Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.05.2014, 07:42   #1
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Hallo liebe Trojanerjäger!

Seit ein paar Tagen habe ich bemerkt, dass ich den Antivir Echtzeitscanner nicht mehr aktivieren kann. Ich habe daraufhin mehrfach versucht durch einen Virencheck mit Antivir das Problem zu lösen - dies hat aber nie funktioniert. Antivir hat dabei aber den Trojaner 'TR/Rootkit.Gen' in der Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys' gefunden. Da das Vernichten mit Antivir nicht funktionert hat hier nun mein Hilfegesuch an euer Trojaner-Board.

Ich habe die in der Anleitung beschriebenen Programme runtergeladen und die logs erstellt - da ich keine Erfahrung mit so etwas habe, bitte ich schon mal um Entschuldigung falls ich etwas falsch poste.

Anitvir-Ereignisse:

Code:
ATTFilter
Exportierte Ereignisse:

5/11/2014 7:24 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

5/9/2014 4:46 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

5/9/2014 4:23 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

4/26/2014 10:38 AM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 3:21 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\drivers\553ab0.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5629aa9a.qua' 
      verschoben!
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\553ab0\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\553ab0\ImagePath> wurde 
      erfolgreich repariert.

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 1:18 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\drivers\2179518.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '547bb2f3.qua' 
      verschoben!
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2179518\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\2179518\ImagePath> wurde 
      erfolgreich repariert.

4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 1:15 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Defogger-disable-log:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:06 on 12/05/2014 (maria)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read f8065e8752673505.sys
Unable to read usb8023.sys
Unable to read usbaapl.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read winusb.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys


-=E.O.F=-
         
FRST-log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by maria (administrator) on MARIA-PC on 12-05-2014 06:09:06
Running from C:\Users\maria\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
() C:\Users\maria\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Facebook Update] => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-25] (Facebook Inc.)
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {91927732-5e3a-11e3-9e9c-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {9192774b-5e3a-11e3-9e9c-e89a8f74b2d1} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {98f4175f-a0f5-11e3-85f4-78929c166542} - D:\iLinker.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 203.144.207.49 203.144.207.29

FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]

========================== Services (Whitelisted) =================

Locked "f8065e8752673505" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 syshost32; C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe [74752 2014-04-12] ()

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] ()
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] ()
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] ()
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [422976 2009-07-14] ()
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [297552 2009-07-14] ()
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [146512 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] ()
S3 aic78xx; C:\Windows\system32\drivers\djsvs.sys [70720 2009-07-14] ()
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] ()
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] ()
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [52736 2009-07-14] ()
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] ()
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [159312 2009-07-14] ()
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] ()
S3 arc; C:\Windows\system32\drivers\arc.sys [76368 2009-07-14] ()
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [86608 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] ()
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] ()
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-14] ()
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] ()
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [35328 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] ()
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] ()
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-14] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] ()
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] ()
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] ()
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [14080 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] ()
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [19024 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [22096 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] ()
R0 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] ()
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-14] ()
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [453712 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] ()
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] ()
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] ()
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] ()
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] ()
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [57936 2009-07-14] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] ()
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] ()
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] ()
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] ()
S3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [24064 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] ()
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] ()
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [76544 2012-04-23] ()
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] ()
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] ()
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [354840 2010-11-06] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] ()
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4807168 2010-10-24] ()
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [3396136 2011-02-11] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] ()
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] ()
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2013-09-25] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2013-09-25] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [95824 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89168 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [54864 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96848 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] ()
S3 megasas; C:\Windows\system32\drivers\megasas.sys [30800 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [235584 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] ()
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] ()
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] ()
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] ()
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] ()
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] ()
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] ()
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] ()
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] ()
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] ()
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] ()
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] ()
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [18944 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] ()
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] ()
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] ()
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [327784 2010-12-28] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] ()
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] ()
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [583848 2013-06-26] ()
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [197800 2013-06-26] ()
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [24232 2013-06-26] ()
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [20136 2013-06-26] ()
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] ()
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [1314736 2010-10-08] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2013-09-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2013-09-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49664 2012-08-23] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27136 2012-08-23] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] ()
S3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [8192 2009-07-14] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-03] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-27] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] ()
R3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] ()
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] ()
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] ()
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R0 Wd; C:\Windows\System32\drivers\wd.sys [19024 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] ()
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 f8065e8752673505; C:\Windows\System32\Drivers\f8065e8752673505.sys [56192 2014-04-13] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-12 06:09 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-12 06:08 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-12 03:51 - 00000728 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:23 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 13:23 - 2014-03-13 07:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 13:23 - 2014-03-13 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 13:23 - 2014-03-13 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-12 13:20 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-12 13:20 - 2014-02-04 04:07 - 00234432 _____ () C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00149440 _____ () C:\Windows\system32\Drivers\storport.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00027072 _____ () C:\Windows\system32\Drivers\Diskdump.sys
2014-04-12 13:20 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-12 13:20 - 2014-01-24 04:18 - 01212352 _____ () C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}

==================== One Month Modified Files and Folders =======

2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:09 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-12 06:08 - 2014-05-12 06:07 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 06:06 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-12 05:44 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 03:57 - 2010-11-20 23:01 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 03:51 - 2014-05-09 03:16 - 00000728 _____ () C:\Windows\setupact.log
2014-05-12 03:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 18:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 16:55 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 14:13 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 15:50 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 15:50 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 13:52 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-28 04:25 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-04-23 16:52 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-23 11:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-15 16:32 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria\AppData\Local\Adobe
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:31 - 2013-10-08 10:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}

Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-20 23:29] - [2010-11-20 23:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2014-05-10 15:02

==================== End Of Log ============================
         
FRST-addition-log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by maria at 2014-05-12 06:10:19
Running from C:\Users\maria\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIS 3G Pocket WiFi (HKLM\...\AIS 3G Pocket WiFi) (Version: 1.10.00.935 - Huawei Technologies Co.,Ltd)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{3361e961-9e49-487c-b1ac-9255348ccbaf}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.4 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.78 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3103 - Acer Incorporated)
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A8C92B9-0F4A-445E-BCAE-81FA6A4C244C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {21285472-D062-443E-834C-2A9BFA41327C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {27CC9854-7F37-4B06-A5D3-4C321B5C3D0A} - System32\Tasks\{E25BCF6D-96DA-4E5B-9A93-93F21CEC7EB6} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {5D915CB3-09DE-4019-B28C-AEEA64D924EF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: {7F748F8C-C3A5-459C-B9E7-A766D3AA8B02} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2462786714-4158980062-2870690922-1000
Task: {A27BA80E-46D6-455D-8DB1-9484D5A39EDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1310DC9-4822-454C-ABBD-0DD0233167B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-30 15:12 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2013-10-08 10:23 - 2013-10-08 10:09 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-11 17:22 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-29 11:30 - 2014-03-29 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-05-10 22:58 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-10 14:15 - 2014-05-10 14:15 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (05/12/2014 05:37:05 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/12/2014 05:37:01 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/12/2014 03:53:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
ssmdrv

Error: (05/12/2014 03:51:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The avgntflt service failed to start due to the following error: 
%%31

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Network List Service service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
         
GMER-log:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-12 06:57:10
Windows 6.1.7601 Service Pack 1 
Running: Gmer-19357.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\f8065e8752673505.sys (*** hidden *** )               [BOOT] f8065e8752673505                             <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ImagePath     \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Group         Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ErrorControl  0
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Type          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Start         0
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Tag           1
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@DisplayName   syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505               
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ImagePath         \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Group             Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ErrorControl      0
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Type              1
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Start             0
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Tag               1
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@DisplayName       syshost.exe

---- EOF - GMER 2.1 ----
         
So, ich hoffe das war alles und ich habe es richtig angewendet.

Vielen Dank auf jeden Fall schon mal!

Viele Grüße
David

Alt 12.05.2014, 07:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 12.05.2014, 15:02   #3
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



so, hier das combofix logfile:


Code:
ATTFilter
ComboFix 14-05-10.01 - maria 05/12/2014   8:14.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2036.849 [GMT 2:00]
Running from: c:\users\maria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\drivers\f8065e8752673505.sys . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Legacy_f8065e8752673505
-------\Service_f8065e8752673505
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-12 to 2014-05-12  )))))))))))))))))))))))))))))))
.
.
2014-05-12 06:28 . 2014-05-12 06:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-12 04:22 . 2014-05-12 04:22	0	----a-w-	c:\windows\system32\sho6098.tmp
2014-05-12 04:15 . 2014-05-12 04:15	104960	----a-w-	C:\kwloypod.sys
2014-05-12 04:08 . 2014-05-12 04:11	--------	d-----w-	C:\FRST
2014-05-11 15:22 . 2014-05-11 15:22	--------	d-----w-	c:\programdata\Package Cache
2014-05-10 16:27 . 2014-05-10 16:27	0	----a-w-	c:\windows\system32\shoDAE.tmp
2014-05-06 16:30 . 2014-05-06 16:30	0	----a-w-	c:\windows\system32\sho7AE0.tmp
2014-05-06 11:35 . 2014-05-06 11:35	--------	d-----w-	c:\users\maria\AppData\Local\Skype
2014-05-06 11:35 . 2014-05-06 11:35	--------	d-----w-	c:\program files\Common Files\Skype
2014-04-30 13:30 . 2014-05-01 03:48	--------	d-----w-	c:\program files\Mozilla Thunderbird
2014-04-13 11:01 . 2014-05-12 06:31	56192	----a-w-	c:\windows\system32\drivers\f8065e8752673505.sys
2014-04-12 11:20 . 2014-02-04 02:07	149440	----a-w-	c:\windows\system32\drivers\storport.sys
2014-04-12 11:20 . 2014-02-04 02:07	234432	----a-w-	c:\windows\system32\drivers\msiscsi.sys
2014-04-12 11:20 . 2014-02-04 02:07	27072	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2014-04-12 11:20 . 2014-02-04 02:00	2048	----a-w-	c:\windows\system32\iologmsg.dll
2014-04-12 11:20 . 2014-01-24 02:18	1212352	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 13:50 . 2012-04-15 08:46	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-30 13:50 . 2011-11-16 19:41	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 11:41 . 2014-04-03 11:41	0	----a-w-	c:\windows\system32\shoA083.tmp
2014-03-09 16:34 . 2014-03-09 16:34	0	----a-w-	c:\windows\system32\sho39D4.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-18 1017424]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-10 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-18 440400]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 739944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CFCATCHME
*NewlyCreated* - WS2IFSL
*Deregistered* - CFcatchme
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:50]
.
2014-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 203.144.207.49 203.144.207.29
FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\programdata\DatacardService\HWDeviceService.exe
c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-12  08:38:45 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-12 06:38
.
Pre-Run: 30,740,840,448 bytes free
Post-Run: 30,186,090,496 bytes free
.
- - End Of File - - 29FF6260237B9AB680BE569DAC529BFE
         
Hallo Schrauber,

ich weiss nicht ob jetzt schon alles behoben ist, den Antivir Echtzeit-Scanner konnte ich jetzt aber inzwischen schon wieder aktivieren! Das wollte ich nur schon mal kurz mitteilen.

