci - ok
20:04:07.0021 0x15d8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:04:07.0036 0x15d8 usbprint - ok
20:04:07.0052 0x15d8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:07.0099 0x15d8 USBSTOR - ok
20:04:07.0130 0x15d8 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:04:07.0146 0x15d8 usbuhci - ok
20:04:07.0192 0x15d8 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:04:07.0208 0x15d8 usbvideo - ok
20:04:07.0239 0x15d8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:04:07.0270 0x15d8 UxSms - ok
20:04:07.0270 0x15d8 [ 5111FA6EC341BACC07FA69AA9764B6D2, ACF4095EE673AFAF9FDDE9E8EFA191A4A72BAA0371A3AD26925EA267E0E40E61 ] VaultSvc C:\Windows\system32\lsass.exe
20:04:07.0286 0x15d8 VaultSvc - ok
20:04:07.0317 0x15d8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:04:07.0333 0x15d8 vdrvroot - ok
20:04:07.0380 0x15d8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:04:07.0458 0x15d8 vds - ok
20:04:07.0489 0x15d8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:07.0504 0x15d8 vga - ok
20:04:07.0520 0x15d8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:04:07.0551 0x15d8 VgaSave - ok
20:04:07.0582 0x15d8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:04:07.0614 0x15d8 vhdmp - ok
20:04:07.0645 0x15d8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:04:07.0660 0x15d8 viaagp - ok
20:04:07.0723 0x15d8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:04:07.0738 0x15d8 ViaC7 - ok
20:04:07.0785 0x15d8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:04:07.0801 0x15d8 viaide - ok
20:04:07.0848 0x15d8 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:04:07.0863 0x15d8 vmbus - ok
20:04:07.0894 0x15d8 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:04:07.0894 0x15d8 VMBusHID - ok
20:04:07.0941 0x15d8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:04:07.0941 0x15d8 volmgr - ok
20:04:08.0004 0x15d8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:04:08.0019 0x15d8 volmgrx - ok
20:04:08.0050 0x15d8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:04:08.0066 0x15d8 volsnap - ok
20:04:08.0113 0x15d8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:04:08.0128 0x15d8 vsmraid - ok
20:04:08.0175 0x15d8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:04:08.0284 0x15d8 VSS - ok
20:04:08.0300 0x15d8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:04:08.0331 0x15d8 vwifibus - ok
20:04:08.0362 0x15d8 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:04:08.0378 0x15d8 vwififlt - ok
20:04:08.0425 0x15d8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:04:08.0472 0x15d8 W32Time - ok
20:04:08.0518 0x15d8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:04:08.0534 0x15d8 WacomPen - ok
20:04:08.0565 0x15d8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:04:08.0596 0x15d8 WANARP - ok
20:04:08.0596 0x15d8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:04:08.0628 0x15d8 Wanarpv6 - ok
20:04:08.0643 0x15d8 wanatw - ok
20:04:08.0768 0x15d8 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:04:08.0846 0x15d8 WatAdminSvc - ok
20:04:08.0908 0x15d8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:04:08.0986 0x15d8 wbengine - ok
20:04:09.0018 0x15d8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:04:09.0049 0x15d8 WbioSrvc - ok
20:04:09.0080 0x15d8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:04:09.0127 0x15d8 wcncsvc - ok
20:04:09.0142 0x15d8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:04:09.0174 0x15d8 WcsPlugInService - ok
20:04:09.0189 0x15d8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:04:09.0205 0x15d8 Wd - ok
20:04:09.0252 0x15d8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:04:09.0298 0x15d8 Wdf01000 - ok
20:04:09.0345 0x15d8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:04:09.0361 0x15d8 WdiServiceHost - ok
20:04:09.0376 0x15d8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:04:09.0392 0x15d8 WdiSystemHost - ok
20:04:09.0439 0x15d8 [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
20:04:09.0470 0x15d8 WebClient - ok
20:04:09.0501 0x15d8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:04:09.0532 0x15d8 Wecsvc - ok
20:04:09.0564 0x15d8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:04:09.0595 0x15d8 wercplsupport - ok
20:04:09.0642 0x15d8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:04:09.0688 0x15d8 WerSvc - ok
20:04:09.0735 0x15d8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:04:09.0782 0x15d8 WfpLwf - ok
20:04:09.0798 0x15d8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:04:09.0813 0x15d8 WIMMount - ok
