|
Log-Analyse und Auswertung: Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
15.09.2014, 12:37 | #1 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Hallo zusammen, handelt sich um das Netbook meiner Freundin. bei einem Routinescan von Avast wurden sehr viele verdächtige und/oder infizierte Dateien gefunden, teilweise mit Anmerkung auf Rootkits. Der Großteil befand sich wohl im Winsxs-Ordner. Nach mehrmaligen Versuchen die Avastfunktionen (löschen, Quarantäne etc) zu verwenden, welche jedoch mit "Fehler" und "nicht behoben" kommentiert wurden, wurde ein erneuter Scan ausgeführt. Daraufhin war der Scan ohne Befund. Avast logfile wurde leider nicht erstellt. Ich habe dann aber heute mit TDSSKiller gescannt, auch ohne Befund. Hier nun die FRST und Addition Logs: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Beate Michaela (administrator) on BEATE-NETBOOK on 15-09-2014 13:31:16 Running from C:\Users\Beate Michaela\Downloads Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files\Duden\Duden Korrektor\DKTray.exe [481824 2013-09-02] (Expert System S.p.A.) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\MountPoints2: {bd48516d-6701-11e3-a15e-e81132dc253e} - E:\ibs.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {333EB6DA-01D3-48CF-9958-CD7DA7AF19CE} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = ^hxxp://www\.claro-search\.com/\?affID=114508.* SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043 SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV= SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] Chrome: ======= CHR CustomProfile: C:\Users\Beate Michaela\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Beate Michaela\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx [] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx [2013-08-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [87976 2012-06-07] (Cisco Systems, Inc.) R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-16] () R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software) R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] () S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-09] (ELAN Microelectronics Corp.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-27] (Windows (R) 2003 DDK 3790 provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 13:18 - 2014-09-15 13:27 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:15 - 2014-09-15 13:31 - 00012617 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 13:14 - 2014-09-15 13:31 - 00000000 ____D () C:\FRST 2014-09-15 13:12 - 2014-09-14 22:30 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:57 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:05 - 2014-09-15 12:06 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:43 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-15 03:43 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-15 03:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-15 03:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-15 03:43 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-15 03:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-15 03:43 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-15 03:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-15 03:43 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-15 03:43 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-15 03:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-15 03:43 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-15 03:43 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-15 03:43 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-15 03:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-15 03:43 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-15 03:43 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-15 03:43 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-15 03:43 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-15 03:43 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-15 03:43 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-15 03:43 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-15 03:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-15 03:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-15 03:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 20:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-14 20:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-14 20:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-14 20:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-14 20:38 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-14 20:38 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-31 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 19:11 - 2014-08-30 18:48 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 13:30 - 2014-08-27 13:42 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-22 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-22 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 13:31 - 2014-09-15 13:15 - 00012617 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 13:31 - 2014-09-15 13:14 - 00000000 ____D () C:\FRST 2014-09-15 13:27 - 2014-09-15 13:18 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:58 - 2014-09-15 12:57 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:43 - 2014-07-16 22:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-15 12:29 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-15 12:20 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-15 12:20 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-15 12:16 - 2011-07-26 04:16 - 01551092 _____ () C:\windows\WindowsUpdate.log 2014-09-15 12:13 - 2013-12-20 10:15 - 00017037 _____ () C:\windows\setupact.log 2014-09-15 12:13 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-15 12:06 - 2014-09-15 12:05 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:41 - 2012-09-14 21:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-15 03:40 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT 2014-09-15 03:16 - 2013-06-10 17:48 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-15 03:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-09-15 03:15 - 