Vielen Dank,
Chefrocker
__________________

Alt 13.05.2014, 12:33   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.05.2014, 14:29   #5
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Hier das tdsskiller-log:

Code:
ATTFilter
14:22:48.0773 0x1190  TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
14:22:54.0564 0x1190  ============================================================
14:22:54.0564 0x1190  Current date / time: 2014/05/13 14:22:54.0564
14:22:54.0564 0x1190  SystemInfo:
14:22:54.0564 0x1190  
14:22:54.0564 0x1190  OS Version: 6.1.7601 ServicePack: 1.0
14:22:54.0564 0x1190  Product type: Workstation
14:22:54.0564 0x1190  ComputerName: MARIA-PC
14:22:54.0564 0x1190  UserName: maria
14:22:54.0564 0x1190  Windows directory: C:\Windows
14:22:54.0564 0x1190  System windows directory: C:\Windows
14:22:54.0564 0x1190  Processor architecture: Intel x86
14:22:54.0564 0x1190  Number of processors: 4
14:22:54.0564 0x1190  Page size: 0x1000
14:22:54.0564 0x1190  Boot type: Normal boot
14:22:54.0564 0x1190  ============================================================
14:22:56.0774 0x1190  KLMD registered as C:\Windows\system32\drivers\13747834.sys
14:22:57.0364 0x1190  System UUID: {71916D61-0DC0-5591-D358-D86A229C72C7}
14:22:58.0615 0x1190  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:22:58.0615 0x1190  ============================================================
14:22:58.0615 0x1190  \Device\Harddisk0\DR0:
14:22:58.0615 0x1190  MBR partitions:
14:22:58.0615 0x1190  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:22:58.0615 0x1190  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
14:22:58.0625 0x1190  ============================================================
14:22:58.0655 0x1190  C: <-> \Device\Harddisk0\DR0\Partition2
14:22:58.0655 0x1190  ============================================================
14:22:58.0655 0x1190  Initialize success
14:22:58.0655 0x1190  ============================================================
14:24:35.0683 0x17a8  ============================================================
14:24:35.0684 0x17a8  Scan started
14:24:35.0684 0x17a8  Mode: Manual; SigCheck; TDLFS; 
14:24:35.0684 0x17a8  ============================================================
14:24:35.0684 0x17a8  KSN ping started
14:24:38.0754 0x17a8  KSN ping finished: true
14:24:40.0938 0x17a8  ================ Scan system memory ========================
14:24:40.0938 0x17a8  System memory - ok
14:24:40.0938 0x17a8  ================ Scan services =============================
14:24:41.0546 0x17a8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:24:41.0843 0x17a8  1394ohci - ok
14:24:41.0921 0x17a8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:24:42.0014 0x17a8  ACPI - ok
14:24:42.0077 0x17a8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:24:42.0264 0x17a8  AcpiPmi - ok
14:24:42.0467 0x17a8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:42.0513 0x17a8  AdobeARMservice - ok
14:24:42.0669 0x17a8  [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:42.0747 0x17a8  AdobeFlashPlayerUpdateSvc - ok
14:24:42.0857 0x17a8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:24:42.0966 0x17a8  adp94xx - ok
14:24:43.0091 0x17a8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:24:43.0231 0x17a8  adpahci - ok
14:24:43.0356 0x17a8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:24:43.0418 0x17a8  adpu320 - ok
14:24:43.0449 0x17a8  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:24:43.0839 0x17a8  AeLookupSvc - ok
14:24:43.0933 0x17a8  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
14:24:44.0136 0x17a8  AFD - ok
14:24:44.0183 0x17a8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:24:44.0261 0x17a8  agp440 - ok
14:24:44.0354 0x17a8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:24:44.0417 0x17a8  aic78xx - ok
14:24:44.0666 0x17a8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:24:44.0807 0x17a8  ALG - ok
14:24:44.0885 0x17a8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:24:44.0931 0x17a8  aliide - ok
14:24:45.0009 0x17a8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:24:45.0087 0x17a8  amdagp - ok
14:24:45.0150 0x17a8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:24:45.0197 0x17a8  amdide - ok
14:24:45.0275 0x17a8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:24:45.0368 0x17a8  AmdK8 - ok
14:24:45.0399 0x17a8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:24:45.0493 0x17a8  AmdPPM - ok
14:24:45.0571 0x17a8  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:24:45.0633 0x17a8  amdsata - ok
14:24:45.0727 0x17a8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:24:45.0789 0x17a8  amdsbs - ok
14:24:45.0821 0x17a8  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:24:45.0883 0x17a8  amdxata - ok
14:24:46.0023 0x17a8  [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:24:46.0179 0x17a8  AntiVirSchedulerService - ok
14:24:46.0304 0x17a8  [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:24:46.0382 0x17a8  AntiVirService - ok
14:24:46.0538 0x17a8  [ 3D15C6EDBF84D792ACEBD2289546DBAF, 8E9199028CF4599CE362836CAD4DEC1E033F10335377280A4268E14D0201B1EB ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:24:46.0663 0x17a8  AntiVirWebService - ok
14:24:46.0725 0x17a8  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:24:46.0835 0x17a8  AppID - ok
14:24:46.0897 0x17a8  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:24:47.0053 0x17a8  AppIDSvc - ok
14:24:47.0193 0x17a8  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:24:47.0287 0x17a8  Appinfo - ok
14:24:47.0365 0x17a8  [ D8E18021F91AD79CA8491CB5A5DA22D4, F44B5855BE8EF2D5FFED41E6E586071B0A90A8271FF79DF25F11C99C0B5481FF ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:24:47.0412 0x17a8  Apple Mobile Device - ok
14:24:47.0505 0x17a8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
14:24:47.0568 0x17a8  arc - ok
14:24:47.0599 0x17a8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:24:47.0661 0x17a8  arcsas - ok
14:24:47.0911 0x17a8  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:24:48.0005 0x17a8  aspnet_state - ok
14:24:48.0067 0x17a8  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:48.0285 0x17a8  AsyncMac - ok
14:24:48.0363 0x17a8  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:24:48.0426 0x17a8  atapi - ok
14:24:48.0519 0x17a8  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:24:48.0660 0x17a8  AudioEndpointBuilder - ok
14:24:48.0691 0x17a8  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:24:48.0800 0x17a8  Audiosrv - ok
14:24:48.0925 0x17a8  [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:24:49.0003 0x17a8  avgntflt - ok
14:24:49.0065 0x17a8  [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:24:49.0143 0x17a8  avipbb - ok
14:24:49.0315 0x17a8  [ A5CD26F34F4D6E4DFB6B2D400572AB52, 312C66FE881C10A39CF059EF0F3927B6793BD7A88153FC346AA327E9A592DE57 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
14:24:49.0393 0x17a8  Avira.OE.ServiceHost - ok
14:24:49.0518 0x17a8  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:24:49.0580 0x17a8  avkmgr - ok
14:24:49.0674 0x17a8  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:24:49.0830 0x17a8  AxInstSV - ok
14:24:49.0923 0x17a8  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
14:24:50.0095 0x17a8  b06bdrv - ok
14:24:50.0189 0x17a8  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:24:50.0282 0x17a8  b57nd60x - ok
14:24:50.0360 0x17a8  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:24:50.0469 0x17a8  BDESVC - ok
14:24:50.0547 0x17a8  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:24:50.0657 0x17a8  Beep - ok
14:24:50.0750 0x17a8  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:24:50.0906 0x17a8  BFE - ok
14:24:51.0000 0x17a8  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
14:24:51.0156 0x17a8  BITS - ok
14:24:51.0187 0x17a8  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:24:51.0281 0x17a8  blbdrive - ok
14:24:51.0343 0x17a8  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:24:51.0405 0x17a8  bowser - ok
14:24:51.0437 0x17a8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:24:51.0530 0x17a8  BrFiltLo - ok
14:24:51.0561 0x17a8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:24:51.0639 0x17a8  BrFiltUp - ok
14:24:51.0733 0x17a8  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:24:51.0827 0x17a8  BridgeMP - ok
14:24:51.0905 0x17a8  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:24:52.0014 0x17a8  Browser - ok
14:24:52.0076 0x17a8  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:24:52.0232 0x17a8  Brserid - ok
14:24:52.0263 0x17a8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:52.0357 0x17a8  BrSerWdm - ok
14:24:52.0404 0x17a8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:52.0466 0x17a8  BrUsbMdm - ok
14:24:52.0497 0x17a8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:52.0591 0x17a8  BrUsbSer - ok
14:24:52.0622 0x17a8  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:24:52.0716 0x17a8  BTHMODEM - ok
14:24:52.0778 0x17a8  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:24:52.0934 0x17a8  bthserv - ok
14:24:53.0309 0x17a8  [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
14:24:53.0543 0x17a8  c2cautoupdatesvc - ok
14:24:53.0792 0x17a8  [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
14:24:54.0042 0x17a8  c2cpnrsvc - ok
14:24:54.0291 0x17a8  catchme - ok
14:24:54.0385 0x17a8  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:24:54.0494 0x17a8  cdfs - ok
14:24:54.0572 0x17a8  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:24:54.0666 0x17a8  cdrom - ok
14:24:54.0728 0x17a8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:24:54.0837 0x17a8  CertPropSvc - ok
14:24:54.0853 0x17a8  CFcatchme - ok
14:24:54.0900 0x17a8  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:24:54.0962 0x17a8  circlass - ok
14:24:55.0009 0x17a8  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:24:55.0071 0x17a8  CLFS - ok
14:24:55.0165 0x17a8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:55.0212 0x17a8  clr_optimization_v2.0.50727_32 - ok
14:24:55.0368 0x17a8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:55.0649 0x17a8  clr_optimization_v4.0.30319_32 - ok
14:24:55.0680 0x17a8  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:24:55.0742 0x17a8  CmBatt - ok
14:24:55.0789 0x17a8  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:24:55.0836 0x17a8  cmdide - ok
14:24:55.0898 0x17a8  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:24:56.0007 0x17a8  CNG - ok
14:24:56.0070 0x17a8  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:24:56.0117 0x17a8  Compbatt - ok
14:24:56.0163 0x17a8  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:24:56.0288 0x17a8  CompositeBus - ok
14:24:56.0304 0x17a8  COMSysApp - ok
14:24:56.0351 0x17a8  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:24:56.0413 0x17a8  crcdisk - ok
14:24:56.0507 0x17a8  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:24:56.0616 0x17a8  CryptSvc - ok
14:24:56.0819 0x17a8  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:24:56.0943 0x17a8  cvhsvc - ok
14:24:57.0006 0x17a8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:24:57.0131 0x17a8  DcomLaunch - ok
14:24:57.0177 0x17a8  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:24:57.0333 0x17a8  defragsvc - ok
14:24:57.0396 0x17a8  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:24:57.0552 0x17a8  DfsC - ok
14:24:57.0755 0x17a8  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:24:57.0864 0x17a8  Dhcp - ok
14:24:57.0942 0x17a8  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:24:58.0082 0x17a8  discache - ok
14:24:58.0160 0x17a8  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
14:24:58.0223 0x17a8  Disk - ok
14:24:58.0379 0x17a8  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:24:58.0488 0x17a8  Dnscache - ok
14:24:58.0613 0x17a8  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:24:58.0800 0x17a8  dot3svc - ok
14:24:58.0862 0x17a8  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:24:58.0956 0x17a8  DPS - ok
14:24:59.0034 0x17a8  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:24:59.0143 0x17a8  drmkaud - ok
14:24:59.0283 0x17a8  [ 4AB2A58816CC6BE771F1D8C768B804C5, 8D4D33D68D13A7EB0114959DAE841411961C18C6EDF8E1559649903D20BD3D50 ] DsiWMIService   C:\Program Files\Launch Manager\dsiwmis.exe
14:24:59.0361 0x17a8  DsiWMIService - ok
14:24:59.0486 0x17a8  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:24:59.0642 0x17a8  DXGKrnl - ok
14:24:59.0799 0x17a8  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:24:59.0908 0x17a8  EapHost - ok
14:25:00.0298 0x17a8  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
14:25:00.0736 0x17a8  ebdrv - ok
14:25:00.0799 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
14:25:00.0892 0x17a8  EFS - ok
14:25:01.0048 0x17a8  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:25:01.0189 0x17a8  elxstor - ok
14:25:01.0345 0x17a8  [ 884EFD5C5586AF9233B76132EDE51905, 86D96A41C896D0E9C50BAAEF9E400BA8C7FC57B4C742B1170B2A1965799C35F3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:25:01.0485 0x17a8  ePowerSvc - ok
