Trojaner-Board - Laptop verpilzt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Laptop verpilzt (https://www.trojaner-board.de/162697-laptop-verpilzt.html)

Wie es passiert ist - keine Ahnung
Es fing damit an, dass bei einzelne Internetadressen nicht funktionierten und sich Laptop auf der Stelle vom Internet trennt
Avira und Malwarebytes zeigen keinen Befall an
Üblich beginnt es damit, dass der Bildaufbau extrem langsam Zeile für Zeile von oben nach unten erfolgt.
Ab dann ist Schluß und der Curser springt beim Bewegen gottweiswohin - z.B. im Abgesicherten Modus mit Netzwerktreibern nachdem Trendmicro Housecall 420 min gelaufen ist, so dass man zwar noch sieht, was angeblich los ist aber nicht mehr löschen oder in Quarantäne schicken kann.
Dort tauchte neben den bekannten Seuchen in den *.eml Dateien (Spam und Gelöscht Folder) ein neues Gesicht auf, "EXPL CVE20130431, dass sich angeblich im Java rt.jar verbergen soll - Virus Total zeigt aber nichts

Avira lässt sich nicht mehr installieren - und auch das eine oder andere Tool geht nicht mehr. Java lässt sich nicht deinstallieren.

Was soll ich tun? Kann mir jemand hälfen?

Bitte, bitte

Freundlich grüßt

Mischa

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

hi,
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread

A votre service

FRST.TXT
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01

Ran by Dagobert (administrator) on DAGOBERT-PC on 12-01-2015 17:29:20

Running from C:\Users\Dagobert\Desktop

Loaded Profile: Dagobert (Available profiles: Dagobert)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)

HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)

HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)

HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)

HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis)

HKLM\...\Run: [UIExec] => C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()

HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM\...\RunOnce: [GrpConv] => grpconv -o

HKLM\...\RunOnce: [{e7c7c227-b742-4878-9425-f09bbf9951db}] => C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe [770368 2014-12-15] (Avira Operations & Co. KG) <===== ATTENTION

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE ()

Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml

FF Extension: HTTPS-Everywhere - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-23]

FF Extension: Cookie Monster - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-23]

FF Extension: DownloadHelper - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-23]

FF Extension: JonDoFox - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19]

FF Extension: NoScript - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19]

FF Extension: Adblock Plus - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR Profile: C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]

CHR Extension: (Google Drive) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]

CHR Extension: (YouTube) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]

CHR Extension: (Google-Suche) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]

CHR Extension: (Security Plus) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2014-12-29]

CHR Extension: (Avira Browserschutz) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]

CHR Extension: (Ghostery) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-04]

CHR Extension: (Google Wallet) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Google Mail) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis)

S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-07-04] (Acronis)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]

S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]

S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]

S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [547968 2012-06-14] (SEIKO EPSON CORPORATION)

S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]

S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]

S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]

S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]

S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]

S2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-11] (Emsisoft GmbH)

S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)

R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-25] (NewTech Infosystems, Inc.) [File not signed]

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-07-04] (Acronis)

R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)

S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)

S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 Bulk3052i; System32\Drivers\Bulk3052.sys [X]

S3 catchme; \??\C:\Users\Dagobert\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 pmem; \??\C:\Users\Dagobert\AppData\Local\Temp\_MEI11282\drivers\winpmem32.sys [X]

S2 pmp3052v; System32\Drivers\pmp3052v.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-12 17:29 - 2015-01-12 17:29 - 00021079 _____ () C:\Users\Dagobert\Desktop\FRST.txt

2015-01-12 17:29 - 2015-01-12 17:29 - 00000000 ____D () C:\FRST

2015-01-12 17:25 - 2015-01-12 17:25 - 01115648 _____ (Farbar) C:\Users\Dagobert\Desktop\FRST.exe

2015-01-12 15:53 - 2015-01-12 15:53 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(6).exe

2015-01-12 15:47 - 2015-01-12 15:48 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(5).exe

2015-01-12 15:12 - 2015-01-12 15:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws(2).exe

2015-01-12 15:09 - 2015-01-12 15:09 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws.exe

2015-01-12 15:09 - 2015-01-12 15:09 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Dagobert\Downloads\avira_de_av___ws(1).exe

2015-01-11 17:06 - 2015-01-11 17:06 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(4).exe

2015-01-11 17:05 - 2015-01-11 17:05 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(3).exe

2015-01-11 13:58 - 2015-01-11 15:55 - 00000000 ____D () C:\EEK

2015-01-11 13:58 - 2015-01-11 14:01 - 00000695 _____ () C:\Users\Dagobert\Desktop\Start Emsisoft Emergency Kit.lnk

2015-01-11 13:52 - 2015-01-11 13:57 - 165801680 _____ () C:\Users\Dagobert\Downloads\EmsisoftEmergencyKit(1).exe

2015-01-11 11:47 - 2015-01-11 11:54 - 00002303 _____ () C:\rapport.txt

2015-01-11 11:47 - 2015-01-11 11:50 - 00004812 _____ () C:\Windows\system32\tmp.reg

2015-01-11 11:47 - 2015-01-11 11:50 - 00000000 _____ () C:\Windows\system32\tmp.txt

2015-01-11 11:46 - 2009-06-02 11:17 - 00075776 _____ () C:\Windows\system32\WS2Fix.exe

2015-01-11 11:46 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe

2015-01-11 11:46 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe

2015-01-11 11:46 - 2008-10-01 15:51 - 00087552 _____ (S!Ri.URZ) C:\Windows\system32\VACFix.exe

2015-01-11 11:46 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe

2015-01-11 11:46 - 2008-08-18 12:19 - 00082432 _____ (S!Ri.URZ) C:\Windows\system32\404Fix.exe

2015-01-11 11:46 - 2008-05-18 21:40 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.exe

2015-01-11 11:46 - 2007-09-06 00:22 - 00289144 _____ (S!Ri) C:\Windows\system32\VCCLSID.exe

2015-01-11 11:46 - 2006-12-01 06:20 - 00079360 _____ (SteelWerX) C:\Windows\system32\swxcacls.exe

2015-01-11 11:46 - 2006-08-29 19:43 - 00135168 _____ (SteelWerX) C:\Windows\system32\swreg.exe

2015-01-11 11:46 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe

2015-01-11 11:46 - 2006-01-09 10:36 - 00040960 _____ () C:\Windows\system32\swsc.exe

2015-01-11 11:46 - 2004-07-31 18:50 - 00051200 _____ () C:\Windows\system32\dumphive.exe

2015-01-11 11:46 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe

2015-01-10 21:07 - 2015-01-10 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-01-10 18:50 - 2015-01-10 18:50 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(2).exe

2015-01-10 18:49 - 2015-01-10 18:49 - 02002416 _____ (Trend Micro Inc.) C:\Users\Dagobert\Downloads\HousecallLauncher(1).exe

2014-12-15 15:30 - 2014-12-15 15:30 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-12 17:24 - 2013-03-23 04:22 - 00000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat

2015-01-12 17:18 - 2013-03-23 13:31 - 03736216 _____ () C:\Windows\PFRO.log

2015-01-12 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-12 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-12 17:15 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-12 15:13 - 2013-03-23 10:27 - 01213732 _____ () C:\Windows\WindowsUpdate.log

2015-01-12 15:02 - 2014-07-16 12:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-12 06:58 - 2014-08-08 11:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-11 15:47 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-01-11 13:38 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-11 13:25 - 2010-05-22 23:22 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Skype

2015-01-11 13:17 - 2010-06-19 23:45 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\VSO

2015-01-11 11:46 - 2011-03-10 19:59 - 00000000 ___RD () C:\Users\Dagobert\Desktop\Michael

2015-01-11 06:17 - 2012-08-23 23:08 - 00482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache

2015-01-11 06:17 - 2012-08-23 23:07 - 00233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache

2015-01-10 17:49 - 2014-07-16 12:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-10 17:49 - 2014-02-21 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-01 22:17 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-31 23:44 - 2012-06-26 21:17 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\vlc

2014-12-31 23:37 - 2012-02-04 21:19 - 00006144 _____ () C:\Users\Dagobert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-25 14:31 - 2014-06-15 12:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\Adobe

2014-12-25 14:31 - 2013-02-26 21:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-12-25 14:31 - 2013-02-26 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-12-15 15:30 - 2014-08-06 10:15 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-15 15:30 - 2013-04-06 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-15 15:30 - 2013-03-29 13:58 - 00000000 ____D () C:\Program Files\Avira
 

Files to move or delete:

====================

C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe
 
 

Some content of TEMP:

====================

C:\Users\Dagobert\AppData\Local\temp\avgnt.exe

C:\Users\Dagobert\AppData\Local\temp\RtkBtMnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-12 15:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ADDITION.TXTFRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 01

Ran by Dagobert at 2015-01-12 17:30:44

Running from C:\Users\Dagobert\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

1&1 Surf-Stick (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )

Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)

Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)

Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)

Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)

Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)

Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)

Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)

Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)

Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)

Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)

Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)

Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)

Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )

Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)

Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)

Acronis*True*Image*Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)

Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)

Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)

Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)

Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)

Benutzerhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Useg) (Version:  - )

Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)

Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)

Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)

Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)

Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

Cisco WebEx Meetings (HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)

Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)

EKEN PC Driver (HKLM\...\InstallShield_{73861999-F41B-4DCE-8984-30BB3DD6EF12}) (Version: 1.0.1.0 - SunPlus)

EKEN PC Driver (Version: 1.0.1.0 - SunPlus) Hidden

EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)

Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)

Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.50.0000 - EPSON)

Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)

Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)

Jitsi (HKLM\...\{BB36EA7B-6361-40AD-A628-C63012FA3909}) (Version: 1.0.0.0 - Jitsi)

Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)

Launch Manager (HKLM\...\LManager) (Version:  - )

LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden

Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)

Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Word 2002 (HKLM\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Mozilla Firefox 31.3.0 ESR (x86 de) (HKLM\...\Mozilla Firefox 31.3.0 ESR (x86 de)) (Version: 31.3.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)

Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)

Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)

Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden

Netzwerkhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Netg) (Version:  - )

NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)

NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden

NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)

NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden

OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)

PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)

QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)

TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8625  - TeamViewer GmbH)

Tradesignal Web Edition (HKLM\...\{BF8C49DF-64D5-459A-8790-69479C60F49B}) (Version: 5.6.409 - Tradesignal GmbH)

Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VSO Image Resizer 4.0.0.30 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.30 - VSO-Software)

Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
 

==================== Restore Points  =========================
 

11-12-2014 13:43:12 Geplanter Prüfpunkt

19-12-2014 12:28:06 Geplanter Prüfpunkt

28-12-2014 12:41:42 Geplanter Prüfpunkt

04-01-2015 16:30:19 Geplanter Prüfpunkt

08-01-2015 12:42:15 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2006-11-02 11:23 - 2015-01-11 11:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1AEE07DE-1B70-46AD-B6E3-2DCDA1D50C89} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dagobert

Task: {2B548729-D73A-48CC-B763-15FCC7732B33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)

Task: {49D13FFE-2EB4-415A-9F22-C04AB0C00A96} - System32\Tasks\{64B4FB71-4775-4CC6-954D-A73E1E3510D7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/de/abandoninstall?page=tsMain

Task: {4A21B647-8052-4FA2-ADF1-91F3CDEDB070} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)

Task: {50F8028C-8656-499B-808F-777D9128DC46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)

Task: {55770358-E1D3-49CA-8FE3-A9EE7C93A750} - System32\Tasks\{B0896588-5BAD-4463-B646-1807337888D0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar

Task: {93586B2A-49B5-4FC4-90C1-11BD792CAD87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {ECBC6B65-3458-4866-A21D-1441DC310C4C} - System32\Tasks\{C263384A-D8B5-42AF-B77C-81AA509BB1A3} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)

Task: {F47FA0E6-2E4C-4028-B22E-ECEAEF16B513} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2015-01-10 21:07 - 2015-01-10 21:07 - 03801200 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: EpsonCustomerResearchParticipation => 2

MSCONFIG\Services: Netzmanager Service => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\startupfolder: C:^Users^Dagobert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Scan Buttons => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSB.EXE

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: WarReg_PopUp => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-3480060575-1528594488-178791877-500 - Administrator - Disabled)

Dagobert (S-1-5-21-3480060575-1528594488-178791877-1000 - Administrator - Enabled) => C:\Users\Dagobert

Gast (S-1-5-21-3480060575-1528594488-178791877-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter #2

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Broadcom NetLink (TM) Gigabit Ethernet

Description: Broadcom NetLink (TM) Gigabit Ethernet

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: b57nd60x

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: Anwenderinfrarotgeräte

Description: Anwenderinfrarotgeräte

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: circlass

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/12/2015 05:19:18 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 

Error: (01/12/2015 04:07:07 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 

Error: (01/12/2015 03:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fehlerhafte Anwendung avira_de_av___ws(2).exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600,

Prozess-ID 0x698, Anwendungsstartzeit avira_de_av___ws(2).exe0.
 