2014-05-06 12:44 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-15 03:07 - 2010-11-20 23:01 - 01594892 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-14 22:30 - 2014-09-15 13:12 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-06 16:45 - 2013-10-22 19:02 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Hilfsjob BZL 2014-09-05 19:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-05 03:52 - 2014-09-14 20:38 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-14 20:38 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 19:58 - 2009-07-14 06:33 - 00350744 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-30 18:48 - 2014-08-29 19:11 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 14:30 - 2012-09-13 18:59 - 00089976 _____ () C:\Users\Beate Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-27 13:42 - 2014-08-27 13:30 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-23 03:46 - 2014-08-31 18:07 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-31 18:07 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 19:39 - 2014-09-15 03:43 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-15 03:42 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-15 03:43 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-15 03:43 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-15 03:43 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-15 03:43 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-15 03:43 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-15 03:43 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-15 03:43 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-15 03:43 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-15 03:43 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-15 03:43 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-15 03:43 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-15 03:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-15 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-15 03:42 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-15 03:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-15 03:43 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-15 03:43 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-15 03:43 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-15 03:43 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-15 03:43 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-15 03:43 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Beate Michaela\AppData\Local\Temp\{D2CB4494-012C-4726-BF7E-61FDD9DDD133}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 01:07 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Beate Michaela at 2014-09-15 13:33:01 Running from C:\Users\Beate Michaela\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057 - Cisco Systems, Inc.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH) Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy Resolution Manager (HKLM\...\{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}) (Version: 1.1.0 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.) Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG) Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden Nitro Reader 3 (HKLM\...\{171478A8-80AD-4295-A2D1-C3D8AE70C9F1}) (Version: 3.5.2.10 - Nitro) Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.) REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-264978880-1747315322-2305944383-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll () ==================== Restore Points ========================= 13-08-2014 12:44:00 Windows Update 17-08-2014 15:49:18 Windows Update 22-08-2014 16:15:43 Windows Update 24-08-2014 11:48:59 Windows Update 30-08-2014 10:25:03 Windows Update 31-08-2014 15:48:20 Windows Update 31-08-2014 17:51:44 Windows Update 05-09-2014 13:52:17 Windows Update 14-09-2014 18:23:09 Windows Update 15-09-2014 01:01:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E65D067-CBEB-444B-B531-555D915E11DD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {186D9905-520E-4480-95AB-53CFB4205FF0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {206510DC-A7C6-4011-8CB6-3C5F9345E9FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.) Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {769E07C5-0BE6-4A6C-B5F3-66FF67031220} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {844E9470-612D-46A9-8743-B043C03DA11C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software) Task: {8BA86EC4-EEE2-4E4E-BFC2-87533622D8F9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {A14135DA-1CF0-47C9-8C6F-94253D1D583A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {B2D1250E-ED13-4F79-B714-706089AED7B5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {BEA77058-F404-4F28-B3A1-97A9CA98C058} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {D320090D-9609-4032-A786-19169D146BFF} - \Browser Manager No Task File <==== ATTENTION Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-16 21:59 - 2014-07-16 21:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-14 20:04 - 2014-09-14 20:04 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll 2012-10-08 13:26 - 2010-06-17 21:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll 2014-07-16 21:59 - 2014-07-16 21:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-07-25 12:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2014-07-30 12:33 - 2014-07-30 12:33 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79210258.