14:25:01.0501 0x17a8  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:25:01.0579 0x17a8  ErrDev - ok
14:25:01.0672 0x17a8  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:25:01.0797 0x17a8  EventSystem - ok
14:25:01.0891 0x17a8  [ 61A973F60E94A551BA7B15F3460444FB, FC2FB69978D99D75673AFE9F08176F3139DCBAEDE4D339BD09DA29CD3EC01005 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
14:25:02.0047 0x17a8  ew_usbenumfilter - ok
14:25:02.0109 0x17a8  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:25:02.0249 0x17a8  exfat - ok
14:25:02.0281 0x17a8  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:25:02.0405 0x17a8  fastfat - ok
14:25:02.0530 0x17a8  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:25:02.0655 0x17a8  Fax - ok
14:25:02.0686 0x17a8  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
14:25:02.0764 0x17a8  fdc - ok
14:25:02.0811 0x17a8  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:25:02.0951 0x17a8  fdPHost - ok
14:25:03.0061 0x17a8  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:25:03.0170 0x17a8  FDResPub - ok
14:25:03.0217 0x17a8  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:25:03.0279 0x17a8  FileInfo - ok
14:25:03.0310 0x17a8  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:25:03.0482 0x17a8  Filetrace - ok
14:25:03.0513 0x17a8  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:25:03.0622 0x17a8  flpydisk - ok
14:25:03.0685 0x17a8  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:25:03.0763 0x17a8  FltMgr - ok
14:25:03.0872 0x17a8  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:25:04.0075 0x17a8  FontCache - ok
14:25:04.0215 0x17a8  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:25:04.0262 0x17a8  FontCache3.0.0.0 - ok
14:25:04.0324 0x17a8  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:25:04.0418 0x17a8  FsDepends - ok
14:25:04.0496 0x17a8  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:25:04.0574 0x17a8  Fs_Rec - ok
14:25:04.0636 0x17a8  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:25:04.0730 0x17a8  fvevol - ok
14:25:04.0792 0x17a8  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:25:04.0855 0x17a8  gagp30kx - ok
14:25:04.0933 0x17a8  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:25:05.0120 0x17a8  gpsvc - ok
14:25:05.0260 0x17a8  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:25:05.0338 0x17a8  gusvc - ok
14:25:05.0447 0x17a8  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:25:05.0572 0x17a8  hcw85cir - ok
14:25:05.0650 0x17a8  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:25:05.0759 0x17a8  HdAudAddService - ok
14:25:05.0791 0x17a8  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:25:05.0869 0x17a8  HDAudBus - ok
14:25:05.0947 0x17a8  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:25:06.0040 0x17a8  HidBatt - ok
14:25:06.0071 0x17a8  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:25:06.0181 0x17a8  HidBth - ok
14:25:06.0227 0x17a8  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:25:06.0305 0x17a8  HidIr - ok
14:25:06.0383 0x17a8  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
14:25:06.0493 0x17a8  hidserv - ok
14:25:06.0633 0x17a8  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:25:06.0742 0x17a8  HidUsb - ok
14:25:06.0836 0x17a8  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:25:06.0929 0x17a8  hkmsvc - ok
14:25:07.0007 0x17a8  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:25:07.0148 0x17a8  HomeGroupListener - ok
14:25:07.0226 0x17a8  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:25:07.0304 0x17a8  HomeGroupProvider - ok
14:25:07.0397 0x17a8  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:25:07.0491 0x17a8  HpSAMD - ok
14:25:07.0631 0x17a8  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:25:07.0834 0x17a8  HTTP - ok
14:25:07.0975 0x17a8  [ B73B6816BE98F6CAE539EB458626C411, B706F31DDF2052B34A187EFF5820D2AD5180DE003FC0353A39E86FC0F1904F3C ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
14:25:08.0115 0x17a8  huawei_cdcacm - ok
14:25:08.0193 0x17a8  [ BAEE880B51DF1A39D38F363523CD7E17, A97E94431C86AF99F125BA6326DBAA972031E5F5094891EF028705218084A879 ] huawei_cdcecm   C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
14:25:08.0333 0x17a8  huawei_cdcecm - ok
14:25:08.0396 0x17a8  [ 12CA899F967E6B6F14E080705DF68932, 8C524F5AA0499A3BB0749D45B59F3F03A73004A9583396CA3470DF1C0F1E3281 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:25:08.0521 0x17a8  huawei_enumerator - ok
14:25:08.0677 0x17a8  [ AB58FF5B1A2B23C751E29975081E8015, A3A58EA423A3BFBF5BCD8D87AA6939EC02D641C259C38D6DB728BD2EF52D5567 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
14:25:08.0833 0x17a8  huawei_ext_ctrl - ok
14:25:09.0004 0x17a8  [ 5EF3427AE503B5C03A48F7C9FF458B69, C75D6E860AA9A1EA0351388B137FE39CE47E96471841BDCA96FF63C87CE99132 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
14:25:09.0051 0x17a8  HWDeviceService.exe - ok
14:25:09.0082 0x17a8  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:25:09.0129 0x17a8  hwpolicy - ok
14:25:09.0207 0x17a8  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:25:09.0316 0x17a8  i8042prt - ok
14:25:09.0394 0x17a8  [ F4037A3FEDB92DD97C95F320766EA5C9, 3872166AA17E9C19D9F5BBCBC6CA202F6D5CCB1F9E04ED2AA0D43F642B9C85FD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:25:09.0441 0x17a8  iaStor - ok
14:25:09.0566 0x17a8  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:25:09.0597 0x17a8  IAStorDataMgrSvc - ok
14:25:09.0737 0x17a8  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:25:09.0831 0x17a8  iaStorV - ok
14:25:10.0112 0x17a8  [ 0DFFBA5AE3D2E1C076BD8E6F52C4FDFB, 327D366A8A1D7E4202404300DA9DE00010BA985C26DADA7D48E1F77B7A58168E ] IconMan_R       C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:25:10.0408 0x17a8  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
14:25:10.0595 0x17a8  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
14:25:13.0871 0x17a8  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:25:14.0246 0x17a8  idsvc - ok
14:25:14.0371 0x17a8  IEEtwCollectorService - ok
14:25:14.0823 0x17a8  [ BA41E1BBA410212CE6D30E0DAC47972B, C1D8E5C95EADD9E2083275C1DA633F0B773B65EABEBC0F52224FF1156CBBE8C1 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:25:15.0431 0x17a8  igfx - ok
14:25:15.0525 0x17a8  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:25:15.0572 0x17a8  iirsp - ok
14:25:15.0681 0x17a8  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:25:15.0806 0x17a8  IKEEXT - ok
14:25:16.0227 0x17a8  [ FEAAE1C549D14B9759B88C569F33CD4E, 8A49A2D76CA60081E75A07A4F2679DC7B8ABD0A52BF058A9B50B35172775A25E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:25:16.0648 0x17a8  IntcAzAudAddService - ok
14:25:16.0679 0x17a8  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:25:16.0742 0x17a8  intelide - ok
14:25:16.0804 0x17a8  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:25:16.0882 0x17a8  intelppm - ok
14:25:16.0946 0x17a8  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:25:17.0039 0x17a8  IPBusEnum - ok
14:25:17.0086 0x17a8  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:25:17.0211 0x17a8  IpFilterDriver - ok
14:25:17.0320 0x17a8  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:25:17.0460 0x17a8  iphlpsvc - ok
14:25:17.0492 0x17a8  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:25:17.0554 0x17a8  IPMIDRV - ok
14:25:17.0585 0x17a8  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:25:17.0694 0x17a8  IPNAT - ok
14:25:17.0788 0x17a8  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:25:17.0866 0x17a8  IRENUM - ok
14:25:17.0913 0x17a8  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:25:17.0978 0x17a8  isapnp - ok
14:25:18.0103 0x17a8  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:25:18.0181 0x17a8  iScsiPrt - ok
14:25:18.0228 0x17a8  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:25:18.0290 0x17a8  kbdclass - ok
14:25:18.0415 0x17a8  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:25:18.0524 0x17a8  kbdhid - ok
14:25:18.0555 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
14:25:18.0602 0x17a8  KeyIso - ok
14:25:18.0618 0x17a8  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:25:18.0680 0x17a8  KSecDD - ok
14:25:18.0711 0x17a8  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:25:18.0774 0x17a8  KSecPkg - ok
14:25:18.0836 0x17a8  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:25:18.0992 0x17a8  KtmRm - ok
14:25:19.0148 0x17a8  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:25:19.0273 0x17a8  LanmanServer - ok
14:25:19.0398 0x17a8  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:25:19.0476 0x17a8  LanmanWorkstation - ok
14:25:19.0554 0x17a8  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:25:19.0679 0x17a8  lltdio - ok
14:25:19.0757 0x17a8  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:25:19.0866 0x17a8  lltdsvc - ok
14:25:19.0897 0x17a8  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:25:20.0006 0x17a8  lmhosts - ok
14:25:20.0084 0x17a8  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:25:20.0162 0x17a8  LSI_FC - ok
14:25:20.0193 0x17a8  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:25:20.0256 0x17a8  LSI_SAS - ok
14:25:20.0381 0x17a8  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:25:20.0427 0x17a8  LSI_SAS2 - ok
14:25:20.0490 0x17a8  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:25:20.0552 0x17a8  LSI_SCSI - ok
14:25:20.0630 0x17a8  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:25:20.0755 0x17a8  luafv - ok
14:25:20.0817 0x17a8  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:25:20.0864 0x17a8  megasas - ok
14:25:20.0942 0x17a8  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:25:21.0005 0x17a8  MegaSR - ok
14:25:21.0051 0x17a8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:25:21.0161 0x17a8  MMCSS - ok
14:25:21.0207 0x17a8  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:25:21.0317 0x17a8  Modem - ok
14:25:21.0379 0x17a8  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:25:21.0441 0x17a8  monitor - ok
14:25:21.0535 0x17a8  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:25:21.0582 0x17a8  mouclass - ok
14:25:21.0644 0x17a8  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:25:21.0707 0x17a8  mouhid - ok
14:25:21.0738 0x17a8  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:25:21.0785 0x17a8  mountmgr - ok
14:25:21.0909 0x17a8  [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:25:21.0987 0x17a8  MozillaMaintenance - ok
14:25:22.0034 0x17a8  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:25:22.0112 0x17a8  mpio - ok
14:25:22.0175 0x17a8  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:25:22.0299 0x17a8  mpsdrv - ok
14:25:22.0362 0x17a8  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:25:22.0565 0x17a8  MpsSvc - ok
14:25:22.0643 0x17a8  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:25:22.0814 0x17a8  MRxDAV - ok
14:25:22.0908 0x17a8  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:25:23.0001 0x17a8  mrxsmb - ok
14:25:23.0033 0x17a8  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:25:23.0126 0x17a8  mrxsmb10 - ok
14:25:23.0189 0x17a8  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:25:23.0267 0x17a8  mrxsmb20 - ok
14:25:23.0313 0x17a8  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:25:23.0360 0x17a8  msahci - ok
14:25:23.0407 0x17a8  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:25:23.0469 0x17a8  msdsm - ok
14:25:23.0501 0x17a8  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:25:23.0594 0x17a8  MSDTC - ok
14:25:23.0657 0x17a8  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:25:23.0750 0x17a8  Msfs - ok
14:25:23.0813 0x17a8  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:25:23.0906 0x17a8  mshidkmdf - ok
14:25:23.0937 0x17a8  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:25:23.0984 0x17a8  msisadrv - ok
14:25:24.0047 0x17a8  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:25:24.0171 0x17a8  MSiSCSI - ok
14:25:24.0171 0x17a8  msiserver - ok
14:25:24.0234 0x17a8  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:25:24.0327 0x17a8  MSKSSRV - ok
14:25:24.0390 0x17a8  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:25:24.0499 0x17a8  MSPCLOCK - ok
14:25:24.0499 0x17a8  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:25:24.0608 0x17a8  MSPQM - ok
14:25:24.0639 0x17a8  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:25:24.0702 0x17a8  MsRPC - ok
14:25:24.0749 0x17a8  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:25:24.0780 0x17a8  mssmbios - ok
14:25:24.0842 0x17a8  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:25:24.0936 0x17a8  MSTEE - ok
14:25:24.0967 0x17a8  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:25:25.0076 0x17a8  MTConfig - ok
14:25:25.0107 0x17a8  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:25:25.0154 0x17a8  Mup - ok
14:25:25.0201 0x17a8  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:25:25.0326 0x17a8  napagent - ok
14:25:25.0435 0x17a8  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:25:25.0544 0x17a8  NativeWifiP - ok