Error: (01/12/2015 03:05:28 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 

Error: (01/12/2015 07:26:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Anwendung: Avira.OE.Systray.exe

Frameworkversion: v4.0.30319

Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.

Ausnahmeinformationen: System.Net.Sockets.SocketException

Stapel:

   bei System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)

   bei System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)

   bei Avira.OE.WinCore.NetworkStatusListener..ctor()

   bei Avira.OE.WinCore.InternetConnectionMonitor..ctor()

   bei Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow, Avira.OE.WinCore.Interface.IProcessController)

   bei Avira.OE.Systray.SystrayIcon..ctor()

   bei Avira.OE.Systray.Program.Main(System.String[])
 

Error: (01/12/2015 01:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000409, Fehleroffset 0x000723d6,

Prozess-ID 0x564, Anwendungsstartzeit gmer_2.1.19163.exe0.
 

Error: (01/12/2015 01:06:56 AM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 

Error: (01/11/2015 05:04:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: -1216
 

Error: (01/11/2015 05:04:21 PM) (Source: ESENT) (EventID: 454) (User: )

Description: Catalog Database (1180) Catalog Database: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
 

Error: (01/11/2015 05:04:21 PM) (Source: ESENT) (EventID: 494) (User: )

Description: Catalog Database (1180) Catalog Database: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
 
 

System errors:

=============

Error: (01/12/2015 05:20:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: avipbb

avkmgr

spldr

ssmdrv

Wanarpv6
 

Error: (01/12/2015 05:20:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: ComputerbrowserServer%%1068
 

Error: (01/12/2015 05:19:26 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 

Error: (01/12/2015 05:19:25 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 

Error: (01/12/2015 05:19:19 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 

Error: (01/12/2015 05:19:18 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 

Error: (01/12/2015 05:19:09 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (01/12/2015 05:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Video Camera Device(EKEN)%%2
 

Error: (01/12/2015 05:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058
 

Error: (01/12/2015 05:15:51 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B7774C41C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
 
 

Microsoft Office Sessions:

=========================

Error: (03/04/2013 01:54:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 749 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-01-12 07:05:57.491

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:57.148

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:56.804

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:56.446

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:55.634

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:55.198

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:54.761

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-12 07:05:54.402

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-11 23:24:30.838

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-01-11 23:24:30.339

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz

Percentage of memory in use: 26%

Total physical RAM: 2037.68 MB

Available physical RAM: 1496.27 MB

Total Pagefile: 4308.66 MB

Available Pagefile: 3931.37 MB

Total Virtual: 2047.88 MB

Available Virtual: 1901.34 MB
 

==================== Drives ================================
 

Drive c: (ACER) (Fixed) (Total:67.27 GB) (Free:3.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:63.77 GB) (Free:16.5 GB) NTFS

Drive f: (OHL) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 149.1 GB) (Disk ID: 4251E684)

Partition 1: (Not Active) - (Size=14.6 GB) - (Type=12)

Partition 2: (Active) - (Size=67.3 GB) - (Type=06)

Partition 3: (Not Active) - (Size=63.8 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=3.4 GB) - (Type=12)
 

==================== End Of Log ============================

--- --- ---

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hallo Schrauber, ich habe Mist gebaut und aus Versehen mit "Ja" geantwortet, als der Rechner fragte. Danach ging nichts mehr mit Internet. Ich hatte aber vorher den Anti Rootkit ergebnislos und TDSS laufen lassen. Danach habe ich mit einem Wiederhehrstellungspunkt das alte System wieder hergestellt damit das Internet läuft und nochmal den Antirootkit laufen lassen, ohne Ergebnis, und schicke daher das TDSS Log:

00:10:31.0938 0x0438 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
00:10:37.0039 0x0438 ============================================================
00:10:37.0039 0x0438 Current date / time: 2015/01/13 00:10:37.0039
00:10:37.0039 0x0438 SystemInfo:
00:10:37.0039 0x0438
00:10:37.0039 0x0438 OS Version: 6.0.6002 ServicePack: 2.0
00:10:37.0039 0x0438 Product type: Workstation
00:10:37.0039 0x0438 ComputerName: DAGOBERT-PC
00:10:37.0039 0x0438 UserName: Dagobert
00:10:37.0039 0x0438 Windows directory: C:\Windows
00:10:37.0039 0x0438 System windows directory: C:\Windows
00:10:37.0039 0x0438 Processor architecture: Intel x86
00:10:37.0039 0x0438 Number of processors: 2
00:10:37.0039 0x0438 Page size: 0x1000
00:10:37.0039 0x0438 Boot type: Safe boot
00:10:37.0039 0x0438 ============================================================
00:10:37.0850 0x0438 KLMD registered as C:\Windows\system32\drivers\90765352.sys
00:10:38.0100 0x0438 System UUID: {AB7CB255-2CD5-C7F3-65D8-B324967E4984}
00:10:38.0708 0x0438 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:10:38.0708 0x0438 ============================================================
00:10:38.0708 0x0438 \Device\Harddisk0\DR0:
00:10:38.0708 0x0438 MBR partitions:
00:10:38.0708 0x0438 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1D4B800, BlocksNum 0x868C000
00:10:38.0708 0x0438 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA3D7800, BlocksNum 0x7F8C800
00:10:38.0708 0x0438 ============================================================
00:10:38.0755 0x0438 C: <-> \Device\Harddisk0\DR0\Partition1
00:10:38.0786 0x0438 D: <-> \Device\Harddisk0\DR0\Partition2
00:10:38.0786 0x0438 ============================================================
00:10:38.0786 0x0438 Initialize success
00:10:38.0786 0x0438 ============================================================
00:13:16.0299 0x0588 ============================================================
00:13:16.0299 0x0588 Scan started
00:13:16.0299 0x0588 Mode: Manual; SigCheck; TDLFS;
00:13:16.0299 0x0588 ============================================================
00:13:16.0299 0x0588 KSN ping started
00:13:16.0736 0x0588 KSN ping finished: false
00:13:17.0329 0x0588 ================ Scan system memory ========================
00:13:17.0329 0x0588 System memory - ok
00:13:17.0329 0x0588 ================ Scan services =============================
00:13:17.0532 0x0588 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:13:17.0656 0x0588 ACPI - ok
00:13:17.0844 0x0588 [ 6482C272F92EC589B14F9D1756F00641, 3F5F5D9A896B36D6401E69B487534E95CEF84486FBAA13101C51754113CE3DCE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
00:13:17.0906 0x0588 AcrSch2Svc - ok
00:13:18.0015 0x0588 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:13:18.0046 0x0588 AdobeARMservice - ok
00:13:18.0124 0x0588 [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:13:18.0171 0x0588 AdobeFlashPlayerUpdateSvc - ok
00:13:18.0265 0x0588 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:13:18.0312 0x0588 adp94xx - ok
00:13:18.0343 0x0588 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:13:18.0390 0x0588 adpahci - ok
00:13:18.0405 0x0588 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:13:18.0421 0x0588 adpu160m - ok
00:13:18.0452 0x0588 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:13:18.0468 0x0588 adpu320 - ok
00:13:18.0530 0x0588 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:13:18.0686 0x0588 AeLookupSvc - ok
00:13:18.0748 0x0588 [ F132D0BFDE7C5EA1AB42325C5694A969, 5BDAB6D6D390C7C65A3075B749D304449AC6F9E8A2DF54516B8C57A0ACE01B5F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
00:13:18.0764 0x0588 afcdp - ok
00:13:18.0936 0x0588 [ 986A134B1A1770599B7AF9354CBB066F, 5F61A40685DB300C1807D220C0CAC7B0295635942DFB758C1131B131F91EE3D3 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
00:13:19.0076 0x0588 afcdpsrv - ok
00:13:19.0201 0x0588 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
00:13:19.0279 0x0588 AFD - ok
00:13:19.0326 0x0588 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:13:19.0341 0x0588 agp440 - ok
00:13:19.0372 0x0588 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:13:19.0388 0x0588 aic78xx - ok
00:13:19.0419 0x0588 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
00:13:19.0606 0x0588 ALG - ok
00:13:19.0622 0x0588 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
00:13:19.0638 0x0588 aliide - ok
00:13:19.0684 0x0588 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:13:19.0700 0x0588 amdagp - ok
00:13:19.0716 0x0588 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
00:13:19.0731 0x0588 amdide - ok
00:13:19.0747 0x0588 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:13:19.0809 0x0588 AmdK7 - ok
00:13:19.0840 0x0588 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:13:19.0887 0x0588 AmdK8 - ok
00:13:19.0996 0x0588 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:13:20.0106 0x0588 AntiVirSchedulerService - ok
00:13:20.0199 0x0588 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:13:20.0262 0x0588 AntiVirService - ok
00:13:20.0308 0x0588 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
00:13:20.0371 0x0588 Appinfo - ok
00:13:20.0418 0x0588 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
00:13:20.0433 0x0588 arc - ok
00:13:20.0480 0x0588 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:13:20.0496 0x0588 arcsas - ok
00:13:20.0620 0x0588 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:13:20.0683 0x0588 aspnet_state - ok
00:13:20.0730 0x0588 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:13:20.0792 0x0588 AsyncMac - ok
00:13:20.0823 0x0588 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
00:13:20.0839 0x0588 atapi - ok
00:13:20.0917 0x0588 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:13:20.0995 0x0588 AudioEndpointBuilder - ok
00:13:21.0042 0x0588 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:13:21.0088 0x0588 Audiosrv - ok
00:13:21.0120 0x0588 [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:13:21.0135 0x0588 avgntflt - ok
00:13:21.0182 0x0588 [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:13:21.0198 0x0588 avipbb - ok
00:13:21.0322 0x0588 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
00:13:21.0354 0x0588 Avira.OE.ServiceHost - ok
00:13:21.0385 0x0588 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:13:21.0400 0x0588 avkmgr - ok
00:13:21.0478 0x0588 [ 0B92CCF7BFCBE2B33838434F2F50CB61, 021FE5FA53F9208A19B737D1F8F3ED835BB68CE23E4EEDB2CB4F3E433985F9B6 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:13:21.0541 0x0588 b57nd60x - ok
00:13:21.0603 0x0588 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
00:13:21.0650 0x0588 Beep - ok
00:13:21.0728 0x0588 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
00:13:21.0806 0x0588 BFE - ok
00:13:21.0900 0x0588 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
00:13:22.0071 0x0588 BITS - ok
00:13:22.0102 0x0588 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:13:22.0149 0x0588 blbdrive - ok
00:13:22.0196 0x0588 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:13:22.0227 0x0588 bowser - ok
00:13:22.0290 0x0588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:13:22.0336 0x0588 BrFiltLo - ok
00:13:22.0368 0x0588 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:13:22.0414 0x0588 BrFiltUp - ok
00:13:22.0446 0x0588 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
00:13:22.0492 0x0588 Browser - ok
00:13:22.0524 0x0588 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:13:22.0695 0x0588 Brserid - ok
00:13:22.0804 0x0588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:13:22.0851 0x0588 BrSerWdm - ok
00:13:22.0882 0x0588 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:13:22.0945 0x0588 BrUsbMdm - ok
00:13:22.0976 0x0588 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:13:23.0054 0x0588 BrUsbSer - ok
00:13:23.0085 0x0588 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:13:23.0163 0x0588 BTHMODEM - ok
00:13:23.0179 0x0588 Bulk3052i - ok
00:13:23.0288 0x0588 catchme - ok
00:13:23.0335 0x0588 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:13:23.0382 0x0588 cdfs - ok
00:13:23.0460 0x0588 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:13:23.0506 0x0588 cdrom - ok
00:13:23.0538 0x0588 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
00:13:23.0584 0x0588 CertPropSvc - ok
00:13:23.0600 0x0588 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:13:23.0662 0x0588 circlass - ok
00:13:23.0709 0x0588 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
00:13:23.0725 0x0588 CLFS - ok
00:13:23.0772 0x0588 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:13:23.0803 0x0588 clr_optimization_v2.0.50727_32 - ok
00:13:23.0865 0x0588 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:13:23.0959 0x0588 clr_optimization_v4.0.30319_32 - ok
00:13:24.0006 0x0588 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:13:24.0037 0x0588 CmBatt - ok
00:13:24.0068 0x0588 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:13:24.0084 0x0588 cmdide - ok
00:13:24.0099 0x0588 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:13:24.0115 0x0588 Compbatt - ok
00:13:24.0115 0x0588 COMSysApp - ok
00:13:24.0130 0x0588 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:13:24.0146 0x0588 crcdisk - ok
00:13:24.0177 0x0588 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:13:24.0224 0x0588 Crusoe - ok
00:13:24.0286 0x0588 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:13:24.0333 0x0588 CryptSvc - ok
00:13:24.0427 0x0588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:13:24.0520 0x0588 DcomLaunch - ok
00:13:24.0552 0x0588 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:13:24.0583 0x0588 DfsC - ok
00:13:24.0739 0x0588 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
00:13:24.0942 0x0588 DFSR - ok
00:13:25.0035 0x0588 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:13:25.0082 0x0588 Dhcp - ok
00:13:25.0129 0x0588 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
00:13:25.0144 0x0588 disk - ok
00:13:25.0207 0x0588 [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
00:13:25.0207 0x0588 DKbFltr - ok
00:13:25.0285 0x0588 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:13:25.0332 0x0588 Dnscache - ok
00:13:25.0378 0x0588 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
00:13:25.0425 0x0588 dot3svc - ok
00:13:25.0488 0x0588 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
00:13:25.0550 0x0588 DPS - ok
00:13:25.0566 0x0588 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:13:25.0612 0x0588 drmkaud - ok
00:13:25.0690 0x0588 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:13:25.0768 0x0588 DXGKrnl - ok
00:13:25.0815 0x0588 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:13:25.0878 0x0588 E1G60 - ok
00:13:25.0909 0x0588 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
00:13:25.0940 0x0588 EapHost - ok
00:13:26.0002 0x0588 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
00:13:26.0034 0x0588 Ecache - ok
00:13:26.0174 0x0588 [ B84E1ADEC9618ABD328AB6F8C9C7DC90, 965079FD5DF38FBDFE541AE81BD2DDB6128F6F80612494FA42FE0155FF1613CA ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
00:13:26.0236 0x0588 eDataSecurity Service - detected UnsignedFile.Multi.Generic ( 1 )
00:13:26.0346 0x0588 eDataSecurity Service ( UnsignedFile.Multi.Generic ) - warning
00:13:26.0408 0x0588 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:13:26.0470 0x0588 ehRecvr - ok
00:13:26.0486 0x0588 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
00:13:26.0564 0x0588 ehSched - ok
00:13:26.0580 0x0588 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
00:13:26.0611 0x0588 ehstart - ok
00:13:26.0689 0x0588 [ E28516FED46251119ADDAF4CF33BA401, 6CB6436F3214760C414D8897ED0A90EFF2F38C498271F3BC7E05D8414409286B ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
00:13:26.0720 0x0588 eLockService - detected UnsignedFile.Multi.Generic ( 1 )
00:13:26.0720 0x0588 eLockService ( UnsignedFile.Multi.Generic ) - warning
00:13:26.0782 0x0588 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:13:26.0829 0x0588 elxstor - ok
00:13:26.0907 0x0588 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:13:27.0048 0x0588 EMDMgmt - ok
00:13:27.0079 0x0588 [ 44E8E86CEEB0D9F0F934B5EDC21E0444, 516C5B8A921131692AB456ED3D892463CE3FA500E6FB57718183C8B4E892A6AE ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
00:13:27.0094 0x0588 eNet Service - detected UnsignedFile.Multi.Generic ( 1 )
00:13:27.0094 0x0588 eNet Service ( UnsignedFile.Multi.Generic ) - warning
00:13:27.0172 0x0588 [ A14644165086B9D9BEC1461F90A4423B, 9DA9AB8E3F80505D3678BAF206FA941EDD2A9BF2E77439765927C966C08F5751 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
00:13:27.0219 0x0588 EpsonCustomerResearchParticipation - ok
00:13:27.0313 0x0588 [ 59FCCAF915BA89DD98CADF08DA91AFEE, 1286481DF42EBBE13C0FC18ABA514393544CDA17420E71518EF87ADD82D224CB ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
00:13:27.0344 0x0588 eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
00:13:27.0344 0x0588 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
00:13:27.0375 0x0588 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:13:27.0406 0x0588 ErrDev - ok
00:13:27.0484 0x0588 [ A9745687A57CDD71237915859ABA8DAC, DE21C397EBC822622B61189EC6CCF720C76AB6A249188987A10086252A9F26FD ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
00:13:27.0484 0x0588 eSettingsService - detected UnsignedFile.Multi.Generic ( 1 )
00:13:27.0484 0x0588 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
00:13:27.0484 0x0588 Force sending object to P2P due to detect: eSettingsService
00:13:27.0484 0x0588 Object send P2P result: false
00:13:27.0547 0x0588 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
00:13:27.0609 0x0588 EventSystem - ok
00:13:27.0687 0x0588 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
00:13:27.0750 0x0588 exfat - ok
00:13:27.0781 0x0588 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:13:27.0843 0x0588 fastfat - ok
00:13:27.0874 0x0588 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:13:27.0921 0x0588 fdc - ok
00:13:27.0952 0x0588 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
00:13:27.0984 0x0588 fdPHost - ok
00:13:27.0999 0x0588 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
00:13:28.0077 0x0588 FDResPub - ok
00:13:28.0124 0x0588 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:13:28.0140 0x0588 FileInfo - ok
00:13:28.0155 0x0588 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:13:28.0202 0x0588 Filetrace - ok
00:13:28.0233 0x0588 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:13:28.0280 0x0588 flpydisk - ok
00:13:28.0311 0x0588 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:13:28.0342 0x0588 FltMgr - ok
00:13:28.0420 0x0588 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
00:13:28.0545 0x0588 FontCache - ok
00:13:28.0608 0x0588 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:13:28.0623 0x0588 FontCache3.0.0.0 - ok
00:13:28.0670 0x0588 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:13:28.0732 0x0588 Fs_Rec - ok
00:13:28.0795 0x0588 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:13:28.0810 0x0588 gagp30kx - ok
00:13:28.0857 0x0588 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
00:13:28.0951 0x0588 gpsvc - ok