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2014 00:29:57 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 00:14:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 00:13:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 00:13:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 00:13:12 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 10:19:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 10:19:08 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 10:16:47 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/15/2014 10:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 10:14:27 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (09/15/2014 00:14:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/15/2014 00:13:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/15/2014 00:13:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Error: (09/15/2014 10:15:34 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/15/2014 10:14:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/15/2014 10:14:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Error: (09/15/2014 03:59:10 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/15/2014 03:58:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/15/2014 03:58:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Error: (09/15/2014 00:33:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (09/15/2014 00:29:57 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/15/2014 00:14:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 00:13:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/15/2014 00:13:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Error: (09/15/2014 00:13:12 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\windows\System32\bcmihvsrv.dll Error: (09/15/2014 10:19:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/15/2014 10:19:08 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/15/2014 10:16:47 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/15/2014 10:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 10:14:27 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll CodeIntegrity Errors: =================================== Date: 2013-12-20 07:46:08.978 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 19:43:57.918 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 13:48:22.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 77% Total physical RAM: 1013.3 MB Available physical RAM: 230.93 MB Total Pagefile: 2037.3 MB Available Pagefile: 1048.48 MB Total Virtual: 2047.88 MB Available Virtual: 1906.4 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:74.82 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:162.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: CD3D43EB) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== End Of Log ============================ Fehlalarm oder Handlungsbedarf? Vielen Dank für die Hilfe |
15.09.2014, 12:40 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr hi,
__________________Logfile oder Screenshot von Avast?
__________________ |
15.09.2014, 13:00 | #3 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr leider nicht. hat meine freundin nicht rauskopiert.
__________________im avast-verzeichnis finde ich keine txtdatei von gestern. nur 2 mdmp dateien und eine crash.txt wo aber kaum was steht hab sowohl im log als auch im report ordner nachgesehen |
15.09.2014, 19:40 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.09.2014, 20:16 | #5 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Hi, kein Fund log TDSSKiller Code:
ATTFilter 21:13:09.0724 0x1478 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58 21:13:15.0231 0x1478 ============================================================ 21:13:15.0231 0x1478 Current date / time: 2014/09/15 21:13:15.0231 21:13:15.0231 0x1478 SystemInfo: 21:13:15.0231 0x1478 21:13:15.0231 0x1478 OS Version: 6.1.7601 ServicePack: 1.0 21:13:15.0231 0x1478 Product type: Workstation 21:13:15.0231 0x1478 ComputerName: BEATE-NETBOOK 21:13:15.0231 0x1478 UserName: Beate Michaela 21:13:15.0231 0x1478 Windows directory: C:\windows 21:13:15.0231 0x1478 System windows directory: C:\windows 21:13:15.0231 0x1478 Processor architecture: Intel x86 21:13:15.0231 0x1478 Number of processors: 2 21:13:15.0231 0x1478 Page size: 0x1000 21:13:15.0231 0x1478 Boot type: Normal boot 21:13:15.0231 0x1478 ============================================================ 21:13:15.0293 0x1478 BG loaded 21:13:16.0292 0x1478 System UUID: {84961222-D4FC-1407-78B7-5E0638DE1A95} 21:13:18.0195 0x1478 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:13:18.0226 0x1478 ============================================================ 21:13:18.0226 0x1478 \Device\Harddisk0\DR0: 21:13:18.0242 0x1478 MBR partitions: 21:13:18.0242 0x1478 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000 21:13:18.0242 0x1478 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xE000000 21:13:18.0257 0x1478 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10833000, BlocksNum 0x14BFB000 21:13:18.0257 0x1478 ============================================================ 21:13:18.0335 0x1478 C: <-> \Device\Harddisk0\DR0\Partition2 21:13:18.0413 0x1478 D: <-> \Device\Harddisk0\DR0\Partition3 21:13:18.0741 0x1478 ============================================================ 21:13:18.0741 0x1478 Initialize success 21:13:18.0741 0x1478 ============================================================ 21:13:43.0233 0x0f04 ============================================================ 21:13:43.0233 0x0f04 Scan started 21:13:43.0233 0x0f04 Mode: Manual; SigCheck; TDLFS; 21:13:43.0233 0x0f04 ============================================================ 21:13:43.0233 0x0f04 KSN ping started 21:13:57.0819 0x0f04 KSN ping finished: true 21:14:02.0000 0x0f04 ================ Scan system memory ======================== 21:14:02.0016 0x0f04 System memory - ok 21:14:02.0016 0x0f04 ================ Scan services ============================= 21:14:02.0624 0x0f04 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 21:14:03.0170 0x0f04 1394ohci - ok 21:14:03.0357 0x0f04 [ A6FE70357A68AD1E279CD1012419CCE6, 561B0E21383600F9A0BFB8562AAE648BBC48A320F58E4189C508123B8F106A29 ] acedrv11 C:\windows\system32\drivers\acedrv11.sys 21:14:03.0544 0x0f04 acedrv11 - ok 21:14:03.0669 0x0f04 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\windows\system32\drivers\ACPI.sys 21:14:03.0747 0x0f04 ACPI - ok 21:14:03.0810 0x0f04 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 21:14:03.0950 0x0f04 AcpiPmi - ok 21:14:04.0028 0x0f04 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock C:\windows\system32\DRIVERS\acsock.sys 21:14:04.0075 0x0f04 acsock - ok 21:14:04.0215 0x0f04 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 21:14:04.0278 0x0f04 AdobeARMservice - ok 21:14:04.0449 0x0f04 