14:25:25.0700 0x17a8  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:25:25.0825 0x17a8  NDIS - ok
14:25:25.0887 0x17a8  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:25:26.0043 0x17a8  NdisCap - ok
14:25:26.0090 0x17a8  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:25:26.0199 0x17a8  NdisTapi - ok
14:25:26.0262 0x17a8  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:25:26.0387 0x17a8  Ndisuio - ok
14:25:26.0433 0x17a8  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:25:26.0558 0x17a8  NdisWan - ok
14:25:26.0605 0x17a8  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:25:26.0699 0x17a8  NDProxy - ok
14:25:26.0808 0x17a8  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:25:26.0933 0x17a8  NetBIOS - ok
14:25:26.0964 0x17a8  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:25:27.0073 0x17a8  NetBT - ok
14:25:27.0089 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
14:25:27.0135 0x17a8  Netlogon - ok
14:25:27.0182 0x17a8  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:25:27.0291 0x17a8  Netman - ok
14:25:27.0354 0x17a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0494 0x17a8  NetMsmqActivator - ok
14:25:27.0619 0x17a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0666 0x17a8  NetPipeActivator - ok
14:25:27.0728 0x17a8  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:25:27.0869 0x17a8  netprofm - ok
14:25:27.0931 0x17a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:27.0978 0x17a8  NetTcpActivator - ok
14:25:27.0993 0x17a8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:25:28.0040 0x17a8  NetTcpPortSharing - ok
14:25:29.0163 0x17a8  [ 5C531E96643A74CE8BD9AB16B6C7EAD7, 0C9173199EFBF305407F711B9546795AC41044EE6979B35BC50AF851F0EAC513 ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
14:25:29.0975 0x17a8  NETwNs32 - ok
14:25:30.0053 0x17a8  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:25:30.0115 0x17a8  nfrd960 - ok
14:25:30.0193 0x17a8  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:25:30.0302 0x17a8  NlaSvc - ok
14:25:30.0333 0x17a8  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:25:30.0489 0x17a8  Npfs - ok
14:25:30.0521 0x17a8  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:25:30.0645 0x17a8  nsi - ok
14:25:30.0661 0x17a8  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:25:30.0755 0x17a8  nsiproxy - ok
14:25:30.0895 0x17a8  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:25:31.0051 0x17a8  Ntfs - ok
14:25:31.0082 0x17a8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:25:31.0223 0x17a8  Null - ok
14:25:31.0269 0x17a8  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:25:31.0347 0x17a8  nvraid - ok
14:25:31.0425 0x17a8  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:25:31.0488 0x17a8  nvstor - ok
14:25:31.0566 0x17a8  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:25:31.0628 0x17a8  nv_agp - ok
14:25:31.0659 0x17a8  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:25:31.0737 0x17a8  ohci1394 - ok
14:25:31.0815 0x17a8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:25:31.0878 0x17a8  ose - ok
14:25:32.0346 0x17a8  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:25:32.0954 0x17a8  osppsvc - ok
14:25:33.0110 0x17a8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:25:33.0235 0x17a8  p2pimsvc - ok
14:25:33.0360 0x17a8  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:25:33.0531 0x17a8  p2psvc - ok
14:25:33.0563 0x17a8  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
14:25:33.0641 0x17a8  Parport - ok
14:25:33.0703 0x17a8  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:25:33.0765 0x17a8  partmgr - ok
14:25:33.0843 0x17a8  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:25:33.0937 0x17a8  Parvdm - ok
14:25:33.0984 0x17a8  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:25:34.0077 0x17a8  PcaSvc - ok
14:25:34.0109 0x17a8  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:25:34.0171 0x17a8  pci - ok
14:25:34.0218 0x17a8  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:25:34.0280 0x17a8  pciide - ok
14:25:34.0311 0x17a8  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:25:34.0405 0x17a8  pcmcia - ok
14:25:34.0436 0x17a8  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:25:34.0499 0x17a8  pcw - ok
14:25:34.0577 0x17a8  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:25:34.0733 0x17a8  PEAUTH - ok
14:25:34.0982 0x17a8  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:25:35.0263 0x17a8  pla - ok
14:25:35.0357 0x17a8  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:25:35.0481 0x17a8  PlugPlay - ok
14:25:35.0544 0x17a8  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:25:35.0622 0x17a8  PNRPAutoReg - ok
14:25:35.0669 0x17a8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:25:35.0731 0x17a8  PNRPsvc - ok
14:25:35.0825 0x17a8  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:25:35.0981 0x17a8  PolicyAgent - ok
14:25:36.0090 0x17a8  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:25:36.0183 0x17a8  Power - ok
14:25:36.0293 0x17a8  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:25:36.0402 0x17a8  PptpMiniport - ok
14:25:36.0449 0x17a8  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
14:25:36.0527 0x17a8  Processor - ok
14:25:36.0605 0x17a8  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:25:36.0698 0x17a8  ProfSvc - ok
14:25:36.0730 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:25:36.0761 0x17a8  ProtectedStorage - ok
14:25:36.0823 0x17a8  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:25:36.0917 0x17a8  Psched - ok
14:25:37.0026 0x17a8  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:25:37.0276 0x17a8  ql2300 - ok
14:25:37.0322 0x17a8  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:25:37.0385 0x17a8  ql40xx - ok
14:25:37.0432 0x17a8  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:25:37.0556 0x17a8  QWAVE - ok
14:25:37.0619 0x17a8  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:25:37.0681 0x17a8  QWAVEdrv - ok
14:25:37.0697 0x17a8  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:25:37.0822 0x17a8  RasAcd - ok
14:25:37.0915 0x17a8  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:25:38.0009 0x17a8  RasAgileVpn - ok
14:25:38.0056 0x17a8  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:25:38.0180 0x17a8  RasAuto - ok
14:25:38.0258 0x17a8  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:25:38.0383 0x17a8  Rasl2tp - ok
14:25:38.0430 0x17a8  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:25:38.0602 0x17a8  RasMan - ok
14:25:38.0680 0x17a8  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:25:38.0789 0x17a8  RasPppoe - ok
14:25:38.0867 0x17a8  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:25:38.0976 0x17a8  RasSstp - ok
14:25:39.0007 0x17a8  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:25:39.0148 0x17a8  rdbss - ok
14:25:39.0194 0x17a8  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:25:39.0257 0x17a8  rdpbus - ok
14:25:39.0272 0x17a8  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:25:39.0382 0x17a8  RDPCDD - ok
14:25:39.0444 0x17a8  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:25:39.0553 0x17a8  RDPENCDD - ok
14:25:39.0616 0x17a8  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:25:39.0725 0x17a8  RDPREFMP - ok
14:25:39.0834 0x17a8  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:25:39.0943 0x17a8  RdpVideoMiniport - ok
14:25:40.0021 0x17a8  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:25:40.0162 0x17a8  RDPWD - ok
14:25:40.0240 0x17a8  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:25:40.0319 0x17a8  rdyboost - ok
14:25:40.0350 0x17a8  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:25:40.0459 0x17a8  RemoteAccess - ok
14:25:40.0506 0x17a8  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:25:40.0631 0x17a8  RemoteRegistry - ok
14:25:40.0709 0x17a8  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:25:40.0818 0x17a8  RpcEptMapper - ok
14:25:40.0880 0x17a8  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:25:40.0958 0x17a8  RpcLocator - ok
14:25:41.0021 0x17a8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:25:41.0130 0x17a8  RpcSs - ok
14:25:41.0239 0x17a8  [ 5AFF9074165F855B790D3A576B6B453B, 3BE8425E891B1B419769A8C0BDBF9200A96025573D45CCB02BCBBAC566875BBA ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
14:25:41.0286 0x17a8  RSPCIESTOR - ok
14:25:41.0364 0x17a8  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:25:41.0489 0x17a8  rspndr - ok
14:25:41.0582 0x17a8  [ F83FEAF4C5A3A559A6CC98E112B62744, E679C71B37D913B9534EA7F96611157F782787FCC5798B1D05855624754E3FF2 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
14:25:41.0660 0x17a8  RTL8167 - ok
14:25:41.0691 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
14:25:41.0723 0x17a8  SamSs - ok
14:25:41.0785 0x17a8  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:25:41.0863 0x17a8  sbp2port - ok
14:25:41.0910 0x17a8  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:25:42.0050 0x17a8  SCardSvr - ok
14:25:42.0081 0x17a8  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:25:42.0191 0x17a8  scfilter - ok
14:25:42.0315 0x17a8  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:25:42.0503 0x17a8  Schedule - ok
14:25:42.0549 0x17a8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:25:42.0612 0x17a8  SCPolicySvc - ok
14:25:42.0659 0x17a8  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:25:42.0799 0x17a8  SDRSVC - ok
14:25:42.0861 0x17a8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:25:42.0986 0x17a8  secdrv - ok
14:25:43.0017 0x17a8  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:25:43.0142 0x17a8  seclogon - ok
14:25:43.0173 0x17a8  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
14:25:43.0298 0x17a8  SENS - ok
14:25:43.0329 0x17a8  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:25:43.0392 0x17a8  Serenum - ok
14:25:43.0423 0x17a8  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
14:25:43.0517 0x17a8  Serial - ok
14:25:43.0563 0x17a8  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:25:43.0610 0x17a8  sermouse - ok
14:25:43.0688 0x17a8  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:25:43.0797 0x17a8  SessionEnv - ok
14:25:43.0844 0x17a8  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:25:43.0938 0x17a8  sffdisk - ok
14:25:43.0969 0x17a8  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:25:44.0031 0x17a8  sffp_mmc - ok
14:25:44.0078 0x17a8  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:25:44.0156 0x17a8  sffp_sd - ok
14:25:44.0187 0x17a8  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:25:44.0265 0x17a8  sfloppy - ok
14:25:44.0375 0x17a8  [ EC5C79BD81F0C55DF53F4818D4F1C2C8, B9650F484CF918781CA3B02278F19E73FA3B619133F75C0C42FEB788A183E0CB ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
14:25:44.0468 0x17a8  Sftfs - ok
14:25:44.0593 0x17a8  [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
14:25:44.0687 0x17a8  sftlist - ok
14:25:44.0733 0x17a8  [ A224670FB892A205E4D99E06C0B85C7C, 3E2E401FF5E0E9EE4C2BE9F5C3144086F5AB015789C36D7263BBAB59FEEB74C7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:25:44.0811 0x17a8  Sftplay - ok
14:25:44.0827 0x17a8  [ 9D354D425FB55CDF0EDC7F67FBC5B04E, C3B68F8B5F34B73EF6588DCBB67BE7CB3E59918E7A58D90A83E3D8EBB6ECA291 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:25:44.0874 0x17a8  Sftredir - ok
14:25:44.0889 0x17a8  [ F369D6B89AA610174A4E90C8513B7C7A, 2AEFA10F57C0ED0466611957DED5425363608E88414DD7DCF74E182117B12F5A ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
14:25:44.0936 0x17a8  Sftvol - ok
14:25:45.0030 0x17a8  [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
14:25:45.0123 0x17a8  sftvsa - ok
14:25:45.0170 0x17a8  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:25:45.0326 0x17a8  SharedAccess - ok
14:25:45.0389 0x17a8  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:25:45.0513 0x17a8  ShellHWDetection - ok
14:25:45.0576 0x17a8  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:25:45.0638 0x17a8  sisagp - ok
14:25:45.0685 0x17a8  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:25:45.0732 0x17a8  SiSRaid2 - ok
14:25:45.0779 0x17a8  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:25:45.0841 0x17a8  SiSRaid4 - ok
14:25:45.0935 0x17a8  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:25:46.0122 0x17a8  SkypeUpdate - ok
14:25:46.0184 0x17a8  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:25:46.0293 0x17a8  Smb - ok
14:25:46.0387 0x17a8  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:25:46.0434 0x17a8  SNMPTRAP - ok
14:25:46.0481 0x17a8  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:25:46.0527 0x17a8  spldr - ok
14:25:46.0605 0x17a8  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:25:46.0746 0x17a8  Spooler - ok
14:25:46.0995 0x17a8  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:25:47.0354 0x17a8  sppsvc - ok
14:25:47.0385 0x17a8  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:25:47.0495 0x17a8  sppuinotify - ok
14:25:47.0573 0x17a8  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:25:47.0713 0x17a8  srv - ok