00:13:29.0060 0x0588 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:13:29.0076 0x0588 gupdate - ok
00:13:29.0076 0x0588 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:13:29.0091 0x0588 gupdatem - ok
00:13:29.0154 0x0588 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:13:29.0232 0x0588 HdAudAddService - ok
00:13:29.0310 0x0588 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:13:29.0388 0x0588 HDAudBus - ok
00:13:29.0419 0x0588 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:13:29.0481 0x0588 HidBth - ok
00:13:29.0512 0x0588 [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:13:29.0575 0x0588 HidIr - ok
00:13:29.0590 0x0588 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
00:13:29.0653 0x0588 hidserv - ok
00:13:29.0700 0x0588 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:13:29.0746 0x0588 HidUsb - ok
00:13:29.0778 0x0588 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
00:13:29.0824 0x0588 hkmsvc - ok
00:13:29.0887 0x0588 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:13:29.0902 0x0588 HpCISSs - ok
00:13:29.0949 0x0588 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:13:30.0043 0x0588 HSFHWAZL - ok
00:13:30.0121 0x0588 [ 347385D69C15E3D045AA1CB46E4CB86D, 53DA5E5F92F10DB485507398A5F9BBD5E712C1FFF386B119F958CE9E3F6B87AC ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:13:30.0261 0x0588 HSF_DPV - ok
00:13:30.0324 0x0588 [ 919337D853703267DA203E79A0AC1F2B, D0EE1BB20CF3671C3F68A709E14901E0820828E27F24D5E83B607E6CF8B7C8EB ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:13:30.0355 0x0588 HSXHWAZL - ok
00:13:30.0417 0x0588 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:13:30.0511 0x0588 HTTP - ok
00:13:30.0558 0x0588 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:13:30.0573 0x0588 i2omp - ok
00:13:30.0651 0x0588 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:13:30.0667 0x0588 i8042prt - ok
00:13:30.0745 0x0588 [ 681EF6E0CC7BBAA0C09ACABEB91F669E, 2E0BD4CF3B669922666F9D89D0F47FFB7E850BFF569DE01156C71F76D560A17B ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:13:30.0792 0x0588 IAANTMON - ok
00:13:30.0854 0x0588 [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:13:30.0885 0x0588 iaStor - ok
00:13:30.0916 0x0588 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:13:30.0932 0x0588 iaStorV - ok
00:13:31.0010 0x0588 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:13:31.0088 0x0588 idsvc - ok
00:13:31.0213 0x0588 [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
00:13:31.0431 0x0588 igfx - ok
00:13:31.0447 0x0588 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:13:31.0462 0x0588 iirsp - ok
00:13:31.0525 0x0588 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
00:13:31.0572 0x0588 IKEEXT - ok
00:13:31.0603 0x0588 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
00:13:31.0618 0x0588 int15 - ok
00:13:31.0743 0x0588 [ 9F5898EBD3BBE82EADF2EFA595F02A72, A9A8CEE12F968C35D88443099875A8F96F42547F1991F1DB2E0F14FD423A411D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:13:31.0915 0x0588 IntcAzAudAddService - ok
00:13:31.0977 0x0588 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
00:13:31.0993 0x0588 intelide - ok
00:13:32.0024 0x0588 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:13:32.0071 0x0588 intelppm - ok
00:13:32.0118 0x0588 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:13:32.0164 0x0588 IPBusEnum - ok
00:13:32.0196 0x0588 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:13:32.0242 0x0588 IpFilterDriver - ok
00:13:32.0274 0x0588 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:13:32.0352 0x0588 iphlpsvc - ok
00:13:32.0352 0x0588 IpInIp - ok
00:13:32.0367 0x0588 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:13:32.0430 0x0588 IPMIDRV - ok
00:13:32.0461 0x0588 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:13:32.0492 0x0588 IPNAT - ok
00:13:32.0523 0x0588 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:13:32.0570 0x0588 IRENUM - ok
00:13:32.0586 0x0588 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:13:32.0617 0x0588 isapnp - ok
00:13:32.0664 0x0588 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:13:32.0679 0x0588 iScsiPrt - ok
00:13:32.0710 0x0588 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:13:32.0726 0x0588 iteatapi - ok
00:13:32.0742 0x0588 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:13:32.0757 0x0588 iteraid - ok
00:13:32.0788 0x0588 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:13:32.0804 0x0588 kbdclass - ok
00:13:32.0820 0x0588 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:13:32.0835 0x0588 kbdhid - ok
00:13:32.0898 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
00:13:32.0944 0x0588 KeyIso - ok
00:13:33.0007 0x0588 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:13:33.0069 0x0588 KSecDD - ok
00:13:33.0132 0x0588 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:13:33.0210 0x0588 KtmRm - ok
00:13:33.0256 0x0588 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
00:13:33.0319 0x0588 LanmanServer - ok
00:13:33.0366 0x0588 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:13:33.0459 0x0588 LanmanWorkstation - ok
00:13:33.0568 0x0588 [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:13:33.0584 0x0588 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
00:13:33.0584 0x0588 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:13:33.0631 0x0588 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:13:33.0678 0x0588 lltdio - ok
00:13:33.0724 0x0588 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:13:33.0771 0x0588 lltdsvc - ok
00:13:33.0802 0x0588 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:13:33.0865 0x0588 lmhosts - ok
00:13:33.0896 0x0588 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:13:33.0912 0x0588 LSI_FC - ok
00:13:33.0927 0x0588 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:13:33.0943 0x0588 LSI_SAS - ok
00:13:33.0958 0x0588 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:13:33.0990 0x0588 LSI_SCSI - ok
00:13:34.0005 0x0588 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
00:13:34.0068 0x0588 luafv - ok
00:13:34.0130 0x0588 [ 59A2783ABA6019BED0C843C706E10A6A, EE9F5D846169DCE44B59528AC5104D4CBA94575031528E413C4F5DA058B7059C ] massfilter C:\Windows\system32\drivers\massfilter.sys
00:13:34.0177 0x0588 massfilter - ok
00:13:34.0333 0x0588 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
00:13:34.0458 0x0588 MBAMScheduler - ok
00:13:34.0520 0x0588 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
00:13:34.0536 0x0588 MBAMSwissArmy - ok
00:13:34.0567 0x0588 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:13:34.0598 0x0588 Mcx2Svc - ok
00:13:34.0723 0x0588 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
00:13:34.0738 0x0588 MDM - ok
00:13:34.0785 0x0588 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:13:34.0816 0x0588 mdmxsdk - ok
00:13:34.0863 0x0588 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
00:13:34.0879 0x0588 megasas - ok
00:13:34.0957 0x0588 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
00:13:34.0988 0x0588 MegaSR - ok
00:13:35.0050 0x0588 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
00:13:35.0097 0x0588 MMCSS - ok
00:13:35.0144 0x0588 MobilityService - ok
00:13:35.0160 0x0588 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
00:13:35.0206 0x0588 Modem - ok
00:13:35.0253 0x0588 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:13:35.0300 0x0588 monitor - ok
00:13:35.0331 0x0588 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:13:35.0347 0x0588 mouclass - ok
00:13:35.0362 0x0588 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:13:35.0425 0x0588 mouhid - ok
00:13:35.0456 0x0588 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:13:35.0472 0x0588 MountMgr - ok
00:13:35.0550 0x0588 [ 382B05D37573BB69EDD135D499776DAD, 32E45F46980FAC84FA1E5A093EFFC75EE818172BC4258DE8699390B4325A8117 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:13:35.0565 0x0588 MozillaMaintenance - ok
00:13:35.0612 0x0588 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
00:13:35.0628 0x0588 mpio - ok
00:13:35.0659 0x0588 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:13:35.0690 0x0588 mpsdrv - ok
00:13:35.0752 0x0588 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:13:35.0830 0x0588 MpsSvc - ok
00:13:35.0893 0x0588 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:13:35.0908 0x0588 Mraid35x - ok
00:13:35.0955 0x0588 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:13:35.0986 0x0588 MRxDAV - ok
00:13:36.0033 0x0588 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:13:36.0096 0x0588 mrxsmb - ok
00:13:36.0142 0x0588 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:13:36.0174 0x0588 mrxsmb10 - ok
00:13:36.0189 0x0588 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:13:36.0236 0x0588 mrxsmb20 - ok
00:13:36.0283 0x0588 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
00:13:36.0298 0x0588 msahci - ok
00:13:36.0330 0x0588 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:13:36.0345 0x0588 msdsm - ok
00:13:36.0376 0x0588 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
00:13:36.0423 0x0588 MSDTC - ok
00:13:36.0454 0x0588 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:13:36.0517 0x0588 Msfs - ok
00:13:36.0532 0x0588 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:13:36.0548 0x0588 msisadrv - ok
00:13:36.0595 0x0588 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:13:36.0642 0x0588 MSiSCSI - ok
00:13:36.0642 0x0588 msiserver - ok
00:13:36.0673 0x0588 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:13:36.0735 0x0588 MSKSSRV - ok
00:13:36.0766 0x0588 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:13:36.0798 0x0588 MSPCLOCK - ok
00:13:36.0860 0x0588 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:13:36.0907 0x0588 MSPQM - ok
00:13:36.0954 0x0588 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:13:36.0969 0x0588 MsRPC - ok
00:13:36.0985 0x0588 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:13:37.0000 0x0588 mssmbios - ok
00:13:37.0016 0x0588 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:13:37.0078 0x0588 MSTEE - ok
00:13:37.0094 0x0588 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
00:13:37.0110 0x0588 Mup - ok
00:13:37.0156 0x0588 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
00:13:37.0203 0x0588 napagent - ok
00:13:37.0266 0x0588 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:13:37.0297 0x0588 NativeWifiP - ok
00:13:37.0359 0x0588 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:13:37.0422 0x0588 NDIS - ok
00:13:37.0468 0x0588 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:13:37.0484 0x0588 NdisTapi - ok
00:13:37.0515 0x0588 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:13:37.0562 0x0588 Ndisuio - ok
00:13:37.0593 0x0588 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:13:37.0624 0x0588 NdisWan - ok
00:13:37.0640 0x0588 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:13:37.0671 0x0588 NDProxy - ok
00:13:37.0687 0x0588 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:13:37.0749 0x0588 NetBIOS - ok
00:13:37.0796 0x0588 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:13:37.0843 0x0588 netbt - ok
00:13:37.0874 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
00:13:37.0890 0x0588 Netlogon - ok
00:13:37.0936 0x0588 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
00:13:37.0999 0x0588 Netman - ok
00:13:38.0046 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:13:38.0092 0x0588 NetMsmqActivator - ok
00:13:38.0108 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:13:38.0124 0x0588 NetPipeActivator - ok
00:13:38.0170 0x0588 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
00:13:38.0217 0x0588 netprofm - ok
00:13:38.0233 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:13:38.0248 0x0588 NetTcpActivator - ok
00:13:38.0264 0x0588 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:13:38.0280 0x0588 NetTcpPortSharing - ok
00:13:38.0451 0x0588 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
00:13:38.0638 0x0588 NETw3v32 - ok
00:13:38.0794 0x0588 [ 38D720E0C8B0ECB9A019980265679798, 38A3CCB0AC7A70481B98E29637E6CE2A3B20737E6FF17AF885AE2229EDF08581 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
00:13:39.0028 0x0588 NETw4v32 - ok
00:13:39.0200 0x0588 [ 82FFC84EC3AFC2F2D38DB880F50157C0, 4D37A44A5BBD3ECA2B29FE8565FC5840093E5BB41D197BEDA406BCE4A7C3479A ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
00:13:39.0403 0x0588 Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 )
00:13:39.0403 0x0588 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
00:13:39.0434 0x0588 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:13:39.0450 0x0588 nfrd960 - ok
00:13:39.0512 0x0588 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
00:13:39.0574 0x0588 NlaSvc - ok
00:13:39.0606 0x0588 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:13:39.0652 0x0588 Npfs - ok
00:13:39.0699 0x0588 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
00:13:39.0730 0x0588 nsi - ok
00:13:39.0746 0x0588 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:13:39.0808 0x0588 nsiproxy - ok
00:13:39.0886 0x0588 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:13:39.0964 0x0588 Ntfs - ok
00:13:39.0996 0x0588 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
00:13:40.0027 0x0588 NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
00:13:40.0027 0x0588 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
00:13:40.0042 0x0588 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:13:40.0105 0x0588 ntrigdigi - ok
00:13:40.0120 0x0588 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
00:13:40.0183 0x0588 Null - ok
00:13:40.0604 0x0588 [ 9E8222B2EF8130DB3EA6669FDA358453, D9DD89EAE671F6E7648054AB0F3A9F33A4A1435006B94D3C959FC6C4999330A6 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:13:41.0290 0x0588 nvlddmkm - ok
00:13:41.0337 0x0588 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:13:41.0353 0x0588 nvraid - ok
00:13:41.0400 0x0588 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:13:41.0415 0x0588 nvstor - ok
00:13:41.0446 0x0588 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:13:41.0462 0x0588 nv_agp - ok
00:13:41.0462 0x0588 NwlnkFlt - ok
00:13:41.0478 0x0588 NwlnkFwd - ok
00:13:41.0587 0x0588 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:13:41.0634 0x0588 odserv - ok
00:13:41.0696 0x0588 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:13:41.0743 0x0588 ohci1394 - ok
00:13:41.0774 0x0588 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:13:41.0790 0x0588 ose - ok
00:13:41.0852 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:13:41.0977 0x0588 p2pimsvc - ok
00:13:42.0024 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
00:13:42.0070 0x0588 p2psvc - ok
00:13:42.0133 0x0588 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
00:13:42.0180 0x0588 Parport - ok
00:13:42.0226 0x0588 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:13:42.0242 0x0588 partmgr - ok
00:13:42.0273 0x0588 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:13:42.0336 0x0588 Parvdm - ok
00:13:42.0382 0x0588 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
00:13:42.0414 0x0588 PcaSvc - ok
00:13:42.0460 0x0588 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