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:14:04.0527 0x0f04 AdobeFlashPlayerUpdateSvc - ok 21:14:04.0652 0x0f04 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 21:14:04.0746 0x0f04 adp94xx - ok 21:14:04.0808 0x0f04 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\windows\system32\drivers\adpahci.sys 21:14:04.0886 0x0f04 adpahci - ok 21:14:04.0933 0x0f04 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\windows\system32\drivers\adpu320.sys 21:14:05.0011 0x0f04 adpu320 - ok 21:14:05.0089 0x0f04 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\windows\System32\aelupsvc.dll 21:14:05.0323 0x0f04 AeLookupSvc - ok 21:14:05.0432 0x0f04 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\windows\system32\drivers\afd.sys 21:14:05.0619 0x0f04 AFD - ok 21:14:05.0682 0x0f04 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\windows\system32\drivers\agp440.sys 21:14:05.0728 0x0f04 agp440 - ok 21:14:05.0806 0x0f04 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\windows\system32\drivers\djsvs.sys 21:14:05.0884 0x0f04 aic78xx - ok 21:14:05.0962 0x0f04 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\windows\System32\alg.exe 21:14:06.0087 0x0f04 ALG - ok 21:14:06.0165 0x0f04 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\windows\system32\drivers\aliide.sys 21:14:06.0212 0x0f04 aliide - ok 21:14:06.0259 0x0f04 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\windows\system32\drivers\amdagp.sys 21:14:06.0306 0x0f04 amdagp - ok 21:14:06.0337 0x0f04 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\windows\system32\drivers\amdide.sys 21:14:06.0384 0x0f04 amdide - ok 21:14:06.0415 0x0f04 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\windows\system32\drivers\amdk8.sys 21:14:06.0618 0x0f04 AmdK8 - ok 21:14:06.0664 0x0f04 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\windows\system32\drivers\amdppm.sys 21:14:06.0992 0x0f04 AmdPPM - ok 21:14:07.0148 0x0f04 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\windows\system32\drivers\amdsata.sys 21:14:07.0226 0x0f04 amdsata - ok 21:14:07.0288 0x0f04 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\windows\system32\drivers\amdsbs.sys 21:14:07.0335 0x0f04 amdsbs - ok 21:14:07.0382 0x0f04 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\windows\system32\drivers\amdxata.sys 21:14:07.0413 0x0f04 amdxata - ok 21:14:07.0444 0x0f04 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\windows\system32\drivers\appid.sys 21:14:07.0569 0x0f04 AppID - ok 21:14:07.0600 0x0f04 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\windows\System32\appidsvc.dll 21:14:07.0694 0x0f04 AppIDSvc - ok 21:14:07.0741 0x0f04 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\windows\System32\appinfo.dll 21:14:07.0834 0x0f04 Appinfo - ok 21:14:07.0897 0x0f04 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\windows\system32\drivers\arc.sys 21:14:07.0928 0x0f04 arc - ok 21:14:07.0975 0x0f04 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\windows\system32\drivers\arcsas.sys 21:14:08.0006 0x0f04 arcsas - ok 21:14:08.0224 0x0f04 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 21:14:08.0318 0x0f04 aspnet_state - ok 21:14:08.0380 0x0f04 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\windows\system32\drivers\aswHwid.sys 21:14:08.0427 0x0f04 aswHwid - ok 21:14:08.0443 0x0f04 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys 21:14:08.0490 0x0f04 aswMonFlt - ok 21:14:08.0536 0x0f04 [ A4614218584E41C31C7D1CBFF0432ED5, C9632FDB13FB0DD73A5FA5E2DFA5EFF97A9CD719DC0D28097B765077AD0FB3E7 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys 21:14:08.0583 0x0f04 aswRdr - ok 21:14:08.0599 0x0f04 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys 21:14:08.0646 0x0f04 aswRvrt - ok 21:14:08.0708 0x0f04 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\windows\system32\drivers\aswSnx.sys 21:14:08.0802 0x0f04 aswSnx - ok 21:14:08.0926 0x0f04 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\windows\system32\drivers\aswSP.sys 21:14:09.0036 0x0f04 aswSP - ok 21:14:09.0098 0x0f04 [ 83378AE48209388D0F9BD16A44D19EEC, 0BEBD1E425077D81B5439E90B2C518EA8B94F590B551F52289842012BA3BAB2C ] aswStm C:\windows\system32\drivers\aswStm.sys 21:14:09.0145 0x0f04 aswStm - ok 21:14:09.0223 0x0f04 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\windows\system32\drivers\aswVmm.sys 21:14:09.0270 0x0f04 aswVmm - ok 21:14:09.0316 0x0f04 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 21:14:10.0346 0x0f04 AsyncMac - ok 21:14:10.0455 0x0f04 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\windows\system32\drivers\atapi.sys 21:14:10.0502 0x0f04 atapi - ok 21:14:10.0611 0x0f04 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 21:14:10.0736 0x0f04 AudioEndpointBuilder - ok 21:14:10.0783 0x0f04 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\windows\System32\Audiosrv.dll 21:14:10.0908 0x0f04 Audiosrv - ok 21:14:11.0001 0x0f04 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:14:11.0032 0x0f04 avast! Antivirus - ok 21:14:11.0079 0x0f04 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\windows\System32\AxInstSV.dll 21:14:11.0220 0x0f04 AxInstSV - ok 21:14:11.0344 0x0f04 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\windows\system32\drivers\bxvbdx.sys 21:14:11.0454 0x0f04 b06bdrv - ok 21:14:11.0516 0x0f04 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys 21:14:11.0610 0x0f04 b57nd60x - ok 21:14:11.0890 0x0f04 [ 55BBDDE1CBD3FA79EA88BAAA051D9735, E8CEF9347AC53751F9F6EC521C6BB1844C030777C1CBC37B81F382BACF81629F ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys 21:14:12.0249 0x0f04 BCM43XX - ok 21:14:12.0327 0x0f04 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\windows\System32\bdesvc.dll 21:14:12.0405 0x0f04 BDESVC - ok 21:14:12.0452 0x0f04 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\windows\system32\drivers\Beep.sys 21:14:12.0577 0x0f04 Beep - ok 21:14:12.0639 0x0f04 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\windows\System32\bfe.dll 21:14:12.0780 0x0f04 BFE - ok 21:14:12.0920 0x0f04 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\windows\System32\qmgr.dll 21:14:13.0138 0x0f04 BITS - ok 21:14:13.0185 0x0f04 