20:04:09.0891 0x15d8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:04:09.0954 0x15d8 WinDefend - ok
20:04:09.0985 0x15d8 WinHttpAutoProxySvc - ok
20:04:10.0063 0x15d8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:04:10.0078 0x15d8 Winmgmt - ok
20:04:10.0141 0x15d8 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
20:04:10.0250 0x15d8 WinRM - ok
20:04:10.0328 0x15d8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:04:10.0344 0x15d8 WinUsb - ok
20:04:10.0406 0x15d8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:04:10.0500 0x15d8 Wlansvc - ok
20:04:10.0562 0x15d8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:04:10.0593 0x15d8 WmiAcpi - ok
20:04:10.0624 0x15d8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:04:10.0671 0x15d8 wmiApSrv - ok
20:04:10.0780 0x15d8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:04:10.0890 0x15d8 WMPNetworkSvc - ok
20:04:10.0921 0x15d8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:04:10.0983 0x15d8 WPCSvc - ok
20:04:11.0030 0x15d8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:04:11.0046 0x15d8 WPDBusEnum - ok
20:04:11.0092 0x15d8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:04:11.0108 0x15d8 ws2ifsl - ok
20:04:11.0139 0x15d8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
20:04:11.0170 0x15d8 wscsvc - ok
20:04:11.0170 0x15d8 WSearch - ok
20:04:11.0264 0x15d8 [ 8F145DC71B87BB4D6829FF6ECC9FB8CE, 7841671FAF9EEF326B6A5F2E63C65DB2F54D15357527EBAD2ADDA1BB1FE0479E ] wuauserv C:\Windows\system32\wuaueng.dll
20:04:11.0420 0x15d8 wuauserv - ok
20:04:11.0451 0x15d8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:04:11.0482 0x15d8 WudfPf - ok
20:04:11.0529 0x15d8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:04:11.0545 0x15d8 WUDFRd - ok
20:04:11.0576 0x15d8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:04:11.0592 0x15d8 wudfsvc - ok
20:04:11.0654 0x15d8 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
20:04:11.0670 0x15d8 WwanSvc - ok
20:04:11.0748 0x15d8 ================ Scan global ===============================
20:04:11.0763 0x15d8 [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
20:04:11.0810 0x15d8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:04:11.0872 0x15d8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
20:04:11.0904 0x15d8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:04:11.0966 0x15d8 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
20:04:11.0982 0x15d8 [ Global ] - ok
20:04:11.0982 0x15d8 ================ Scan MBR ==================================
20:04:12.0028 0x15d8 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
20:04:14.0306 0x15d8 \Device\Harddisk0\DR0 - ok
20:04:14.0306 0x15d8 ================ Scan VBR ==================================
20:04:14.0322 0x15d8 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
20:04:14.0337 0x15d8 \Device\Harddisk0\DR0\Partition1 - ok
20:04:14.0446 0x15d8 [ A77B7F55BA92F0D01D9DCC95F1A2ADC4 ] \Device\Harddisk0\DR0\Partition2
20:04:14.0446 0x15d8 \Device\Harddisk0\DR0\Partition2 - ok
20:04:14.0446 0x15d8 ================ Scan generic autorun ======================
20:04:14.0462 0x15d8 [ 48D6FA401BC3C254E07ACEEBE944CA0C, 260E26B735F39C7118CC60E4CEAB63B92934231092E3E8131AF7389D9A177A59 ] C:\Program Files\Apoint2K\Apoint.exe
20:04:14.0540 0x15d8 Apoint - ok
20:04:14.0602 0x15d8 [ CABF1DF6108BDE0EA1FDFAA67FA02760, 2CEB8E3C2A222C7542B5108DE8280956A12496497FA65709E3830AF8B8141DD5 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:04:14.0618 0x15d8 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:04:17.0098 0x15d8 Detect skipped due to KSN trusted
20:04:17.0098 0x15d8 StartCCC - ok
20:04:17.0332 0x15d8 [ 9B4C1812595C389AB9CCF1FF3B315248, 171094FB819ECBEF54AAD62EA5CD9AF1C36D5D4610129F8D836E907DC971C998 ] C:\Program Files\QuickTime\qttask.exe
20:04:17.0332 0x15d8 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:04:19.0766 0x15d8 Detect skipped due to KSN trusted
20:04:19.0766 0x15d8 QuickTime Task - ok
20:04:19.0828 0x15d8 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:04:19.0844 0x15d8 swg - ok
20:04:20.0062 0x15d8 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Karsten Weikamp\AppData\Local\Google\Update\GoogleUpdate.exe
20:04:20.0078 0x15d8 Google Update - ok
20:04:20.0203 0x0924 Object required for P2P: [ AC11ABBEFC5EBA3116D5D15AE41B108C ] NS
20:04:20.0312 0x15d8 [ 5C35525CEBE7B59FAFA05D5E98D7EDEF, 456BDD801C621B6DE4B2862F846145C6143B19B45BD6459DD29B045879E76562 ] C:\Program Files\CCleaner\CCleaner.exe