00:13:42.0476 0x0588 pci - ok
00:13:42.0507 0x0588 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
00:13:42.0523 0x0588 pciide - ok
00:13:42.0554 0x0588 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:13:42.0570 0x0588 pcmcia - ok
00:13:42.0648 0x0588 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:13:42.0788 0x0588 PEAUTH - ok
00:13:42.0897 0x0588 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
00:13:43.0053 0x0588 pla - ok
00:13:43.0116 0x0588 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:13:43.0147 0x0588 PlugPlay - ok
00:13:43.0272 0x0588 pmem - ok
00:13:43.0303 0x0588 pmp3052v - ok
00:13:43.0365 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:13:43.0412 0x0588 PNRPAutoReg - ok
00:13:43.0459 0x0588 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:13:43.0506 0x0588 PNRPsvc - ok
00:13:43.0568 0x0588 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:13:43.0630 0x0588 PolicyAgent - ok
00:13:43.0693 0x0588 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:13:43.0724 0x0588 PptpMiniport - ok
00:13:43.0740 0x0588 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
00:13:43.0802 0x0588 Processor - ok
00:13:43.0833 0x0588 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
00:13:43.0896 0x0588 ProfSvc - ok
00:13:43.0911 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
00:13:43.0942 0x0588 ProtectedStorage - ok
00:13:43.0958 0x0588 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:13:44.0005 0x0588 PSched - ok
00:13:44.0036 0x0588 [ 18DE162F9B83079C24CD96F59292F5ED, 9832289F2F7C8DC3A8B4C7FBD90E0FDDFD41D0A0E6E40D90F98CFD6E8E93C974 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
00:13:44.0052 0x0588 PSDFilter - ok
00:13:44.0067 0x0588 [ BC1457A28E76AB3106D43802AC22A627, 450F7E8D6990A7089905E23F9B0BA239A25E45778C57FB4E8909E15196D09A26 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
00:13:44.0083 0x0588 PSDNServ - ok
00:13:44.0098 0x0588 [ AC151E5B0943304E368C98EC78B5FC4F, 6CFC7668BE7632FC72C9D8FF45F061557F768EE23FDF7AD63CA82035E03E5F1B ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
00:13:44.0114 0x0588 psdvdisk - ok
00:13:44.0208 0x0588 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:13:44.0286 0x0588 ql2300 - ok
00:13:44.0332 0x0588 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:13:44.0348 0x0588 ql40xx - ok
00:13:44.0379 0x0588 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
00:13:44.0442 0x0588 QWAVE - ok
00:13:44.0473 0x0588 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:13:44.0520 0x0588 QWAVEdrv - ok
00:13:44.0535 0x0588 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:13:44.0566 0x0588 RasAcd - ok
00:13:44.0598 0x0588 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
00:13:44.0644 0x0588 RasAuto - ok
00:13:44.0660 0x0588 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:13:44.0722 0x0588 Rasl2tp - ok
00:13:44.0769 0x0588 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
00:13:44.0800 0x0588 RasMan - ok
00:13:44.0847 0x0588 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:13:44.0863 0x0588 RasPppoe - ok
00:13:44.0878 0x0588 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:13:44.0925 0x0588 RasSstp - ok
00:13:44.0988 0x0588 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:13:45.0034 0x0588 rdbss - ok
00:13:45.0066 0x0588 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:13:45.0112 0x0588 RDPCDD - ok
00:13:45.0175 0x0588 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:13:45.0222 0x0588 rdpdr - ok
00:13:45.0222 0x0588 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:13:45.0268 0x0588 RDPENCDD - ok
00:13:45.0315 0x0588 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:13:45.0378 0x0588 RDPWD - ok
00:13:45.0440 0x0588 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
00:13:45.0487 0x0588 RemoteAccess - ok
00:13:45.0534 0x0588 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:13:45.0565 0x0588 RemoteRegistry - ok
00:13:45.0612 0x0588 [ 0A468612A19FEB657D127E7C4810F6FC, B31A083FA10051BE5132D759A904E131E9DD1C4CE79310A75213B9C48247739B ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
00:13:45.0658 0x0588 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
00:13:45.0658 0x0588 RichVideo ( UnsignedFile.Multi.Generic ) - warning
00:13:45.0705 0x0588 [ A5B12A4B3B774432DB9B9FA221190E59, 1DAAB43A2429035BAB8403E5D24F50F82BD41B5B478B344C3C58D49F1E15C2AE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:13:45.0768 0x0588 rimmptsk - ok
00:13:45.0783 0x0588 [ C398BCA91216755B098679A8DA8A2300, 1FDDC3D927509AB10C3B0B7900DCE78DEC6B1C3CAE80F78EFCFBB628673B2143 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:13:45.0814 0x0588 rimsptsk - ok
00:13:45.0830 0x0588 [ 2A2554CB24506E0A0508FC395C4A1B42, B989AE65727C971D508E7284707258FCCC9213B510F4C2A257D3069A3DABE20B ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:13:45.0846 0x0588 rismxdp - ok
00:13:45.0877 0x0588 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
00:13:45.0908 0x0588 RpcLocator - ok
00:13:45.0955 0x0588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
00:13:46.0002 0x0588 RpcSs - ok
00:13:46.0033 0x0588 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:13:46.0064 0x0588 rspndr - ok
00:13:46.0095 0x0588 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
00:13:46.0111 0x0588 SamSs - ok
00:13:46.0142 0x0588 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:13:46.0158 0x0588 sbp2port - ok
00:13:46.0189 0x0588 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:13:46.0251 0x0588 SCardSvr - ok
00:13:46.0298 0x0588 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
00:13:46.0423 0x0588 Schedule - ok
00:13:46.0438 0x0588 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
00:13:46.0470 0x0588 SCPolicySvc - ok
00:13:46.0485 0x0588 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:13:46.0532 0x0588 sdbus - ok
00:13:46.0579 0x0588 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:13:46.0641 0x0588 SDRSVC - ok
00:13:46.0672 0x0588 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:13:46.0750 0x0588 secdrv - ok
00:13:46.0766 0x0588 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
00:13:46.0813 0x0588 seclogon - ok
00:13:46.0860 0x0588 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
00:13:46.0906 0x0588 SENS - ok
00:13:46.0922 0x0588 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
00:13:47.0000 0x0588 Serenum - ok
00:13:47.0016 0x0588 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
00:13:47.0094 0x0588 Serial - ok
00:13:47.0140 0x0588 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:13:47.0172 0x0588 sermouse - ok
00:13:47.0218 0x0588 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
00:13:47.0250 0x0588 SessionEnv - ok
00:13:47.0265 0x0588 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:13:47.0312 0x0588 sffdisk - ok
00:13:47.0328 0x0588 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:13:47.0374 0x0588 sffp_mmc - ok
00:13:47.0421 0x0588 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:13:47.0468 0x0588 sffp_sd - ok
00:13:47.0499 0x0588 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:13:47.0577 0x0588 sfloppy - ok
00:13:47.0640 0x0588 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:13:47.0686 0x0588 SharedAccess - ok
00:13:47.0733 0x0588 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:13:47.0796 0x0588 ShellHWDetection - ok
00:13:47.0811 0x0588 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:13:47.0842 0x0588 sisagp - ok
00:13:47.0858 0x0588 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:13:47.0874 0x0588 SiSRaid2 - ok
00:13:47.0889 0x0588 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:13:47.0905 0x0588 SiSRaid4 - ok
00:13:48.0123 0x0588 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
00:13:48.0404 0x0588 slsvc - ok
00:13:48.0466 0x0588 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:13:48.0498 0x0588 SLUINotify - ok
00:13:48.0544 0x0588 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:13:48.0591 0x0588 Smb - ok
00:13:48.0638 0x0588 [ FFD9B64DB2CD7B74B766C3A8452A5816, 48842988977E57C57989B7AF73A9A23A93595085E3ED78C472E323716C2F819B ] snapman C:\Windows\system32\DRIVERS\snapman.sys
00:13:48.0669 0x0588 snapman - ok
00:13:48.0685 0x0588 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:13:48.0700 0x0588 SNMPTRAP - ok
00:13:48.0841 0x0588 [ 1C550748F896E53B7B0FE7717845132B, B745D22DCB6AFFCC9B5E0BF38B68440B54080B17ED9DF7EB414F84EB035E1F30 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
00:13:49.0012 0x0588 SNP2UVC - ok
00:13:49.0044 0x0588 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
00:13:49.0059 0x0588 spldr - ok
00:13:49.0106 0x0588 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
00:13:49.0168 0x0588 Spooler - ok
00:13:49.0215 0x0588 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
00:13:49.0293 0x0588 srv - ok
00:13:49.0324 0x0588 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:13:49.0402 0x0588 srv2 - ok
00:13:49.0418 0x0588 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:13:49.0465 0x0588 srvnet - ok
00:13:49.0512 0x0588 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:13:49.0543 0x0588 SSDPSRV - ok
00:13:49.0605 0x0588 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
00:13:49.0621 0x0588 ssmdrv - ok
00:13:49.0668 0x0588 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:13:49.0714 0x0588 SstpSvc - ok
00:13:49.0777 0x0588 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
00:13:49.0824 0x0588 stisvc - ok
00:13:49.0870 0x0588 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:13:49.0886 0x0588 swenum - ok
00:13:49.0917 0x0588 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
00:13:49.0995 0x0588 swprv - ok
00:13:50.0011 0x0588 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:13:50.0026 0x0588 Symc8xx - ok
00:13:50.0042 0x0588 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:13:50.0058 0x0588 Sym_hi - ok
00:13:50.0089 0x0588 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:13:50.0104 0x0588 Sym_u3 - ok
00:13:50.0136 0x0588 [ C5F25D490D0915732508FD421BF76D93, 9DDF1CBC69C3A1D157073F897AE797ECA257F1CC9659A75F6DFF0C30594C06DD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:13:50.0151 0x0588 SynTP - ok
00:13:50.0198 0x0588 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
00:13:50.0307 0x0588 SysMain - ok
00:13:50.0338 0x0588 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:13:50.0370 0x0588 TabletInputService - ok
00:13:50.0401 0x0588 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:13:50.0448 0x0588 TapiSrv - ok
00:13:50.0463 0x0588 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
00:13:50.0526 0x0588 TBS - ok
00:13:50.0604 0x0588 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:13:50.0666 0x0588 Tcpip - ok
00:13:50.0744 0x0588 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:13:50.0806 0x0588 Tcpip6 - ok
00:13:50.0853 0x0588 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:13:50.0947 0x0588 tcpipreg - ok
00:13:50.0978 0x0588 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:13:51.0025 0x0588 TDPIPE - ok
00:13:51.0103 0x0588 [ 3630F5B8181554DEECFE2E4252BC4C4C, 4C827CD4C3880854DE1CE232118F21E09A8731441D7203D5CA1ACBF8CDDF8B70 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys
00:13:51.0165 0x0588 tdrpman251 - ok
00:13:51.0212 0x0588 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:13:51.0259 0x0588 TDTCP - ok
00:13:51.0306 0x0588 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:13:51.0337 0x0588 tdx - ok
00:13:51.0430 0x0588 [ 9993A46795FEE757D418119A00FA2FDC, EB0E8D230D99C6ADBBC04A50A9E44C37BF06881FF0E2A2620BE8CC87CA72A8EB ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
00:13:51.0446 0x0588 TeamViewer5 - ok
00:13:51.0477 0x0588 [ 9101FFFCFCCD1A30E870A5B8A9091B10, 58AAB0F6FF78FD0ECDD8D9DA1B6852E9E57E3DAA39489ABDDBA106ECE0B3BCA7 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
00:13:51.0493 0x0588 teamviewervpn - ok
00:13:51.0555 0x0588 [ 5D528200679C3B4595B4237E02C077D5, 48496E4FA2FFF68B69B8E11244D749040ABDAE92B9ACF7F7E131BBA82114282D ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
00:13:51.0571 0x0588 TelekomNM3 - ok
00:13:51.0602 0x0588 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:13:51.0618 0x0588 TermDD - ok
00:13:51.0664 0x0588 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
00:13:51.0758 0x0588 TermService - ok
00:13:51.0789 0x0588 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
00:13:51.0820 0x0588 Themes - ok
00:13:51.0836 0x0588 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
00:13:51.0867 0x0588 THREADORDER - ok
00:13:51.0930 0x0588 [ C820BFC70FEB25EC877C49E81CD477C1, 5830A2A028C30CF3331832056A698C9B35B0765CAE82EB916AD603CF15B7C03C ] timounter C:\Windows\system32\DRIVERS\timntr.sys
00:13:51.0976 0x0588 timounter - ok
00:13:52.0023 0x0588 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
00:13:52.0054 0x0588 TrkWks - ok
00:13:52.0117 0x0588 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:13:52.0164 0x0588 TrustedInstaller - ok
00:13:52.0195 0x0588 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:52.0242 0x0588 tssecsrv - ok
00:13:52.0304 0x0588 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:13:52.0335 0x0588 tunmp - ok
00:13:52.0351 0x0588 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:13:52.0382 0x0588 tunnel - ok
00:13:52.0398 0x0588 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:13:52.0413 0x0588 uagp35 - ok
00:13:52.0444 0x0588 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:13:52.0491 0x0588 udfs - ok
00:13:52.0569 0x0588 [ 13BFF97E926BF8D9C1230CECC371A0C0, 2A15D85E41D3986401D74CBCA36E190E82A61F99EECE0AB85A1CF2A57C60FD85 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
00:13:52.0585 0x0588 UI Assistant Service - ok
00:13:52.0616 0x0588 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:13:52.0663 0x0588 UI0Detect - ok
00:13:52.0678 0x0588 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:13:52.0694 0x0588 uliagpkx - ok
00:13:52.0725 0x0588 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:13:52.0741 0x0588 uliahci - ok
00:13:52.0772 0x0588 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:13:52.0788 0x0588 UlSata - ok
00:13:52.0819 0x0588 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:13:52.0834 0x0588 ulsata2 - ok
00:13:52.0850 0x0588 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:13:52.0897 0x0588 umbus - ok
00:13:52.0912 0x0588 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
00:13:52.0975 0x0588 upnphost - ok
00:13:53.0037 0x0588 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:53.0100 0x0588 usbccgp - ok
00:13:53.0131 0x0588 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:13:53.0209 0x0588 usbcir - ok
00:13:53.0256 0x0588 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:13:53.0271 0x0588 usbehci - ok
00:13:53.0318 0x0588 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:13:53.0349 0x0588 usbhub - ok
00:13:53.0380 0x0588 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:13:53.0458 0x0588 usbohci - ok
00:13:53.0474 0x0588 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
00:13:53.0536 0x0588 usbprint - ok
00:13:53.0568 0x0588 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:53.0599 0x0588 USBSTOR - ok