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 21:14:13.0263 0x0f04 blbdrive - ok 21:14:13.0326 0x0f04 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\windows\system32\DRIVERS\bowser.sys 21:14:13.0450 0x0f04 bowser - ok 21:14:13.0482 0x0f04 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 21:14:13.0560 0x0f04 BrFiltLo - ok 21:14:13.0606 0x0f04 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 21:14:13.0700 0x0f04 BrFiltUp - ok 21:14:13.0762 0x0f04 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\windows\System32\browser.dll 21:14:13.0872 0x0f04 Browser - ok 21:14:13.0918 0x0f04 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\windows\System32\Drivers\Brserid.sys 21:14:14.0012 0x0f04 Brserid - ok 21:14:14.0043 0x0f04 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 21:14:14.0121 0x0f04 BrSerWdm - ok 21:14:14.0168 0x0f04 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 21:14:14.0230 0x0f04 BrUsbMdm - ok 21:14:14.0262 0x0f04 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 21:14:14.0340 0x0f04 BrUsbSer - ok 21:14:14.0402 0x0f04 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 21:14:14.0496 0x0f04 BthEnum - ok 21:14:14.0527 0x0f04 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 21:14:14.0605 0x0f04 BTHMODEM - ok 21:14:14.0652 0x0f04 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 21:14:14.0714 0x0f04 BthPan - ok 21:14:14.0776 0x0f04 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 21:14:14.0886 0x0f04 BTHPORT - ok 21:14:14.0932 0x0f04 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\windows\system32\bthserv.dll 21:14:15.0026 0x0f04 bthserv - ok 21:14:15.0088 0x0f04 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 21:14:15.0166 0x0f04 BTHUSB - ok 21:14:15.0244 0x0f04 [ 525432CFD6D8C004860AF7ECD0A84234, D058F570445BB4F73A0545ED1E9503A643AE97C62972D0B98E764AB4AF17474F ] btwampfl C:\windows\system32\drivers\btwampfl.sys 21:14:15.0307 0x0f04 btwampfl - ok 21:14:15.0400 0x0f04 [ CF8799A563F734984D4E053CACEC1426, F41824AAB4F1D77B9CFB2E2DD4715C219F924B94CA5272D03E202ED960B76DE5 ] btwaudio C:\windows\system32\drivers\btwaudio.sys 21:14:15.0432 0x0f04 btwaudio - ok 21:14:15.0478 0x0f04 [ 9ED9932043D599AEA04F6EA2D86964A1, A57A3617B16A5FD9853555C1F042537A63BEC44797615E9A8D84D733C4B464D0 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys 21:14:15.0525 0x0f04 btwavdt - ok 21:14:15.0666 0x0f04 [ 7778C6BCAFF58C0E876B307514923A48, BC41FA587A0C835E75010867CA630C8FDC554B4039F355485F25FBA7E025B775 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 21:14:15.0744 0x0f04 btwdins - ok 21:14:15.0775 0x0f04 [ DE53089F0678CB5F0AFEB867ACB0FB05, 62AE8B22A96B8D22A5A843C855956423BF2281339C2D921A4650F318D6AEA783 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys 21:14:15.0806 0x0f04 btwl2cap - ok 21:14:15.0837 0x0f04 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30, E45F7980182B2EC515E2219CDBAFAC2DEA44B4791770B9E8B5BDAACC55583BA1 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys 21:14:15.0868 0x0f04 btwrchid - ok 21:14:16.0009 0x0f04 [ F6B032F03602321CBAD380A6EB883525, 0793ABED0CB32EBDF9BEE4A5A47F65CF76A9D1AD45920E7CFAD3764854450E8C ] cbfs3 C:\windows\system32\drivers\cbfs3.sys 21:14:16.0071 0x0f04 cbfs3 - ok 21:14:16.0118 0x0f04 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 21:14:16.0243 0x0f04 cdfs - ok 21:14:16.0321 0x0f04 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 21:14:16.0414 0x0f04 cdrom - ok 21:14:16.0477 0x0f04 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\windows\System32\certprop.dll 21:14:16.0570 0x0f04 CertPropSvc - ok 21:14:16.0617 0x0f04 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\windows\system32\drivers\circlass.sys 21:14:16.0680 0x0f04 circlass - ok 21:14:16.0726 0x0f04 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\windows\system32\CLFS.sys 21:14:16.0789 0x0f04 CLFS - ok 21:14:16.0851 0x0f04 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:14:16.0898 0x0f04 clr_optimization_v2.0.50727_32 - ok 21:14:16.0960 0x0f04 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:14:17.0085 0x0f04 clr_optimization_v4.0.30319_32 - ok 21:14:17.0132 0x0f04 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 21:14:17.0210 0x0f04 CmBatt - ok 21:14:17.0257 0x0f04 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\windows\system32\drivers\cmdide.sys 21:14:17.0304 0x0f04 cmdide - ok 21:14:17.0428 0x0f04 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\windows\system32\Drivers\cng.sys 21:14:17.0584 0x0f04 CNG - ok 21:14:17.0616 0x0f04 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 21:14:17.0678 0x0f04 Compbatt - ok 21:14:17.0725 0x0f04 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 21:14:17.0834 0x0f04 CompositeBus - ok 21:14:17.0850 0x0f04 COMSysApp - ok 21:14:17.0912 0x0f04 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 21:14:17.0974 0x0f04 crcdisk - ok 21:14:18.0099 0x0f04 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\windows\system32\cryptsvc.dll 21:14:18.0193 0x0f04 CryptSvc - ok 21:14:18.0255 0x0f04 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\windows\system32\rpcss.dll 21:14:18.0380 0x0f04 DcomLaunch - ok 21:14:18.0427 0x0f04 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\windows\System32\defragsvc.dll 21:14:18.0567 0x0f04 defragsvc - ok 21:14:18.0630 0x0f04 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\windows\system32\Drivers\dfsc.sys 21:14:18.0754 0x0f04 DfsC - ok 21:14:18.0817 0x0f04 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\windows\system32\dhcpcore.dll 21:14:18.0910 0x0f04 Dhcp - ok 21:14:18.0942 0x0f04 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\windows\system32\drivers\discache.sys 21:14:19.0035 0x0f04 discache - ok 21:14:19.0098 0x0f04 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\windows\system32\drivers\disk.sys 21:14:19.0144 0x0f04 Disk - ok 21:14:19.0191 0x0f04 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\windows\System32\dnsrslvr.dll 21:14:19.0316 0x0f04 Dnscache - ok 21:14:19.0378 0x0f04 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\windows\System32\dot3svc.dll 21:14:19.0488 0x0f04 dot3svc - ok 21:14:19.0534 0x0f04 