20:04:20.0577 0x15d8 CCleaner Monitoring - ok
20:04:20.0593 0x15d8 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:04:20.0608 0x15d8 swg - ok
20:04:20.0608 0x15d8 Waiting for KSN requests completion. In queue: 219
20:04:21.0622 0x15d8 Waiting for KSN requests completion. In queue: 219
20:04:22.0636 0x15d8 Waiting for KSN requests completion. In queue: 219
20:04:22.0699 0x0924 Object send P2P result: true
20:04:22.0699 0x0924 Object required for P2P: [ 34FF2BA6FA0F3722648C2E5F0745C5BD ] SRTSP
20:04:23.0650 0x15d8 Waiting for KSN requests completion. In queue: 116
20:04:24.0665 0x15d8 Waiting for KSN requests completion. In queue: 116
20:04:25.0195 0x0924 Object send P2P result: true
20:04:25.0679 0x15d8 AV detected via SS2: Norton Security, C:\Program Files\Norton Security\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )
20:04:25.0679 0x15d8 FW detected via SS2: Norton Security, C:\Program Files\Norton Security\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )
20:04:28.0097 0x15d8 ============================================================
20:04:28.0097 0x15d8 Scan finished
20:04:28.0097 0x15d8 ============================================================
20:04:28.0097 0x14ec Detected object count: 0
20:04:28.0097 0x14ec Actual detected object count: 0
|
|
17.12.2015, 20:50
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher Büromarkt Nein. Leider nicht. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir HitmanPro  auf Deinen Desktop:HitmanPro-32 Bit Version HitmanPro-64 Bit Version
Schritt 3 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.12.2015, 16:31
| #13 |
| | Makrovirus Böttcher Büromarkt AWD-Cleaner Protokoll folgt, ebenso Hitmann Pro (meldete Trojan in handle.exe und konnte kindle.exe nicht hochladen wg, Zeitüberschreitung. Eset hängt sich bei der kindle.exe auf und läuft nicht weiter, PC hängt dann auch, mehrmals probiert (PC mit Kaltstart wieder zum Laufen gebracht). Auch Norton kommt mit der kindle.exe nicht klar. Was tun? Code:
ATTFilter # AdwCleaner v5.025 - Bericht erstellt am 17/12/2015 um 21:41:32
# Aktualisiert am 13/12/2015 von Xplode
# Datenbank : 2015-12-13.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Karsten Weikamp - ACERLAPTOP
# Gestartet von : C:\Users\Karsten Weikamp\Desktop\AdwCleaner_5.025.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files\Mobogenie
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\AppData\Local\genienext
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\AppData\Local\Mobogenie
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Security Systems
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Yahoo!\Companion
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\Extensions\admin@foxysecure.com
[-] Ordner Gelöscht : C:\Users\Karsten Weikamp\Documents\Mobogenie
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Karsten Weikamp\daemonprocess.txt
[-] Datei Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\foxydeal.sqlite
[-] Datei Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\invalidprefs.js
[-] Datei Gelöscht : C:\Users\Karsten Weikamp\AppData\Roaming\Mozilla\Firefox\Profiles\y1vxf72z.default\searchplugins\safesearch.xml
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Protector
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKCU\Software\Yahoo\YFriendsBar
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Yahoo\Companion
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner[R1].txt - [3595 Bytes] - [03/02/2013 20:11:48]
C:\AdwCleaner[S1].txt - [3532 Bytes] - [03/02/2013 20:13:14]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3519 Bytes] ##########
Code:
ATTFilter
|
|
18.12.2015, 18:46
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Makrovirus Böttcher Büromarkt Schritt 1 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.12.2015, 19:40
| #15 |
| | Makrovirus Böttcher Büromarkt Frst startet trotz ausgeschaltetem Norton und Wlan nicht ! Nach mehrfachen Versuchen war Frst zu starten sucht jetzt aber scon minutenlang ohne Ergebnis zu zeigen, aktivitäts-led am pc leuchtet dauerhaft Der gesamte Pc ist in allem unerträglich träge geworden |
|
| Themen zu Makrovirus Böttcher Büromarkt |
| befindet, benachrichtigung, böttcher, deaktivieren, desktop, entfernt, ergebnis, firma, gen, gestern, guten, heute, infiziert, klicke, klicken, mail, malwarebytes, namen, norton, schließe, schnell, security, versucht, virusfund, überhaupt, öffnen |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