14:25:47.0775 0x17a8  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:25:47.0900 0x17a8  srv2 - ok
14:25:47.0931 0x17a8  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:25:48.0025 0x17a8  srvnet - ok
14:25:48.0072 0x17a8  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:25:48.0165 0x17a8  SSDPSRV - ok
14:25:48.0290 0x17a8  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:25:48.0337 0x17a8  ssmdrv - ok
14:25:48.0368 0x17a8  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:25:48.0477 0x17a8  SstpSvc - ok
14:25:48.0509 0x17a8  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:25:48.0555 0x17a8  stexstor - ok
14:25:48.0665 0x17a8  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:25:48.0821 0x17a8  StiSvc - ok
14:25:48.0867 0x17a8  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:25:48.0914 0x17a8  swenum - ok
14:25:48.0961 0x17a8  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:25:49.0133 0x17a8  swprv - ok
14:25:49.0273 0x17a8  [ 31B6B2D25FCFF1B71AE225000D656CD0, D4096648E6AB6240DFD4667F704C1A8772C92ABAFA9213EE4653DA714D38485E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:25:49.0445 0x17a8  SynTP - ok
14:25:49.0554 0x17a8  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:25:49.0710 0x17a8  SysMain - ok
14:25:49.0741 0x17a8  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:25:49.0850 0x17a8  TabletInputService - ok
14:25:49.0881 0x17a8  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:25:50.0037 0x17a8  TapiSrv - ok
14:25:50.0084 0x17a8  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:25:50.0178 0x17a8  TBS - ok
14:25:50.0303 0x17a8  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:25:50.0490 0x17a8  Tcpip - ok
14:25:50.0615 0x17a8  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:25:50.0739 0x17a8  TCPIP6 - ok
14:25:50.0817 0x17a8  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:25:50.0880 0x17a8  tcpipreg - ok
14:25:50.0942 0x17a8  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:25:51.0036 0x17a8  TDPIPE - ok
14:25:51.0083 0x17a8  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:25:51.0145 0x17a8  TDTCP - ok
14:25:51.0176 0x17a8  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:25:51.0301 0x17a8  tdx - ok
14:25:51.0348 0x17a8  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:25:51.0410 0x17a8  TermDD - ok
14:25:51.0473 0x17a8  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:25:51.0613 0x17a8  TermService - ok
14:25:51.0629 0x17a8  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:25:51.0707 0x17a8  Themes - ok
14:25:51.0738 0x17a8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:25:51.0847 0x17a8  THREADORDER - ok
14:25:51.0909 0x17a8  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:25:52.0034 0x17a8  TrkWks - ok
14:25:52.0112 0x17a8  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:25:52.0237 0x17a8  TrustedInstaller - ok
14:25:52.0299 0x17a8  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:25:52.0409 0x17a8  tssecsrv - ok
14:25:52.0471 0x17a8  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:25:52.0596 0x17a8  TsUsbFlt - ok
14:25:52.0627 0x17a8  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:25:52.0705 0x17a8  TsUsbGD - ok
14:25:52.0799 0x17a8  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:25:52.0892 0x17a8  tunnel - ok
14:25:52.0955 0x17a8  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:25:53.0017 0x17a8  uagp35 - ok
14:25:53.0064 0x17a8  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:25:53.0204 0x17a8  udfs - ok
14:25:53.0251 0x17a8  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:25:53.0345 0x17a8  UI0Detect - ok
14:25:53.0423 0x17a8  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:25:53.0485 0x17a8  uliagpkx - ok
14:25:53.0547 0x17a8  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:25:53.0657 0x17a8  umbus - ok
14:25:53.0719 0x17a8  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:25:53.0813 0x17a8  UmPass - ok
14:25:53.0859 0x17a8  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:25:54.0015 0x17a8  upnphost - ok
14:25:54.0093 0x17a8  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:25:54.0234 0x17a8  USBAAPL - ok
14:25:54.0281 0x17a8  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:25:54.0421 0x17a8  usbccgp - ok
14:25:54.0452 0x17a8  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:25:54.0530 0x17a8  usbcir - ok
14:25:54.0577 0x17a8  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:25:54.0639 0x17a8  usbehci - ok
14:25:54.0686 0x17a8  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:25:54.0795 0x17a8  usbhub - ok
14:25:54.0873 0x17a8  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:25:54.0983 0x17a8  usbohci - ok
14:25:55.0029 0x17a8  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:25:55.0092 0x17a8  usbprint - ok
14:25:55.0123 0x17a8  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:25:55.0232 0x17a8  USBSTOR - ok
14:25:55.0295 0x17a8  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:25:55.0373 0x17a8  usbuhci - ok
14:25:55.0482 0x17a8  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:25:55.0575 0x17a8  usbvideo - ok
14:25:55.0622 0x17a8  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:25:55.0731 0x17a8  UxSms - ok
14:25:55.0747 0x17a8  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
14:25:55.0794 0x17a8  VaultSvc - ok
14:25:55.0872 0x17a8  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:25:55.0919 0x17a8  vdrvroot - ok
14:25:55.0997 0x17a8  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:25:56.0168 0x17a8  vds - ok
14:25:56.0231 0x17a8  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:25:56.0309 0x17a8  vga - ok
14:25:56.0340 0x17a8  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:25:56.0418 0x17a8  VgaSave - ok
14:25:56.0465 0x17a8  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:25:56.0527 0x17a8  vhdmp - ok
14:25:56.0605 0x17a8  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:25:56.0652 0x17a8  viaagp - ok
14:25:56.0667 0x17a8  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:25:56.0761 0x17a8  ViaC7 - ok
14:25:56.0792 0x17a8  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:25:56.0839 0x17a8  viaide - ok
14:25:56.0886 0x17a8  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:25:56.0948 0x17a8  volmgr - ok
14:25:56.0995 0x17a8  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:25:57.0089 0x17a8  volmgrx - ok
14:25:57.0151 0x17a8  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:25:57.0229 0x17a8  volsnap - ok
14:25:57.0291 0x17a8  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:25:57.0369 0x17a8  vsmraid - ok
14:25:57.0479 0x17a8  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:25:57.0681 0x17a8  VSS - ok
14:25:57.0713 0x17a8  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:25:57.0775 0x17a8  vwifibus - ok
14:25:57.0822 0x17a8  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:25:57.0931 0x17a8  vwififlt - ok
14:25:57.0993 0x17a8  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:25:58.0071 0x17a8  vwifimp - ok
14:25:58.0134 0x17a8  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:25:58.0274 0x17a8  W32Time - ok
14:25:58.0305 0x17a8  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:25:58.0368 0x17a8  WacomPen - ok
14:25:58.0430 0x17a8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:25:58.0524 0x17a8  WANARP - ok
14:25:58.0539 0x17a8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:25:58.0617 0x17a8  Wanarpv6 - ok
14:25:58.0758 0x17a8  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:25:58.0992 0x17a8  wbengine - ok
14:25:59.0023 0x17a8  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:25:59.0132 0x17a8  WbioSrvc - ok
14:25:59.0195 0x17a8  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:25:59.0288 0x17a8  wcncsvc - ok
14:25:59.0304 0x17a8  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:25:59.0397 0x17a8  WcsPlugInService - ok
14:25:59.0444 0x17a8  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:25:59.0491 0x17a8  Wd - ok
14:25:59.0569 0x17a8  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:25:59.0678 0x17a8  Wdf01000 - ok
14:25:59.0709 0x17a8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:25:59.0819 0x17a8  WdiServiceHost - ok
14:25:59.0819 0x17a8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:25:59.0881 0x17a8  WdiSystemHost - ok
14:25:59.0943 0x17a8  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
14:26:00.0053 0x17a8  WebClient - ok
14:26:00.0099 0x17a8  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:26:00.0209 0x17a8  Wecsvc - ok
14:26:00.0255 0x17a8  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:26:00.0333 0x17a8  wercplsupport - ok
14:26:00.0396 0x17a8  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:26:00.0505 0x17a8  WerSvc - ok
14:26:00.0583 0x17a8  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:26:00.0677 0x17a8  WfpLwf - ok
14:26:00.0708 0x17a8  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:26:00.0770 0x17a8  WIMMount - ok
14:26:00.0864 0x17a8  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:26:01.0067 0x17a8  WinDefend - ok
14:26:01.0129 0x17a8  WinHttpAutoProxySvc - ok
14:26:01.0254 0x17a8  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:26:01.0394 0x17a8  Winmgmt - ok
14:26:01.0503 0x17a8  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:26:01.0691 0x17a8  WinRM - ok
14:26:01.0769 0x17a8  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:26:01.0862 0x17a8  WinUsb - ok
14:26:01.0956 0x17a8  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:26:02.0143 0x17a8  Wlansvc - ok
14:26:02.0299 0x17a8  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:26:02.0408 0x17a8  wlcrasvc - ok
14:26:02.0705 0x17a8  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:26:02.0939 0x17a8  wlidsvc - ok
14:26:03.0032 0x17a8  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:26:03.0095 0x17a8  WmiAcpi - ok
14:26:03.0157 0x17a8  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:26:03.0251 0x17a8  wmiApSrv - ok
14:26:03.0422 0x17a8  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:26:03.0578 0x17a8  WMPNetworkSvc - ok
14:26:03.0609 0x17a8  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:26:03.0734 0x17a8  WPCSvc - ok
14:26:03.0750 0x17a8  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:26:03.0875 0x17a8  WPDBusEnum - ok
14:26:03.0921 0x17a8  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:26:04.0046 0x17a8  ws2ifsl - ok
14:26:04.0109 0x17a8  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
14:26:04.0187 0x17a8  wscsvc - ok
14:26:04.0202 0x17a8  WSearch - ok
14:26:04.0436 0x17a8  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:26:04.0639 0x17a8  wuauserv - ok
14:26:04.0686 0x17a8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:26:04.0764 0x17a8  WudfPf - ok
14:26:04.0826 0x17a8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:04.0904 0x17a8  WUDFRd - ok
14:26:04.0982 0x17a8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:26:05.0045 0x17a8  wudfsvc - ok
14:26:05.0107 0x17a8  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:26:05.0201 0x17a8  WwanSvc - ok
14:26:05.0279 0x17a8  ================ Scan global ===============================
14:26:05.0325 0x17a8  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:26:05.0388 0x17a8  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:26:05.0419 0x17a8  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:26:05.0466 0x17a8  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:26:05.0513 0x17a8  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:26:05.0559 0x17a8  [ Global ] - ok
14:26:05.0559 0x17a8  ================ Scan MBR ==================================
14:26:05.0575 0x17a8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:26:06.0620 0x17a8  \Device\Harddisk0\DR0 - ok
14:26:06.0620 0x17a8  ================ Scan VBR ==================================
14:26:06.0651 0x17a8  [ DA0A3FBA67A5BE95BA6B0DDB3A39FADC ] \Device\Harddisk0\DR0\Partition1
14:26:06.0683 0x17a8  \Device\Harddisk0\DR0\Partition1 - ok
14:26:06.0714 0x17a8  [ AB193526AD8DC38D1CDF1A6CBA09D84C ] \Device\Harddisk0\DR0\Partition2
14:26:06.0729 0x17a8  \Device\Harddisk0\DR0\Partition2 - ok
14:26:06.0839 0x17a8  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.3.336 ), 0x41000 ( enabled : updated )
14:26:06.0854 0x17a8  Win FW state via NFP2: enabled
14:26:09.0990 0x17a8  ============================================================
14:26:09.0990 0x17a8  Scan finished
14:26:09.0990 0x17a8  ============================================================
14:26:10.0021 0x17ac  Detected object count: 1
14:26:10.0021 0x17ac  Actual detected object count: 1
14:26:28.0148 0x17ac  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:28.0148 0x17ac  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 14.05.2014, 12:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Combofix löschen, neu laden, nochmal laufen lassen.
__________________
--> Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'