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\windows\system32\dps.dll 21:14:19.0659 0x0f04 DPS - ok 21:14:19.0722 0x0f04 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\windows\system32\drivers\drmkaud.sys 21:14:19.0815 0x0f04 drmkaud - ok 21:14:19.0924 0x0f04 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 21:14:20.0018 0x0f04 DXGKrnl - ok 21:14:20.0112 0x0f04 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\windows\System32\eapsvc.dll 21:14:20.0236 0x0f04 EapHost - ok 21:14:20.0486 0x0f04 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\windows\system32\drivers\evbdx.sys 21:14:20.0876 0x0f04 ebdrv - ok 21:14:20.0923 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\windows\System32\lsass.exe 21:14:21.0048 0x0f04 EFS - ok 21:14:21.0157 0x0f04 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\windows\system32\drivers\elxstor.sys 21:14:21.0235 0x0f04 elxstor - ok 21:14:21.0266 0x0f04 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\windows\system32\drivers\errdev.sys 21:14:21.0344 0x0f04 ErrDev - ok 21:14:21.0422 0x0f04 [ 8F08AF5E6C08A48D44D7E430637AEC2E, 08B740AB2442227768F674CAC7C1FB85C0A50D0229C43DD036ADFDBFAB1836BE ] ETD C:\windows\system32\DRIVERS\ETD.sys 21:14:21.0516 0x0f04 ETD - ok 21:14:21.0734 0x0f04 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\windows\system32\es.dll 21:14:21.0874 0x0f04 EventSystem - ok 21:14:21.0921 0x0f04 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\windows\system32\drivers\exfat.sys 21:14:22.0046 0x0f04 exfat - ok 21:14:22.0093 0x0f04 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\windows\system32\drivers\fastfat.sys 21:14:22.0202 0x0f04 fastfat - ok 21:14:22.0280 0x0f04 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\windows\system32\fxssvc.exe 21:14:22.0405 0x0f04 Fax - ok 21:14:22.0483 0x0f04 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\windows\system32\drivers\fdc.sys 21:14:22.0561 0x0f04 fdc - ok 21:14:22.0592 0x0f04 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\windows\system32\fdPHost.dll 21:14:22.0701 0x0f04 fdPHost - ok 21:14:22.0748 0x0f04 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\windows\system32\fdrespub.dll 21:14:22.0873 0x0f04 FDResPub - ok 21:14:22.0904 0x0f04 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 21:14:22.0951 0x0f04 FileInfo - ok 21:14:22.0982 0x0f04 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\windows\system32\drivers\filetrace.sys 21:14:23.0122 0x0f04 Filetrace - ok 21:14:23.0169 0x0f04 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 21:14:23.0247 0x0f04 flpydisk - ok 21:14:23.0325 0x0f04 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 21:14:23.0388 0x0f04 FltMgr - ok 21:14:23.0497 0x0f04 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\windows\system32\FntCache.dll 21:14:23.0653 0x0f04 FontCache - ok 21:14:23.0746 0x0f04 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:14:23.0793 0x0f04 FontCache3.0.0.0 - ok 21:14:23.0824 0x0f04 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\windows\system32\drivers\FsDepends.sys 21:14:23.0887 0x0f04 FsDepends - ok 21:14:23.0918 0x0f04 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 21:14:23.0965 0x0f04 Fs_Rec - ok 21:14:24.0043 0x0f04 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 21:14:24.0105 0x0f04 fvevol - ok 21:14:24.0168 0x0f04 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 21:14:24.0230 0x0f04 gagp30kx - ok 21:14:24.0370 0x0f04 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\windows\System32\gpsvc.dll 21:14:24.0511 0x0f04 gpsvc - ok 21:14:24.0542 0x0f04 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 21:14:24.0636 0x0f04 hcw85cir - ok 21:14:24.0698 0x0f04 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 21:14:24.0792 0x0f04 HdAudAddService - ok 21:14:24.0823 0x0f04 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 21:14:24.0885 0x0f04 HDAudBus - ok 21:14:24.0901 0x0f04 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\windows\system32\drivers\HidBatt.sys 21:14:24.0963 0x0f04 HidBatt - ok 21:14:24.0994 0x0f04 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\windows\system32\drivers\hidbth.sys 21:14:25.0072 0x0f04 HidBth - ok 21:14:25.0119 0x0f04 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\windows\system32\drivers\hidir.sys 21:14:25.0182 0x0f04 HidIr - ok 21:14:25.0228 0x0f04 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\windows\system32\hidserv.dll 21:14:25.0369 0x0f04 hidserv - ok 21:14:25.0478 0x0f04 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 21:14:25.0556 0x0f04 HidUsb - ok 21:14:25.0603 0x0f04 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\windows\system32\kmsvc.dll 21:14:25.0696 0x0f04 hkmsvc - ok 21:14:25.0790 0x0f04 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll 21:14:25.0899 0x0f04 HomeGroupListener - ok 21:14:25.0977 0x0f04 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll 21:14:26.0071 0x0f04 HomeGroupProvider - ok 21:14:26.0118 0x0f04 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 21:14:26.0164 0x0f04 HpSAMD - ok 21:14:26.0227 0x0f04 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\windows\system32\drivers\HTTP.sys 21:14:26.0367 0x0f04 HTTP - ok 21:14:26.0414 0x0f04 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 21:14:26.0445 0x0f04 hwpolicy - ok 21:14:26.0554 0x0f04 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 21:14:26.0617 0x0f04 i8042prt - ok 21:14:26.0710 0x0f04 [ F4037A3FEDB92DD97C95F320766EA5C9, 3872166AA17E9C19D9F5BBCBC6CA202F6D5CCB1F9E04ED2AA0D43F642B9C85FD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 21:14:26.0773 0x0f04 iaStor - ok 21:14:26.0835 0x0f04 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 21:14:26.0898 0x0f04 iaStorV - ok 21:14:27.0116 0x0f04 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:14:27.0225 0x0f04 idsvc - ok 21:14:27.0288 0x0f04 IEEtwCollectorService - ok 21:14:27.0787 0x0f04 [ D0074897C6BC132F3980EA4654BF7FB9, 53F4B0286A6CF974135E6F184E05975BD436FA4D45687B6E47E013A8D57D0E05 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys 21:14:28.0395 0x0f04 igfx - ok 21:14:28.0458 0x0f04 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\windows\system32\drivers\iirsp.sys 