00:13:53.0646 0x0588 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:13:53.0677 0x0588 usbuhci - ok
00:13:53.0724 0x0588 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
00:13:53.0770 0x0588 UxSms - ok
00:13:53.0817 0x0588 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
00:13:53.0911 0x0588 vds - ok
00:13:53.0942 0x0588 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:54.0004 0x0588 vga - ok
00:13:54.0020 0x0588 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:13:54.0067 0x0588 VgaSave - ok
00:13:54.0114 0x0588 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:13:54.0129 0x0588 viaagp - ok
00:13:54.0145 0x0588 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:13:54.0176 0x0588 ViaC7 - ok
00:13:54.0207 0x0588 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
00:13:54.0223 0x0588 viaide - ok
00:13:54.0238 0x0588 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:13:54.0254 0x0588 volmgr - ok
00:13:54.0285 0x0588 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:13:54.0316 0x0588 volmgrx - ok
00:13:54.0348 0x0588 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:13:54.0379 0x0588 volsnap - ok
00:13:54.0426 0x0588 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:13:54.0441 0x0588 vsmraid - ok
00:13:54.0519 0x0588 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
00:13:54.0644 0x0588 VSS - ok
00:13:54.0691 0x0588 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
00:13:54.0738 0x0588 W32Time - ok
00:13:54.0800 0x0588 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:13:54.0862 0x0588 WacomPen - ok
00:13:54.0894 0x0588 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:13:54.0925 0x0588 Wanarp - ok
00:13:54.0925 0x0588 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:13:54.0956 0x0588 Wanarpv6 - ok
00:13:55.0003 0x0588 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:13:55.0081 0x0588 wcncsvc - ok
00:13:55.0128 0x0588 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:13:55.0159 0x0588 WcsPlugInService - ok
00:13:55.0174 0x0588 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
00:13:55.0190 0x0588 Wd - ok
00:13:55.0252 0x0588 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:13:55.0315 0x0588 Wdf01000 - ok
00:13:55.0346 0x0588 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:13:55.0377 0x0588 WdiServiceHost - ok
00:13:55.0377 0x0588 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:13:55.0424 0x0588 WdiSystemHost - ok
00:13:55.0455 0x0588 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
00:13:55.0518 0x0588 WebClient - ok
00:13:55.0564 0x0588 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:13:55.0627 0x0588 Wecsvc - ok
00:13:55.0658 0x0588 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:13:55.0705 0x0588 wercplsupport - ok
00:13:55.0736 0x0588 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
00:13:55.0798 0x0588 WerSvc - ok
00:13:55.0861 0x0588 [ 3344B5C3209E538291398FF12F895155, 7F725285347D73C28B522CF38F78C7C5F7ED360948133E58D14D71D45DB71720 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:13:55.0954 0x0588 winachsf - ok
00:13:56.0001 0x0588 [ 3FA87D56769838AAC82FAFC3E78FC732, E1D942D59A7EDB1768D39D87D637C6F87C84711D0776FF2C69161350D037663B ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
00:13:56.0017 0x0588 winbondcir - ok
00:13:56.0079 0x0588 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:13:56.0110 0x0588 WinDefend - ok
00:13:56.0110 0x0588 WinHttpAutoProxySvc - ok
00:13:56.0188 0x0588 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:13:56.0220 0x0588 Winmgmt - ok
00:13:56.0298 0x0588 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
00:13:56.0500 0x0588 WinRM - ok
00:13:56.0578 0x0588 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:13:56.0672 0x0588 Wlansvc - ok
00:13:56.0672 0x0588 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:13:56.0703 0x0588 WmiAcpi - ok
00:13:56.0750 0x0588 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:13:56.0797 0x0588 wmiApSrv - ok
00:13:56.0890 0x0588 [ C8F8AAC50B5B0BF821AB7D7126056B30, 9E392A6198B941FEBF3AE509626887C68457C7349866AB9B719B15FE52659C29 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
00:13:56.0922 0x0588 WMIService - detected UnsignedFile.Multi.Generic ( 1 )
00:13:56.0922 0x0588 WMIService ( UnsignedFile.Multi.Generic ) - warning
00:13:57.0000 0x0588 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:13:57.0140 0x0588 WMPNetworkSvc - ok
00:13:57.0171 0x0588 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:13:57.0234 0x0588 WPCSvc - ok
00:13:57.0265 0x0588 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:13:57.0327 0x0588 WPDBusEnum - ok
00:13:57.0499 0x0588 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:13:57.0592 0x0588 WPFFontCache_v0400 - ok
00:13:57.0624 0x0588 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:13:57.0670 0x0588 ws2ifsl - ok
00:13:57.0733 0x0588 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
00:13:57.0764 0x0588 wscsvc - ok
00:13:57.0764 0x0588 WSearch - ok
00:13:57.0811 0x0588 [ 2584DF81CC9F7E7BD3545691106F8CAE, 1278F9727730075BAC87BB76800BB3533B9C929F66CDFEAC669931A3F4211A48 ] WSVD C:\Windows\system32\drivers\WSVD.sys
00:13:57.0826 0x0588 WSVD - ok
00:13:57.0951 0x0588 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
00:13:58.0076 0x0588 wuauserv - ok
00:13:58.0138 0x0588 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:13:58.0154 0x0588 WudfPf - ok
00:13:58.0216 0x0588 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:13:58.0232 0x0588 WUDFRd - ok
00:13:58.0310 0x0588 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:13:58.0341 0x0588 wudfsvc - ok
00:13:58.0372 0x0588 [ 2E579520E114A9CA309F13BF40AD8292, A7C926AD8E126E90F83799D907AD51F8F3C2C2799E2E2D005357DEE58B73B333 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
00:13:58.0372 0x0588 XAudio - ok
00:13:58.0419 0x0588 [ F82FC2C30A19442B95AE554215837C46, 7CAD611D660264BB22069148DC16601D3458D1372FC1DE85BD004906E19D05B4 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
00:13:58.0466 0x0588 XAudioService - ok
00:13:58.0544 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
00:13:58.0575 0x0588 ZTEusbmdm6k - ok
00:13:58.0591 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
00:13:58.0606 0x0588 ZTEusbnmea - ok
00:13:58.0653 0x0588 [ 3862318F85BE7A91957ADA5E814ED58C, 28EC5D2A5892DA27796632034ED93B898363BBBFEFBE3B70EBDBFE7F917921E8 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
00:13:58.0669 0x0588 ZTEusbser6k - ok
00:13:58.0716 0x0588 [ 5867CE254625645345C833510D24F124, 72808936B15373DDB3B3DAD46D0368A9CBD5CF0829F0FE2D63F3A0731102277C ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
00:13:58.0731 0x0588 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
00:13:58.0747 0x0588 ================ Scan global ===============================
00:13:58.0778 0x0588 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
00:13:58.0825 0x0588 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
00:13:58.0887 0x0588 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
00:13:58.0934 0x0588 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
00:13:58.0965 0x0588 [ Global ] - ok
00:13:58.0965 0x0588 ================ Scan MBR ==================================
00:13:58.0981 0x0588 [ 7188A7A9747B3170479FE1B3850FCD15 ] \Device\Harddisk0\DR0
00:14:00.0073 0x0588 \Device\Harddisk0\DR0 - ok
00:14:00.0073 0x0588 ================ Scan VBR ==================================
00:14:00.0073 0x0588 [ 202F2A264FF621C88400E9EA5EFB1C2C ] \Device\Harddisk0\DR0\Partition1
00:14:00.0135 0x0588 \Device\Harddisk0\DR0\Partition1 - ok
00:14:00.0135 0x0588 [ 6BD4749A5583B5D1490C9FBDB9FF48A7 ] \Device\Harddisk0\DR0\Partition2
00:14:00.0151 0x0588 \Device\Harddisk0\DR0\Partition2 - ok
00:14:00.0151 0x0588 ================ Scan generic autorun ======================
00:14:00.0166 0x0588 NvSvc - ok
00:14:00.0166 0x0588 NvCplDaemon - ok
00:14:00.0166 0x0588 NvMediaCenter - ok
00:14:00.0229 0x0588 [ EED2120454E74AA5C257947986B4D068, 1E68F6DF831941B8F3C5F2B0A67AB5F9A9C94901DD37B31654D91DE38110B9E0 ] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
00:14:00.0260 0x0588 SynTPStart - ok
00:14:00.0322 0x0588 [ C7D5F71489FA92A6D2069E0C9862799F, D7B66F480F572EB0795ED2496C7BCF56E5FE73372DBE13A2BE4221BA9D7F55AB ] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
00:14:00.0400 0x0588 eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 )
00:14:00.0400 0x0588 eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - warning
00:14:00.0494 0x0588 [ 20F0D48EA1631579D84157658A59C5CD, AD3039FF96C7147CBE3FBB3DC7F87F7957B70BDFC6DF1F087FA2DB96B0C6B568 ] C:\Acer\Empowering Technology\eAudio\eAudio.exe
00:14:00.0603 0x0588 eAudio - detected UnsignedFile.Multi.Generic ( 1 )
00:14:00.0603 0x0588 eAudio ( UnsignedFile.Multi.Generic ) - warning
00:14:00.0681 0x0588 [ C2C80A16DF3C72B331333B8C01E7731C, 50A157DEE57A491A776F1208FEEC92A34A13B995FE7C9AF1E7C933F1A069B568 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
00:14:00.0697 0x0588 IAAnotif - ok
00:14:00.0931 0x0588 [ D6136DEFFF8EB6AD98F401ED43853EB9, EE82FE47A09EA532C796CC3E399C9D4577FDA06C1E7D52479FA9B74C6B407810 ] C:\Windows\RtHDVCpl.exe
00:14:01.0368 0x0588 RtHDVCpl - ok
00:14:01.0477 0x0588 [ 1AFA1CBBB859A9F335FEC2F8CF3D5D0B, 129F2BDB93E7D06F01B066285D94F61AE54C99133B8063C655315E3210137F6C ] C:\Windows\Skytel.exe
00:14:01.0617 0x0588 Skytel - ok
00:14:01.0695 0x0588 [ 806DB5F4FC5185AFC608E881979CC25F, B4991488DB86C84D5B2EB7F900541CBB094A87877DD82CB39411B59DA174B3F2 ] C:\Windows\system32\igfxtray.exe
00:14:01.0711 0x0588 IgfxTray - ok
00:14:01.0742 0x0588 [ D4975555E91636FCF4809E51731F80D8, 5A24C4C38B3ADD25F04A9E327314B23F1A7C63C44C4EB78AC234049FBFB60217 ] C:\Windows\system32\hkcmd.exe
00:14:01.0758 0x0588 HotKeysCmds - ok
00:14:01.0773 0x0588 [ CD12A46AE81306C2F14B19A58E1058B0, 699573D9C5C109813EFDA73283F9274300888002239831073FB164F91640EF65 ] C:\Windows\system32\igfxpers.exe
00:14:01.0789 0x0588 Persistence - ok
00:14:01.0867 0x0588 [ 5927ADDBD2819585B7AC3BC95009619C, A7E7049CE32CFDE02B592A55970653A74B9CEB64F6ECA542944CEA2283BDAD34 ] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
00:14:01.0929 0x0588 LManager - ok
00:14:01.0960 0x0588 [ C53545EEBCA33339313EEC5D00AEF648, DD0C3FDBB7ED4257D765F770D656229754CEE2357FF3EAC8E4648CF26321BB48 ] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
00:14:01.0992 0x0588 PlayMovie - detected UnsignedFile.Multi.Generic ( 1 )
00:14:01.0992 0x0588 PlayMovie ( UnsignedFile.Multi.Generic ) - warning
00:14:01.0992 0x0588 Force sending object to P2P due to detect: C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
00:14:02.0007 0x0588 Object send P2P result: false
00:14:02.0007 0x0588 PLFSet - ok
00:14:02.0288 0x0588 [ 120B482E4A0333ED3C7D6159DCAA3F4B, 887A63E33D0927240732EF1A6C445366BC91C96EC2EF794132CB4325D737CBBA ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
00:14:02.0647 0x0588 TrueImageMonitor.exe - ok
00:14:02.0803 0x0588 [ C0FB9C45E749EAD86588755CE263AB4C, 2F819CE88F306DEA3DADE6CDA3BA5C9D903F0A99ACCC9E987C118A3E176D72FE ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
00:14:02.0834 0x0588 Acronis Scheduler2 Service - ok
00:14:02.0881 0x0588 [ 79DE5E0997A94ED1D336B314005C4543, 8637F483CC2C1F181B23CC3A0BAB010D7B9F82661FFE6202BCECF1E6CA2F7EAA ] C:\Program Files\1&1 Surf-Stick\UIExec.exe
00:14:02.0896 0x0588 UIExec - ok
00:14:02.0990 0x0588 [ 7FA30B0DE75D61B4E8E8734B2BB6CA6C, C545C83A6F7B6CDFA2C0393553AE3CCCE6FCC11CCB4026470D414B06EC679581 ] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
00:14:03.0037 0x0588 FUFAXRCV - detected UnsignedFile.Multi.Generic ( 1 )
00:14:03.0037 0x0588 FUFAXRCV ( UnsignedFile.Multi.Generic ) - warning
00:14:03.0099 0x0588 [ E476F00C910C1A96978FB30859E10919, 3F0DDF6DC7DB346BFB8AD9DD76F53143415FEED620A49B35A16168606A1942B4 ] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
00:14:03.0162 0x0588 FUFAXSTM - detected UnsignedFile.Multi.Generic ( 1 )
00:14:03.0162 0x0588 FUFAXSTM ( UnsignedFile.Multi.Generic ) - warning
00:14:03.0302 0x0588 [ D3AC38E80E928CC61A22650E04423BB8, 8DB324E5BCC2A721EB0C48F0F3ECC21E49D6172A3BF8ACC55244C08FAEB3101C ] C:\Program Files\Epson Software\Event Manager\EEventManager.exe
00:14:03.0380 0x0588 EEventManager - ok
00:14:03.0520 0x0588 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:14:03.0598 0x0588 Adobe ARM - ok
00:14:03.0723 0x0588 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
00:14:03.0786 0x0588 avgnt - ok
00:14:03.0879 0x0588 [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
00:14:03.0910 0x0588 Avira Systray - ok
00:14:04.0004 0x0588 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
00:14:04.0144 0x0588 Sidebar - ok
00:14:04.0191 0x0588 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
00:14:04.0238 0x0588 ehTray.exe - ok
00:14:04.0300 0x0588 Skype - ok
00:14:04.0378 0x0588 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
00:14:04.0378 0x0588 Win FW state via NFP2: enabled
00:14:04.0378 0x0588 ============================================================
00:14:04.0378 0x0588 Scan finished
00:14:04.0378 0x0588 ============================================================
00:14:04.0394 0x055c Detected object count: 15
00:14:04.0394 0x055c Actual detected object count: 15
00:38:49.0467 0x055c eDataSecurity Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0467 0x055c eDataSecurity Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0467 0x055c eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0467 0x055c eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0467 0x055c eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0467 0x055c eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0467 0x055c eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0467 0x055c eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0498 0x055c eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0498 0x055c eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0498 0x055c LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0498 0x055c LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0514 0x055c Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0514 0x055c Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0514 0x055c NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0514 0x055c NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0530 0x055c RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0530 0x055c RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0545 0x055c WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0545 0x055c WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0576 0x055c eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0576 0x055c eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0576 0x055c eAudio ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0576 0x055c eAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0576 0x055c PlayMovie ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0576 0x055c PlayMovie ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0576 0x055c FUFAXRCV ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0576 0x055c FUFAXRCV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:49.0576 0x055c FUFAXSTM ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:49.0576 0x055c FUFAXSTM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:38.0488 0x0390 Deinitialize success