Alt 14.05.2014, 14:19   #7
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



neues combofix log:

Code:
ATTFilter
ComboFix 14-05-13.01 - maria 05/14/2014  13:46:27.2.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2036.1214 [GMT 2:00]
Running from: c:\users\maria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
c:\users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-14 to 2014-05-14  )))))))))))))))))))))))))))))))
.
.
2014-05-14 11:59 . 2014-05-14 11:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-13 04:23 . 2014-05-13 04:23	0	----a-w-	c:\windows\system32\sho7753.tmp
2014-05-12 13:38 . 2014-05-12 13:38	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-12 13:11 . 2014-05-12 13:11	--------	d-----w-	c:\windows\Migration
2014-05-12 12:59 . 2014-04-14 02:11	361984	----a-w-	c:\windows\system32\aepdu.dll
2014-05-12 12:59 . 2014-04-14 02:07	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-05-12 04:22 . 2014-05-12 04:22	0	----a-w-	c:\windows\system32\sho6098.tmp
2014-05-12 04:15 . 2014-05-12 04:15	104960	----a-w-	C:\kwloypod.sys
2014-05-12 04:08 . 2014-05-12 04:11	--------	d-----w-	C:\FRST
2014-05-11 15:22 . 2014-05-11 15:22	--------	d-----w-	c:\programdata\Package Cache
2014-05-10 16:27 . 2014-05-10 16:27	0	----a-w-	c:\windows\system32\shoDAE.tmp
2014-05-06 16:30 . 2014-05-06 16:30	0	----a-w-	c:\windows\system32\sho7AE0.tmp
2014-05-06 11:35 . 2014-05-06 11:35	--------	d-----w-	c:\users\maria\AppData\Local\Skype
2014-05-06 11:35 . 2014-05-06 11:35	--------	d-----w-	c:\program files\Common Files\Skype
2014-04-30 13:30 . 2014-05-01 03:48	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 06:31 . 2014-04-13 11:01	56192	----a-w-	c:\windows\system32\drivers\f8065e8752673505.sys
2014-04-30 13:50 . 2012-04-15 08:46	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-30 13:50 . 2011-11-16 19:41	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 11:41 . 2014-04-03 11:41	0	----a-w-	c:\windows\system32\shoA083.tmp
2014-03-09 16:34 . 2014-03-09 16:34	0	----a-w-	c:\windows\system32\sho39D4.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 CFcatchme;CFcatchme;c:\users\maria\AppData\Local\Temp\CFcatchme.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-04-23 70016]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-12 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-18 1017424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-10 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-18 440400]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 739944]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-07 252520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:50]
.
2014-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
2014-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
- c:\users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 203.144.207.49 203.144.207.29
FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-05-14  14:09:37 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-14 12:09
.
Pre-Run: 31,584,165,888 bytes free
Post-Run: 31,059,181,568 bytes free
.
- - End Of File - - C9B3CA8E6E2F8218F9CA54559B69F414
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 15.05.2014, 10:45   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.05.2014, 10:42   #9
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



so, hier eine neue runde logs:

mbam

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 5/16/2014
Suchlauf-Zeit: 9:48:41 AM
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.16.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: maria

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 239109
Verstrichene Zeit: 26 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2462786714-4158980062-2870690922-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [18ffb69c1962d3637217e9a0a75b7090], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

ADW cleaner

Code:
ATTFilter
# AdwCleaner v3.208 - Report created 16/05/2014 at 10:08:43
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : maria - MARIA-PC
# Running from : C:\Users\maria\Desktop\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ File : C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1360 octets] - [16/05/2014 10:06:02]
AdwCleaner[S0].txt - [1295 octets] - [16/05/2014 10:08:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1355 octets] ##########
         