21:14:28.0504 0x0f04 iirsp - ok 21:14:28.0614 0x0f04 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\windows\System32\ikeext.dll 21:14:28.0770 0x0f04 IKEEXT - ok 21:14:29.0269 0x0f04 [ 6CECE101B254C08A5C9EC2285BDEDC8C, B1E84AB40A94D246DD390DA0398731CE58F47D4300615C96958D7C7EC9C29479 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys 21:14:29.0643 0x0f04 IntcAzAudAddService - ok 21:14:29.0706 0x0f04 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\windows\system32\drivers\intelide.sys 21:14:29.0752 0x0f04 intelide - ok 21:14:29.0815 0x0f04 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 21:14:29.0877 0x0f04 intelppm - ok 21:14:29.0940 0x0f04 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\windows\system32\ipbusenum.dll 21:14:30.0064 0x0f04 IPBusEnum - ok 21:14:30.0080 0x0f04 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 21:14:30.0205 0x0f04 IpFilterDriver - ok 21:14:30.0298 0x0f04 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 21:14:30.0439 0x0f04 iphlpsvc - ok 21:14:30.0501 0x0f04 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 21:14:30.0595 0x0f04 IPMIDRV - ok 21:14:30.0642 0x0f04 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\windows\system32\drivers\ipnat.sys 21:14:30.0766 0x0f04 IPNAT - ok 21:14:30.0844 0x0f04 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\windows\system32\drivers\irenum.sys 21:14:30.0938 0x0f04 IRENUM - ok 21:14:30.0985 0x0f04 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\windows\system32\drivers\isapnp.sys 21:14:31.0047 0x0f04 isapnp - ok 21:14:31.0110 0x0f04 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 21:14:31.0172 0x0f04 iScsiPrt - ok 21:14:31.0234 0x0f04 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 21:14:31.0281 0x0f04 kbdclass - ok 21:14:31.0328 0x0f04 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 21:14:31.0406 0x0f04 kbdhid - ok 21:14:31.0437 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\windows\system32\lsass.exe 21:14:31.0515 0x0f04 KeyIso - ok 21:14:31.0546 0x0f04 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 21:14:31.0609 0x0f04 KSecDD - ok 21:14:31.0656 0x0f04 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 21:14:31.0718 0x0f04 KSecPkg - ok 21:14:31.0765 0x0f04 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\windows\system32\msdtckrm.dll 21:14:31.0952 0x0f04 KtmRm - ok 21:14:32.0046 0x0f04 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\windows\system32\srvsvc.dll 21:14:32.0186 0x0f04 LanmanServer - ok 21:14:32.0233 0x0f04 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 21:14:32.0358 0x0f04 LanmanWorkstation - ok 21:14:32.0404 0x0f04 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 21:14:32.0514 0x0f04 lltdio - ok 21:14:32.0576 0x0f04 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\windows\System32\lltdsvc.dll 21:14:32.0701 0x0f04 lltdsvc - ok 21:14:32.0732 0x0f04 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\windows\System32\lmhsvc.dll 21:14:32.0841 0x0f04 lmhosts - ok 21:14:32.0919 0x0f04 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 21:14:32.0966 0x0f04 LSI_FC - ok 21:14:33.0013 0x0f04 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 21:14:33.0044 0x0f04 LSI_SAS - ok 21:14:33.0091 0x0f04 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 21:14:33.0138 0x0f04 LSI_SAS2 - ok 21:14:33.0153 0x0f04 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 21:14:33.0200 0x0f04 LSI_SCSI - ok 21:14:33.0231 0x0f04 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\windows\system32\drivers\luafv.sys 21:14:33.0340 0x0f04 luafv - ok 21:14:33.0372 0x0f04 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\windows\system32\drivers\megasas.sys 21:14:33.0418 0x0f04 megasas - ok 21:14:33.0465 0x0f04 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\windows\system32\drivers\MegaSR.sys 21:14:33.0512 0x0f04 MegaSR - ok 21:14:33.0559 0x0f04 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\windows\system32\mmcss.dll 21:14:33.0668 0x0f04 MMCSS - ok 21:14:33.0715 0x0f04 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\windows\system32\drivers\modem.sys 21:14:33.0824 0x0f04 Modem - ok 21:14:33.0871 0x0f04 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\windows\system32\DRIVERS\monitor.sys 21:14:33.0949 0x0f04 monitor - ok 21:14:34.0011 0x0f04 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 21:14:34.0058 0x0f04 mouclass - ok 21:14:34.0120 0x0f04 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 21:14:34.0198 0x0f04 mouhid - ok 21:14:34.0245 0x0f04 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\windows\system32\drivers\mountmgr.sys 21:14:34.0292 0x0f04 mountmgr - ok 21:14:34.0448 0x0f04 [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:14:34.0479 0x0f04 MozillaMaintenance - ok 21:14:34.0526 0x0f04 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\windows\system32\drivers\mpio.sys 21:14:34.0573 0x0f04 mpio - ok 21:14:34.0620 0x0f04 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 21:14:34.0713 0x0f04 mpsdrv - ok 21:14:34.0869 0x0f04 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\windows\system32\mpssvc.dll 21:14:35.0010 0x0f04 MpsSvc - ok 21:14:35.0056 0x0f04 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 21:14:35.0134 0x0f04 MRxDAV - ok 21:14:35.0197 0x0f04 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 21:14:35.0306 0x0f04 mrxsmb - ok 21:14:35.0384 0x0f04 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 21:14:35.0478 0x0f04 mrxsmb10 - ok 21:14:35.0540 0x0f04 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 21:14:35.0634 0x0f04 mrxsmb20 - ok 21:14:35.0665 0x0f04 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\windows\system32\drivers\msahci.sys 21:14:35.0712 0x0f04 msahci - ok 21:14:35.0758 0x0f04 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\windows\system32\drivers\msdsm.sys 21:14:35.0805 0x0f04 msdsm - ok 21:14:35.0836 0x0f04 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\windows\System32\msdtc.exe 21:14:35.0914 0x0f04 MSDTC - ok 21:14:36.0008 0x0f04 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\windows\system32\drivers\Msfs.sys 21:14:36.0102 0x0f04 Msfs - ok 