Freundlich grüßt

Mischa

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Schrauber, sorry es gab Probleme
AVIRA war nicht zu stoppen und nicht zu deinstallieren obwohl combofix es verlangte
Habe auch erfolglos versucht manuell zu lõschen
Dann habe ich Avira im Startup lahmgelegt
Seitdem ging Abgesicherter Modus nicht
Screen black und frozen beim Start habe normal starten können
Jetzt poppte Avira Deinstalfenster auf und funktionierte
Habe dann Combofix im Normalmodus laufen lassen
Lief bis Stufe 10
Dann Blackscreen und Rechner ist frozen
Habe Sorge auszuschalten
Was tun? Bitte Hilfe schreibe vom Notepad

Hart rebooten, dann nochmal Combofix.

Danke, hat funktioniert

Code:

ComboFix 15-01-08.01 - Dagobert 16.01.2015  20:15:38.3.1 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.1634 [GMT 1:00]

ausgeführt von:: c:\users\Dagobert\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dagobert\4.0

c:\users\Dagobert\AppData\Roaming\.#

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-12-16 bis 2015-01-16  ))))))))))))))))))))))))))))))

.

.

2015-01-16 19:27 . 2015-01-16 19:34        --------        d-----w-        c:\users\Dagobert\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\TxR\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\systemprofile\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\RegBack\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\Public\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\Journal\AppData\Local\temp

2015-01-16 19:27 . 2015-01-16 19:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-01-16 15:43 . 2015-01-16 17:33        --------        d-----w-        C:\OETemp

2015-01-15 12:19 . 2015-01-15 12:19        --------        d-----w-        c:\users\Dagobert\AppData\Local\CyberLink

2015-01-15 12:19 . 2015-01-15 12:19        --------        d-----w-        c:\users\Dagobert\AppData\Local\HomeMedia

2015-01-13 19:23 . 2008-01-24 02:25        192512        ----a-w-        c:\windows\system32\igfxres.dll

2015-01-12 19:03 . 2015-01-12 19:03        --------        d-----w-        C:\Dagobert

2015-01-12 16:29 . 2015-01-12 16:31        --------        d-----w-        C:\FRST

2015-01-11 12:58 . 2015-01-11 14:55        --------        d-----w-        C:\EEK

2015-01-10 20:07 . 2015-01-10 20:07        --------        d-----w-        c:\program files\Mozilla Firefox(29)

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-14 15:49 . 2013-02-26 20:19        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2015-01-14 15:49 . 2013-02-26 20:19        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2015-01-13 13:29 . 2014-08-08 10:03        119000        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-13 13:28 . 2014-07-20 12:19        79576        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-11-21 05:14 . 2014-08-08 10:02        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-11-21 05:14 . 2013-03-29 12:42        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00        39472        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]

"Skytel"="Skytel.exe" [2008-01-24 1826816]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]

"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]

"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

.

c:\users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-3-25 535336]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

SETAUDIO.EXE [2008-4-4 20480]

SETRES.EXE [2008-4-4 20480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Dagobert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk]

path=c:\users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

backup=c:\windows\pss\Netzmanager.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 19:56        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 01:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2014-07-11 00:39        256896        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2008-01-29 07:03        303104        ----a-w-        c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-04 2326920]

R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-07-04 159168]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-01-16 14:48        1087816        ----a-w-        c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:49]

.

2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-16 11:30]

.

2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-16 11:30]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://de.intl.acer.yahoo.com

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} - hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab

FF - ProfilePath - c:\users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Avira Systray - c:\program files\Avira\My Avira\Avira.OE.Systray.exe

MSConfigStartUp-Scan Buttons - c:\program files\NewSoft\Presto! PageManager 9.03\PMSB.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2015-01-16 20:34

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2015-01-16  20:37:26

ComboFix-quarantined-files.txt  2015-01-16 19:37

ComboFix2.txt  2013-04-08 14:30

.

Vor Suchlauf: 5.543.333.888 Bytes frei

Nach Suchlauf: 7.324.979.200 Bytes frei

.

- - End Of File - - 39D76EE4E93EC87D5ED27DEC23609805

7188A7A9747B3170479FE1B3850FCD15

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,

erstens kommt es anders - zweitens als man denkt

Malwarebytes war nicht mehr zu starten - habe es neu geladen und installiert, nachdem ich die alte Version erstmal nicht mehr deinstallieren und auch nicht mehr öffnen konnte.

Mit der uninst000.exe der neuen Version hats dann geklappt, ich bin aber nicht sicher ob es sich nicht mit Resten des alten vermischt hat, denn in der directory sind immer noch ein paar files des alten Malwarebytes - erkennbar am alten Datum.

Zero Ergebnis - aber ich kann das Textfile des Logs nicht erzeugen, weil im Normalmodus das entsprechende Feld nach dem Anzeigen des Logfiles nicht aktiv ist, d.h. anklicken bringt null Reaktion. Im abgesicherten Modus gehts auch nicht.

AdwCleaner zeigte auch nichts

Code:

# AdwCleaner v4.108 - Bericht erstellt am 17/01/2015 um 17:53:01

# Aktualisiert 17/01/2015 von Xplode

# Database : 2015-01-13.2 [Local]

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : Dagobert - DAGOBERT-PC

# Gestartet von : C:\Users\Dagobert\Desktop\AdwCleaner_4.108.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gefunden : C:\Convesoft
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16545
 
 

-\\ Mozilla Firefox v24.6.0 (de)
 

[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-tab", false);

[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-win", false);
 

-\\ Google Chrome v39.0.2171.99
 
 

*************************
 

AdwCleaner[R0].txt - [940 octets] - [17/01/2015 17:53:01]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [999 octets] ##########

ebenso JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Dagobert on 17.01.2015 at 18:15:02,01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Dagobert\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\prefs.js
 

user_pref("pttl.menu-search-groups-tab", false);

user_pref("pttl.menu-search-groups-win", false);

Emptied folder: C:\Users\Dagobert\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\minidumps [2 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17.01.2015 at 18:18:02,94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Andererseits trennt sich der Rechner jetzt schon ab und an unter Chrome im abgesicherten Modus mit Netzwerktreibern vom Internet und zeigt den zeitversetzt hüpfenden Mauszeiger.

Ich bin ratlos

Grüße

Mischa

Das frische FRST log fehlt noch.

Sorry - im Eifer des Gefechts vergessen

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01

Ran by Dagobert (administrator) on DAGOBERT-PC on 18-01-2015 18:18:45

Running from C:\Users\Dagobert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XH2K1DG

Loaded Profiles: Dagobert (Available profiles: Dagobert)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)

HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)

HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-10-10] (CyberLink)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)

HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704 2008-01-22] (CyberLink Corp.)

HKLM\...\Run: [PLFSet] => rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis)

HKLM\...\Run: [UIExec] => C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()

HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE ()

Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Dagobert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> DefaultScope {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {186703CC-8476-4BB5-95DE-666833FA8BD6} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3480060575-1528594488-178791877-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/gallery/components/axts5we.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\wbs9dap2.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml

FF Extension: HTTPS-Everywhere - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-23]

FF Extension: Cookie Monster - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-23]

FF Extension: DownloadHelper - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-23]

FF Extension: JonDoFox - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19]

FF Extension: NoScript - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19]

FF Extension: Adblock Plus - C:\Users\Dagobert\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://google.com/

CHR Profile: C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]

CHR Extension: (Google Drive) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]

CHR Extension: (YouTube) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]

CHR Extension: (Google-Suche) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]

CHR Extension: (Security Plus) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2014-12-29]

CHR Extension: (Avira Browserschutz) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]

CHR Extension: (Ghostery) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-04]

CHR Extension: (Google Wallet) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Google Mail) - C:\Users\Dagobert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660936 2009-09-12] (Acronis)

S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-07-04] (Acronis)

S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated) [File not signed]

S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]

S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]

S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [547968 2012-06-14] (SEIKO EPSON CORPORATION)

S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]

S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]

S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]

S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]

S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]

S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] () [File not signed]

S2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation)

R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-25] (NewTech Infosystems, Inc.) [File not signed]

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-07-04] (Acronis)

R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)

S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)

S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 Bulk3052i; System32\Drivers\Bulk3052.sys [X]

S3 catchme; \??\C:\Users\Dagobert\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 pmem; \??\C:\Users\Dagobert\AppData\Local\Temp\_MEI11282\drivers\winpmem32.sys [X]

S2 pmp3052v; System32\Drivers\pmp3052v.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-17 18:18 - 2015-01-17 18:18 - 00000983 _____ () C:\Users\Dagobert\Desktop\JRT.txt