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by maria on Fri 05/16/2014 at 10:13:55.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\system32\sho1384.tmp
Successfully deleted: [File] C:\Windows\system32\sho39D4.tmp
Successfully deleted: [File] C:\Windows\system32\sho4F3C.tmp
Successfully deleted: [File] C:\Windows\system32\sho51A9.tmp
Successfully deleted: [File] C:\Windows\system32\sho6098.tmp
Successfully deleted: [File] C:\Windows\system32\sho6A19.tmp
Successfully deleted: [File] C:\Windows\system32\sho7664.tmp
Successfully deleted: [File] C:\Windows\system32\sho7753.tmp
Successfully deleted: [File] C:\Windows\system32\sho7AE0.tmp
Successfully deleted: [File] C:\Windows\system32\sho8086.tmp
Successfully deleted: [File] C:\Windows\system32\shoA083.tmp
Successfully deleted: [File] C:\Windows\system32\shoC839.tmp
Successfully deleted: [File] C:\Windows\system32\shoDAE.tmp
Successfully deleted: [File] C:\Windows\system32\shoE528.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{03054EAD-71D9-441A-80AB-F6600930C34A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0390F119-56B5-4DF7-9403-E6F4BD6DBD44}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{06E71217-4AAC-42B9-B3A8-5B53422278C9}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{07FC8E3F-D9E1-4F76-AA3A-C6C6C50BF47B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0C843876-8E72-433F-9663-D42F7FF39FB1}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{0D4D9A08-F9ED-4D92-B688-3D2BA4E0F7BC}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{14F12C48-7D68-4A05-A03F-321F455DCE4A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{15271A03-294B-4039-9F43-E033D70110C8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{15CDFF98-1387-4FAD-8C91-E9FD27B28A10}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{1E2D2773-405F-4811-8B1B-65EDB48E800E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{1F9C88D4-5A7C-4D0A-B8BE-22306DA4F666}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{23C14A54-99E8-47B6-83F1-7D7B5685A3F8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2643C18D-75AC-491E-8496-D986324E0D7B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{272F3428-F96E-48AB-943F-C0566690B4C1}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2AE129C4-D77F-4912-B5BB-7D2958188D7E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{2E51BFC6-088C-413C-A7EC-E25F17AD87BB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{314631AB-17C4-4D8A-847C-0499AEE84212}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{340F53EC-B07B-4986-80D6-DFFF0D95935C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{3E79F5E2-2DE7-4A17-9AA0-AEE35C0DE345}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{403850C3-5056-4BA4-99AB-DA218A806D31}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4196543B-9A1B-4C71-B78C-DAED1875F1EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{45D5AEE7-B988-47C2-B11A-78BC05F7B5ED}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4600C52A-5CCD-4F1F-9D7A-85A764B7617C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{463896A2-1E74-4D5B-B06F-BFC36A73C6E7}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{465509CA-331A-4493-BFF4-C0B7B4F42C1F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{48A0052B-82DF-4E0E-9ED3-049316F881B0}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4A765581-E777-409F-BB62-B33DCCC6E0C6}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4B8FDB58-278A-4D69-B12C-64B7A0A98695}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4CF4EC31-0F5B-4056-817E-F036201B33B8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4D3667F6-AD27-4884-94EA-3BF3C25C5F0B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{4FF8ABC5-27A2-4C46-B580-C4F2C69E1E63}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{511D4DF2-B156-42E8-97A5-D28FC955CCB8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{51719A9E-1855-466A-AD67-B5A9709780BE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5519F21D-9BED-4AFF-B408-B68FEC163F5D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5D504EDD-704B-45BA-83F5-1F490D2EDD36}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{5FA2FA85-26DF-45EF-9DA9-E876FB869E06}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{611883DA-19DF-46FF-8B04-D8D219C7B92A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{61C73515-F3FB-418C-9441-83CCA916152E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{63B3A099-89DF-41A4-A45A-6612AD10BACB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{659993B0-7676-4EDE-B4A8-EB76BFA176BA}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{66F588F6-2485-4595-9DC5-9569D8649301}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{673E6403-2DDD-430B-B3BE-EBFCBBF578B9}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{7024A00C-C92E-4E57-AE61-208F0D9E375B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{70FD5CA6-348D-4108-811F-AE88E9BFA243}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{71A4DE0A-2718-4C06-BC45-60E849F9195C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{72CAF5D2-EF62-43DC-BF31-C5B89AE46456}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{79E6DF9B-B019-4602-ACB6-405FDF381D7F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{7F3E0C9D-8412-4ACB-8AB8-AC0C3CF6B0F0}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{840D5642-9AE7-4616-AB53-A909E00AAA4D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{86C2CFF5-5DF2-4543-857F-15AFC48FA244}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8BB504BB-5505-477B-9FF4-294C7B0720D5}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8DD28B16-5701-43B6-A5AF-4E0A946326F8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8E8C2754-CA7D-417A-AADF-6BDE3748F260}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{8E9539BF-1EC6-4E75-9B26-AA90991FE017}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{906FFF63-1736-41D0-9F27-A950A0CD395A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9073364C-B60E-4EB3-961A-DCF20F76A35B}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{93D0A31B-85AA-4A82-A427-22110CB53AE8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{961FF0A9-3ED1-4B14-B7F5-6074FDA11F07}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{969ED885-C577-4032-A111-41DDEEC2CC73}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9BEF755D-758B-4B3A-B371-368A4C3E1D09}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{9D006C6F-96D3-40CB-B31C-2857D582BAE8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A040472F-A9BC-4A39-A1F5-F5B5090DB75C}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A2767EA3-92FB-43D8-ACAF-69240F9A5F18}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A41B4119-F300-44F6-9A05-923308A67673}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{A8F44175-34DC-48FE-B1F3-8D3D20D7E1C3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B08910A5-739A-4269-9A6D-4BC3E60B6EAE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B0E75DE4-C278-4B71-8C8B-52E3FAA0E927}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B7195FBA-EF77-445E-8882-9E6FD395299A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{B9360BEE-FCD2-41E4-92E1-11AE48D31D9D}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{BBC25E07-B7E7-4F06-9017-61DFA45F02EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C1B44C1C-4566-416E-A165-34F317E55202}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C392F871-0238-4C3B-9885-278FA92EDC3F}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C647797F-B5ED-4B7D-8BDF-9BDE78AE09FF}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C8722344-3764-4ED0-AB67-8C9527892D95}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{C899A0A5-9244-4E89-BC86-6DB32F1424A8}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{CF971A56-2E9F-4AAB-BF99-70E10EAB1A95}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{CFA34A8E-8467-4C2C-81C5-70B7A00BE5EB}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{D3414B33-87A0-467C-91B8-6DAC64474B96}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{D725A744-60A1-468F-A32C-9901F0E2042A}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DBD97146-F9AC-4710-8D6F-1429DE866A90}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF19AF45-AA67-465D-BD72-49262D8B9EA3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF53C017-BB4A-43D9-A50E-F9528F8F7D28}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{DF558C47-902A-4A5B-8679-1FE22E6E86A3}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E1223ADF-9AFE-4C47-A2D2-AEDA67FC98AE}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E54A2A96-2A9C-47AA-AD96-B084B43359B6}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{E692FBCA-248B-47D0-99CC-77E1E86FCD45}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F2F6A7FA-1525-4791-BD63-11A511B1C371}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F44847C7-A5D8-43D0-84B6-13D0CF099598}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F6015AC6-8EE9-4175-9C35-AEFF43A8A40E}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F722EB61-764E-4948-87F6-20F6FCDC3544}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{F8ACDD69-7963-4497-B300-90997956FCAA}
Successfully deleted: [Empty Folder] C:\Users\maria\appdata\local\{FCD1B2DC-E14F-45A7-9081-EE7F2ACBFFB7}



~~~ FireFox

Emptied folder: C:\Users\maria\AppData\Roaming\mozilla\firefox\profiles\90yea2t9.default\minidumps [93 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/16/2014 at 10:19:39.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

neues FRST log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by maria (administrator) on MARIA-PC on 16-05-2014 10:34:39
Running from C:\Users\maria\Desktop
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\maria\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\maria\AppData\Local\Temp\CFcatchme.sys [X]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 10:34 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:05 - 2014-05-16 10:08 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:11 - 2014-05-16 09:14 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-15 23:53 - 2014-05-16 09:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 23:53 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 23:53 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 14:20 - 2014-05-13 14:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 15:00 - 2014-05-12 15:08 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 14:59 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-12 14:59 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:29 - 2014-05-16 10:09 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:11 - 2014-05-14 14:09 - 00000000 ____D () C:\Qoobox
2014-05-12 08:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-12 08:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-12 08:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-12 08:10 - 2014-05-12 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 07:38 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:57 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:13 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:13 - 2014-05-12 06:11 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:10 - 2014-05-12 06:11 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:09 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-16 10:34 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-16 10:34 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-16 10:09 - 00210469 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-16 10:10 - 00001792 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple

==================== One Month Modified Files and Folders =======

2014-05-16 10:34 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:34 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-16 10:34 - 2014-05-12 06:07 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-16 10:22 - 2014-05-11 17:22 - 00210469 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:18 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 10:18 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:10 - 2014-05-09 03:16 - 00001792 _____ () C:\Windows\setupact.log
2014-05-16 10:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 10:09 - 2014-05-12 08:29 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-16 10:08 - 2014-05-16 10:05 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:56 - 2014-05-15 23:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 09:50 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 09:44 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:44 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 09:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-16 09:14 - 2014-05-16 09:11 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-16 09:10 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-15 23:48 - 2012-06-30 12:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 14:09 - 2014-05-12 08:11 - 00000000 ____D () C:\Qoobox
2014-05-14 14:02 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 15:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-13 14:21 - 2014-05-13 14:20 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-13 10:59 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-13 04:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-12 15:55 - 2010-11-20 23:01 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 15:42 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:08 - 2014-05-12 15:00 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-12 08:35 - 2014-05-12 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 08:29 - 2009-07-14 04:03 - 39845888 _____ () C:\Windows\system32\config\software.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:28 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-05-12 07:38 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:11 - 2014-05-12 06:13 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:11 - 2014-05-12 06:13 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:10 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:09 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:07 - 2014-05-12 06:57 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 06:06 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-28 04:25 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters

Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe
C:\Users\maria\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 15:02

==================== End Of Log ============================
         
--- --- ---


Vielen Dank!

Alt 17.05.2014, 14:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.05.2014, 11:49   #11
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



ESET

Code:
ATTFilter
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=261e083b6e517d408578c73d7e3a911e
# engine=18306
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-18 08:47:27
# local_time=2014-05-18 10:47:27 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 87258 171074152 79949 0
# compatibility_mode=5893 16776574 100 94 25205154 152034038 0 0
# scanned=122318
# found=2
# cleaned=0
# scan_time=5524
sh=A66E6C0417EF40FAFD1B5FCF2D3166765B8EF43F ft=1 fh=c675a25e62d443a3 vn="Variante von Win32/Kryptik.BZRH Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe.vir"
sh=E45F8B3EFB6DD25754CBDB0DE0CAA8D45FA47F9A ft=0 fh=0000000000000000 vn="Variante von Win32/Rootkit.Kryptik.YL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\drivers\_f8065e8752673505_.sys.zip"
         
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
neues FRST log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by maria (administrator) on MARIA-PC on 18-05-2014 11:32:46
Running from C:\Users\maria\Desktop
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\maria\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\maria\AppData\Local\Temp\CFcatchme.sys [X]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 11:30 - 2014-05-18 11:30 - 00000906 _____ () C:\Users\maria\Desktop\checkup.txt
2014-05-18 11:29 - 2014-05-18 11:29 - 00855379 _____ () C:\Users\maria\Desktop\SecurityCheck.exe
2014-05-18 09:08 - 2014-05-18 09:08 - 02347384 _____ (ESET) C:\Users\maria\Desktop\esetsmartinstaller_deu.exe
2014-05-16 22:41 - 2014-05-16 22:41 - 00000000 _____ () C:\Windows\system32\sho413.tmp
2014-05-16 15:28 - 2014-05-16 15:28 - 00000000 ____D () C:\Users\maria\AppData\Local\webkit
2014-05-16 15:23 - 2014-05-16 18:30 - 00000000 ____D () C:\Users\maria\.gimp-2.8
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\AppData\Local\gegl-0.2
2014-05-16 12:19 - 2014-05-16 12:20 - 90396104 _____ (The GIMP Team ) C:\Users\maria\Downloads\gimp-2.8.10-setup.exe
2014-05-16 10:45 - 2014-05-16 10:45 - 00000000 ____D () C:\Users\maria\AppData\Local\{D5A0FC40-4B13-4F6E-8CD9-69B5E2CD50D3}
2014-05-16 10:34 - 2014-05-18 11:32 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:05 - 2014-05-16 10:08 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:11 - 2014-05-16 09:14 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-15 23:53 - 2014-05-16 09:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 23:53 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 23:53 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 14:20 - 2014-05-13 14:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 15:00 - 2014-05-12 15:08 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 14:59 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-12 14:59 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:29 - 2014-05-16 10:09 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:11 - 2014-05-14 14:09 - 00000000 ____D () C:\Qoobox
2014-05-12 08:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-12 08:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-12 08:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-12 08:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-12 08:10 - 2014-05-12 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 07:38 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:57 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:13 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:13 - 2014-05-12 06:11 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:10 - 2014-05-12 06:11 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:09 - 2014-05-12 06:11 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-18 11:32 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-16 10:34 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-17 13:21 - 00247114 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-18 08:41 - 00001904 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple

==================== One Month Modified Files and Folders =======

2014-05-18 11:33 - 2014-05-16 10:34 - 00012452 _____ () C:\Users\maria\Desktop\FRST.txt
2014-05-18 11:32 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-18 11:30 - 2014-05-18 11:30 - 00000906 _____ () C:\Users\maria\Desktop\checkup.txt
2014-05-18 11:29 - 2014-05-18 11:29 - 00855379 _____ () C:\Users\maria\Desktop\SecurityCheck.exe
2014-05-18 10:44 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 09:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-18 09:08 - 2014-05-18 09:08 - 02347384 _____ (ESET) C:\Users\maria\Desktop\esetsmartinstaller_deu.exe
2014-05-18 08:50 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 08:50 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 08:41 - 2014-05-09 03:16 - 00001904 _____ () C:\Windows\setupact.log
2014-05-18 08:41 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 13:21 - 2014-05-11 17:22 - 00247114 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 22:41 - 2014-05-16 22:41 - 00000000 _____ () C:\Windows\system32\sho413.tmp
2014-05-16 21:38 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-05-16 18:30 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\.gimp-2.8
2014-05-16 15:28 - 2014-05-16 15:28 - 00000000 ____D () C:\Users\maria\AppData\Local\webkit
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Users\maria\AppData\Local\gegl-0.2
2014-05-16 15:23 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-16 12:20 - 2014-05-16 12:19 - 90396104 _____ (The GIMP Team ) C:\Users\maria\Downloads\gimp-2.8.10-setup.exe
2014-05-16 10:45 - 2014-05-16 10:45 - 00000000 ____D () C:\Users\maria\AppData\Local\{D5A0FC40-4B13-4F6E-8CD9-69B5E2CD50D3}
2014-05-16 10:34 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\maria\Desktop\FRST-OlderVersion
2014-05-16 10:34 - 2014-05-12 06:07 - 01056768 _____ (Farbar) C:\Users\maria\Desktop\FRST.exe
2014-05-16 10:19 - 2014-05-16 10:19 - 00011913 _____ () C:\Users\maria\Desktop\JRT.txt
2014-05-16 10:13 - 2014-05-16 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-05-16 10:12 - 2014-05-16 10:12 - 00001435 _____ () C:\Users\maria\Desktop\AdwCleaner[S0].txt
2014-05-16 10:09 - 2014-05-12 08:29 - 00058404 _____ () C:\Windows\PFRO.log
2014-05-16 10:08 - 2014-05-16 10:05 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:04 - 2014-05-16 10:04 - 00001337 _____ () C:\Users\maria\Desktop\mbam.txt
2014-05-16 09:56 - 2014-05-15 23:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 09:44 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:44 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 09:14 - 2014-05-16 09:11 - 00000946 _____ () C:\Windows\system32\debug.log
2014-05-16 09:10 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 23:53 - 2014-05-15 23:53 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 23:53 - 2014-05-15 23:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-15 23:50 - 2014-05-15 23:50 - 01016261 _____ (Thisisu) C:\Users\maria\Desktop\JRT.exe
2014-05-15 23:49 - 2014-05-15 23:49 - 01325827 _____ () C:\Users\maria\Desktop\adwcleaner_3.208.exe
2014-05-15 23:48 - 2012-06-30 12:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 14:09 - 2014-05-14 14:09 - 00012365 _____ () C:\Users\maria\Desktop\ComboFix.txt
2014-05-14 14:09 - 2014-05-12 08:11 - 00000000 ____D () C:\Qoobox
2014-05-14 14:02 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-14 13:39 - 2014-05-14 13:39 - 05200050 ____R (Swearware) C:\Users\maria\Desktop\ComboFix.exe
2014-05-13 15:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-13 14:21 - 2014-05-13 14:20 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\maria\Desktop\tdsskiller.exe
2014-05-13 10:59 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-13 04:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-12 15:55 - 2010-11-20 23:01 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 15:42 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-12 15:38 - 2014-05-12 15:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-12 15:08 - 2014-05-12 15:00 - 00008552 _____ () C:\Windows\IE11_main.log
2014-05-12 15:04 - 2014-05-12 15:04 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 15:04 - 2014-05-12 15:04 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-12 15:04 - 2014-05-12 15:04 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-12 15:04 - 2014-05-12 15:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-12 15:04 - 2014-05-12 15:04 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-12 15:04 - 2014-05-12 15:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-12 15:04 - 2014-05-12 15:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-12 08:38 - 2014-05-12 08:38 - 00010628 _____ () C:\Users\maria\Desktop\ComboFix alt.txt
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-12 08:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-12 08:35 - 2014-05-12 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 08:29 - 2009-07-14 04:03 - 39845888 _____ () C:\Windows\system32\config\software.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-12 08:29 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-05-12 08:28 - 2014-05-12 08:28 - 00000021 _____ () C:\Users\maria\Desktop\catchme.log
2014-05-12 08:28 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-05-12 07:38 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Desktop\gmer.log
2014-05-12 07:02 - 2014-05-12 07:02 - 00008990 _____ () C:\Users\maria\Desktop\Ereignisse.txt
2014-05-12 06:57 - 2014-05-12 06:57 - 00001756 _____ () C:\Users\maria\Downloads\gmer.log
2014-05-12 06:15 - 2014-05-12 06:15 - 00104960 _____ (GMER) C:\kwloypod.sys
2014-05-12 06:14 - 2014-05-12 06:14 - 00380416 _____ () C:\Users\maria\Desktop\Gmer-19357.exe
2014-05-12 06:11 - 2014-05-12 06:13 - 00045737 _____ () C:\Users\maria\Desktop\FRST_12-05-2014_06-11-21.txt
2014-05-12 06:11 - 2014-05-12 06:13 - 00022973 _____ () C:\Users\maria\Desktop\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:10 - 00023817 _____ () C:\Users\maria\Downloads\Addition.txt
2014-05-12 06:11 - 2014-05-12 06:09 - 00045737 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:07 - 2014-05-12 06:57 - 00002860 _____ () C:\Users\maria\Desktop\defogger_disable.log
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Desktop\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters

Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe
C:\Users\maria\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 15:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hallo Schrauber,

ich kann keine Probleme mehr erkennen. Antivir funktioniert auf jeden Fall wie es soll.
Was die logs sagen weiss ich natuerlich nicht...

Muss ich noch irgendwas tun?

Vielen vielen Dank!

Alt 19.05.2014, 09:27   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.05.2014, 11:03   #13
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by maria at 2014-05-19 10:58:46 Run:1
Running from C:\Users\maria\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.

==== End of Fixlog ====
         
Kann ich jetzt mit dem Aufraeumen beginnen?

Alt 20.05.2014, 09:44   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



genau
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2014, 12:03   #15
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'



Hi Schrauber!

Nachdem das Geraet jetzt schon eine Weile wieder problemlos laeuft wolllte ich dir dies kurz melden.

Vielen vielen Dank fuer die Hilfe!!

Antwort

Themen zu Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'
0x8007042, antivir, antivirus, association, avira, browser, desktop, device driver, dxgkrnl, error, failed, firefox, flash player, homepage, launch, malware, monitor, mozilla, msiexec.exe, problem, realtek, registry, scan, security, software, svchost.exe, system, trojaner, tunnel, usb, virus, windows



Ähnliche Themen: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'


  1. McAfee: Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 04.09.2015 (10)
  2. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  3. Windows 7: Avira Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 26.03.2015 (13)
  4. TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (29)
  5. Antivir Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 13.01.2015 (19)
  6. Windows XP: Avira Echtzeitscanner lässt sich nicht aktivieren / AVG Residente Komponente inaktiv
    Log-Analyse und Auswertung - 12.08.2014 (9)
  7. Win XP Malware Funde, Antivir lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 03.04.2014 (15)
  8. Antivir lässt sich nicht mehr aktivieren - wprotectmanager.exe auf dem Rechner
    Log-Analyse und Auswertung - 01.04.2014 (9)
  9. win xp fund TR/roodkit.gen und Antivir Echtzeitscanner läßt sich nicht aktivieren
    Log-Analyse und Auswertung - 20.03.2014 (21)
  10. HomeTab - TBUpdater.dll - Fehlermeldung / Antivir lässt sich nicht mehr aktivieren
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (22)
  11. Musik im Hintergrund/antivir lässt sich nicht updaten, aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (9)
  12. Virus erneuert sich selbst und Firewall lässt sich nicht aktivieren. Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (11)
  13. Echtzeitscanner lässt sich nicht aktivieren - weisser Desktopbildschirm
    Log-Analyse und Auswertung - 17.09.2012 (16)
  14. Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 11.09.2012 (11)
  15. Antivir Echtzeitscanner und Windows Update lassen sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 10.08.2012 (2)
  16. Antivir guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 19.03.2010 (11)
  17. AntiVir Guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 24.07.2009 (29)

Zum Thema Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Hallo liebe Trojanerjäger! Seit ein paar Tagen habe ich bemerkt, dass ich den Antivir Echtzeitscanner nicht mehr aktivieren kann. Ich habe daraufhin mehrfach versucht durch einen Virencheck mit Antivir das - Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'...
Archiv
Du betrachtest: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.