2015-01-17 18:14 - 2015-01-17 18:14 - 00000000 ____D () C:\Windows\ERUNT

2015-01-17 18:10 - 2015-01-17 18:12 - 01707939 _____ (Thisisu) C:\Users\Dagobert\Desktop\JRT.exe

2015-01-17 17:52 - 2015-01-17 17:55 - 00000000 ____D () C:\AdwCleaner

2015-01-17 17:51 - 2015-01-17 17:51 - 02186752 _____ () C:\Users\Dagobert\Desktop\AdwCleaner_4.108.exe

2015-01-17 15:21 - 2015-01-17 17:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-17 15:21 - 2015-01-17 15:21 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-17 15:21 - 2015-01-17 15:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-17 15:21 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-17 15:21 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-17 15:21 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-17 14:14 - 2015-01-17 14:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dagobert\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-16 20:37 - 2015-01-16 20:37 - 00010805 _____ () C:\ComboFix.txt

2015-01-16 16:43 - 2015-01-16 18:33 - 00000000 ____D () C:\OETemp

2015-01-16 16:29 - 2015-01-16 16:29 - 05609736 ____R (Swearware) C:\Users\Dagobert\Downloads\ComboFix.exe

2015-01-15 21:27 - 2015-01-15 21:27 - 05609736 ____R (Swearware) C:\Users\Dagobert\Desktop\ComboFix.exe

2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\HomeMedia

2015-01-15 13:19 - 2015-01-15 13:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\CyberLink

2015-01-13 20:25 - 2015-01-13 20:25 - 00000013 _____ () C:\Users\Dagobert\Desktop\Michael\Documents\o2 Telefonnummer.txt

2015-01-13 20:23 - 2008-01-24 03:25 - 00192512 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll

2015-01-13 14:03 - 2015-01-13 15:46 - 00000000 ____D () C:\Users\Dagobert\Desktop\mbar

2015-01-13 14:02 - 2015-01-13 14:03 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dagobert\Downloads\mbar-1.08.2.1001.exe

2015-01-12 20:03 - 2015-01-12 20:03 - 00000000 ____D () C:\Dagobert

2015-01-12 17:30 - 2015-01-12 17:31 - 00033279 _____ () C:\Users\Dagobert\Desktop\Addition.txt

2015-01-12 17:29 - 2015-01-18 18:18 - 00000000 ____D () C:\FRST

2015-01-12 17:29 - 2015-01-12 17:31 - 00028647 _____ () C:\Users\Dagobert\Desktop\FRST.txt

2015-01-11 13:58 - 2015-01-11 15:55 - 00000000 ____D () C:\EEK

2015-01-11 11:47 - 2015-01-11 11:54 - 00002303 _____ () C:\rapport.txt

2015-01-10 21:07 - 2015-01-10 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox(29)
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-18 17:18 - 2013-03-23 13:31 - 03770140 _____ () C:\Windows\PFRO.log

2015-01-18 17:16 - 2013-03-23 10:27 - 01716500 _____ () C:\Windows\WindowsUpdate.log

2015-01-18 17:16 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-18 17:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-18 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-18 17:16 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-18 17:15 - 2010-05-22 23:22 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\Skype

2015-01-18 16:49 - 2014-02-21 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-18 16:48 - 2014-07-16 12:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-18 16:39 - 2011-03-10 19:59 - 00000000 ___RD () C:\Users\Dagobert\Desktop\Michael

2015-01-18 15:02 - 2014-07-16 12:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-18 01:34 - 2013-03-23 04:22 - 00000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat

2015-01-16 20:37 - 2013-04-08 14:36 - 00000000 ____D () C:\Qoobox

2015-01-16 20:34 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2015-01-16 20:26 - 2010-04-03 14:56 - 00000000 ____D () C:\Users\Dagobert

2015-01-16 18:36 - 2012-07-11 10:59 - 00000000 ____D () C:\ProgramData\Avira

2015-01-16 15:52 - 2014-07-16 12:32 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-15 21:22 - 2013-04-04 23:35 - 00000000 ____D () C:\Program Files\Virusbefall Helpkit

2015-01-14 16:49 - 2013-02-26 21:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-14 16:49 - 2013-02-26 21:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-13 15:46 - 2014-07-20 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-01-13 02:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2015-01-13 02:20 - 2006-11-02 11:22 - 47448064 _____ () C:\Windows\system32\config\software_previous

2015-01-13 02:20 - 2006-11-02 11:22 - 30932992 _____ () C:\Windows\system32\config\components_previous

2015-01-13 02:20 - 2006-11-02 11:22 - 19398656 _____ () C:\Windows\system32\config\system_previous

2015-01-13 02:20 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous

2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2015-01-13 02:20 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2015-01-13 02:19 - 2014-07-20 13:18 - 00000000 ____D () C:\Users\Dagobert\Mbam Anti Rootkit

2015-01-13 02:19 - 2014-07-16 14:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-01-13 02:19 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-01-13 02:19 - 2012-06-26 21:17 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\vlc

2015-01-13 02:19 - 2011-10-19 17:31 - 00000000 ____D () C:\Program Files\1&1 Surf-Stick

2015-01-13 02:19 - 2010-04-03 15:20 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\PlayMovie

2015-01-13 02:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool

2015-01-11 13:17 - 2010-06-19 23:45 - 00000000 ____D () C:\Users\Dagobert\AppData\Roaming\VSO

2015-01-11 06:17 - 2012-08-23 23:08 - 00482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache

2015-01-11 06:17 - 2012-08-23 23:07 - 00233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache

2014-12-25 14:31 - 2014-06-15 12:19 - 00000000 ____D () C:\Users\Dagobert\AppData\Local\Adobe
 

==================== Files in the root of some directories =======

2012-05-08 13:15 - 2012-05-08 13:15 - 0000005 _____ () C:\Program Files\basis-link

2012-08-13 10:08 - 2012-08-13 10:08 - 0014217 _____ () C:\Program Files\readme.html

2012-08-13 10:08 - 2012-08-13 10:08 - 0013944 _____ () C:\Program Files\readme.txt

2010-04-03 23:00 - 2014-08-25 13:49 - 0002596 _____ () C:\Users\Dagobert\AppData\Roaming\wklnhst.dat

2012-08-23 23:07 - 2015-01-11 06:17 - 0233766 _____ () C:\Users\Dagobert\AppData\Local\ars.cache

2012-08-23 23:08 - 2015-01-11 06:17 - 0482089 _____ () C:\Users\Dagobert\AppData\Local\census.cache

2013-03-23 04:22 - 2015-01-18 01:34 - 0000680 _____ () C:\Users\Dagobert\AppData\Local\d3d9caps.dat

2012-02-04 21:19 - 2014-03-13 17:51 - 0005120 _____ () C:\Users\Dagobert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-07-10 15:59 - 2011-07-10 15:59 - 0000036 _____ () C:\Users\Dagobert\AppData\Local\housecall.guid.cache

2010-05-22 23:33 - 2010-05-22 23:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 

Some content of TEMP:

====================

C:\Users\Dagobert\AppData\Local\temp\RtkBtMnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-18 17:33
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015 01

Ran by Dagobert at 2015-01-18 18:20:01

Running from C:\Users\Dagobert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XH2K1DG

Boot Mode: Safe Mode (with Networking)

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

1&1 Surf-Stick (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )

Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.14.5018 - CyberLink Corporation)

Acer Crystal Eye webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.7.29.500-1.0 - Sonix)

Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)

Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4303 - CyberLink Corp.)

Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)

Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)

Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)

Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)

Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4310 - Acer Inc.)

Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)

Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)

Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)

Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )

Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)

Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.21.20071207 - Acer Inc.)

Acronis*True*Image*Home (HKLM\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)

Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)

Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)

Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)

Benutzerhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Useg) (Version:  - )

Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)

Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)

Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)

Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)

Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

Cisco WebEx Meetings (HKU\S-1-5-21-3480060575-1528594488-178791877-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)

Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)

EKEN PC Driver (HKLM\...\InstallShield_{73861999-F41B-4DCE-8984-30BB3DD6EF12}) (Version: 1.0.1.0 - SunPlus)

EKEN PC Driver (Version: 1.0.1.0 - SunPlus) Hidden

EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)

Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)

Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.50.0000 - EPSON)

Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)

Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)

Jitsi (HKLM\...\{BB36EA7B-6361-40AD-A628-C63012FA3909}) (Version: 1.0.0.0 - Jitsi)

Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)

Launch Manager (HKLM\...\LManager) (Version:  - )

LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden

Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)

Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Word 2002 (HKLM\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Mozilla Firefox 24.6.0 (x86 de) (HKLM\...\Mozilla Firefox 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)

Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)

Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)

Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden

Netzwerkhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Netg) (Version:  - )

NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)

NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden

NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)

NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden

OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)

PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2821 - CyberLink Corp.)

QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5470 - Realtek Semiconductor Corp.)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)

TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.8625  - TeamViewer GmbH)

Tradesignal Web Edition (HKLM\...\{BF8C49DF-64D5-459A-8790-69479C60F49B}) (Version: 5.6.409 - Tradesignal GmbH)

Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VSO Image Resizer 4.0.0.30 (HKLM\...\{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1) (Version: 4.0.0.30 - VSO-Software)

Winbond CIR Drivers (HKLM\...\{427967BF-09F8-46D5-9275-37001CCBBA5D}) (Version: 7.60.1002 - Winbond Electronics)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3480060575-1528594488-178791877-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dagobert\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
 

==================== Restore Points  =========================
 

08-01-2015 12:42:15 Geplanter Prüfpunkt

13-01-2015 02:10:52 Wiederherstellungsvorgang

16-01-2015 18:49:54 ComboFix created restore point
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2006-11-02 11:23 - 2013-04-08 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo Schrauber,

Sorry für die Tage ohne response, musste beruflich weg und konnte mir nicht die Zeit abzwacken die Sachn zu erledigen. Aber jetzt:

1. Fixlog.txt

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01

Ran by Dagobert at 2015-01-25 17:19:28 Run:1

Running from C:\Users\Dagobert\Desktop

Loaded Profiles: Dagobert (Available profiles: Dagobert)

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3480060575-1528594488-178791877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Emptytemp:

*****************
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
 

==== End of Fixlog 17:19:28 ====

2. Eset

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=743ccfa51c0996499d69f170935e82b4

# engine=22136

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-01-25 07:45:55

# local_time=2015-01-25 08:45:55 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1=''

# compatibility_mode=5892 16776574 100 100 21554999 259747882 0 0

# scanned=273050

# found=8

# cleaned=0

# scan_time=11769

sh=C370A47FB59FF2A33ABB8B4BC34A4226C90041E0 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dagobert\Desktop\Michael\wz185gev-32.msi"

sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"

sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"

sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"

sh=375BEE5BC7F611D6E62E55887B3EBB1D5A5E2A44 ft=1 fh=5a0cf1bb36df12c0 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\Zone Labs\ZoneAlarm\zlsSetup_70_470_000_en.exe"

sh=3E9C132E0E3CE20A88D25F8B13F4E30C016DBAC2 ft=1 fh=054a16d40353ce25 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\Zone Labs\ZoneAlarm\zlsSetup_70_483_000_en.exe"

sh=ABECC3CDED6E7C9712E8A403F44EDF3B2BF36FE4 ft=1 fh=9a6331ae9cd907c8 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL"

sh=3601943AF517F1EEE5696B7ACCE323E582B2FDCD ft=1 fh=7e18e4f818129376 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="D:\Drive(C)\Programme\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL"

3. Securitycheck checkup.txt

Code:

 Results of screen317's Security Check version 0.99.93  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Java 7 Update 65  

 Java version 32-bit out of Date! 

 Adobe Flash Player         16.0.0.296  

 Adobe Reader 10.1.12 Adobe Reader out of Date!  

 Mozilla Firefox 24.6.0 Firefox out of Date!  

 Google Chrome (39.0.2171.99) 

 Google Chrome (40.0.2214.91) 
 ````````Process Check: objlist.exe by Laurent````````  

 Empowering Technology eSettings Service capuserv.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

Hoffe ich habe alles korrekt gemacht

Freundliche Grüße

Mischa