21:14:36.0117 0x0f04 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 21:14:36.0226 0x0f04 mshidkmdf - ok 21:14:36.0258 0x0f04 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\windows\system32\drivers\msisadrv.sys 21:14:36.0304 0x0f04 msisadrv - ok 21:14:36.0351 0x0f04 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\windows\system32\iscsiexe.dll 21:14:36.0445 0x0f04 MSiSCSI - ok 21:14:36.0460 0x0f04 msiserver - ok 21:14:36.0492 0x0f04 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 21:14:36.0601 0x0f04 MSKSSRV - ok 21:14:36.0648 0x0f04 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 21:14:36.0741 0x0f04 MSPCLOCK - ok 21:14:36.0772 0x0f04 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 21:14:36.0882 0x0f04 MSPQM - ok 21:14:36.0913 0x0f04 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 21:14:36.0960 0x0f04 MsRPC - ok 21:14:37.0006 0x0f04 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 21:14:37.0053 0x0f04 mssmbios - ok 21:14:37.0084 0x0f04 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\windows\system32\drivers\MSTEE.sys 21:14:37.0162 0x0f04 MSTEE - ok 21:14:37.0287 0x0f04 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\windows\system32\drivers\MTConfig.sys 21:14:37.0350 0x0f04 MTConfig - ok 21:14:37.0412 0x0f04 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\windows\system32\Drivers\mup.sys 21:14:37.0459 0x0f04 Mup - ok 21:14:37.0521 0x0f04 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\windows\system32\qagentRT.dll 21:14:37.0646 0x0f04 napagent - ok 21:14:37.0724 0x0f04 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 21:14:37.0849 0x0f04 NativeWifiP - ok 21:14:37.0942 0x0f04 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\windows\system32\drivers\ndis.sys 21:14:38.0036 0x0f04 NDIS - ok 21:14:38.0083 0x0f04 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 21:14:38.0192 0x0f04 NdisCap - ok 21:14:38.0223 0x0f04 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 21:14:38.0332 0x0f04 NdisTapi - ok 21:14:38.0364 0x0f04 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 21:14:38.0457 0x0f04 Ndisuio - ok 21:14:38.0488 0x0f04 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 21:14:38.0598 0x0f04 NdisWan - ok 21:14:38.0644 0x0f04 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\windows\system32\drivers\NDProxy.sys 21:14:38.0754 0x0f04 NDProxy - ok 21:14:38.0785 0x0f04 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 21:14:38.0894 0x0f04 NetBIOS - ok 21:14:38.0925 0x0f04 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 21:14:39.0050 0x0f04 NetBT - ok 21:14:39.0081 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\windows\system32\lsass.exe 21:14:39.0128 0x0f04 Netlogon - ok 21:14:39.0222 0x0f04 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\windows\System32\netman.dll 21:14:39.0393 0x0f04 Netman - ok 21:14:39.0471 0x0f04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:14:39.0580 0x0f04 NetMsmqActivator - ok 21:14:39.0612 0x0f04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:14:39.0705 0x0f04 NetPipeActivator - ok 21:14:39.0783 0x0f04 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\windows\System32\netprofm.dll 21:14:39.0924 0x0f04 netprofm - ok 21:14:39.0970 0x0f04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:14:40.0033 0x0f04 NetTcpActivator - ok 21:14:40.0064 0x0f04 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:14:40.0111 0x0f04 NetTcpPortSharing - ok 21:14:40.0158 0x0f04 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 21:14:40.0204 0x0f04 nfrd960 - ok 21:14:40.0282 0x0f04 [ 13DCC5AF4FE51B3AB8B0422E9BAA55AC, 4D89A5AB19B64D3A746D6B576AAE94DB6C18FC86DAB697B61CC5DFE6A3E5BACE ] NitroReaderDriverReadSpool3 C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe 21:14:40.0329 0x0f04 NitroReaderDriverReadSpool3 - ok 21:14:40.0392 0x0f04 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\windows\System32\nlasvc.dll 21:14:40.0501 0x0f04 NlaSvc - ok 21:14:40.0532 0x0f04 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\windows\system32\drivers\Npfs.sys 21:14:40.0641 0x0f04 Npfs - ok 21:14:40.0657 0x0f04 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\windows\system32\nsisvc.dll 21:14:40.0782 0x0f04 nsi - ok 21:14:40.0844 0x0f04 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 21:14:40.0953 0x0f04 nsiproxy - ok 21:14:41.0125 0x0f04 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\windows\system32\drivers\Ntfs.sys 21:14:41.0250 0x0f04 Ntfs - ok 21:14:41.0312 0x0f04 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\windows\system32\drivers\Null.sys 21:14:41.0406 0x0f04 Null - ok 21:14:41.0484 0x0f04 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\windows\system32\drivers\nvraid.sys 21:14:41.0530 0x0f04 nvraid - ok 21:14:41.0577 0x0f04 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\windows\system32\drivers\nvstor.sys 21:14:41.0640 0x0f04 nvstor - ok 21:14:41.0686 0x0f04 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 21:14:41.0733 0x0f04 nv_agp - ok 21:14:41.0749 0x0f04 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 21:14:41.0811 0x0f04 ohci1394 - ok 21:14:41.0905 0x0f04 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:14:41.0952 0x0f04 ose - ok 21:14:42.0435 0x0f04 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:14:42.0903 0x0f04 osppsvc - ok 21:14:43.0059 0x0f04 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\windows\system32\pnrpsvc.dll 21:14:43.0184 0x0f04 p2pimsvc - ok 21:14:43.0231 0x0f04 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\windows\system32\p2psvc.dll 21:14:43.0340 0x0f04 p2psvc - ok 21:14:43.0387 0x0f04 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\windows\system32\drivers\parport.sys 21:14:43.0465 0x0f04 Parport - ok 21:14:43.0512 0x0f04 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\windows\system32\drivers\partmgr.sys 21:14:43.0558 0x0f04 partmgr - ok 21:14:43.0590 0x0f04 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\windows\system32\drivers\parvdm.sys 21:14:43.0668 0x0f04 Parvdm - ok 21:14:43.0699 0x0f04 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\windows\System32\pcasvc.dll 21:14:43.0824 0x0f04 PcaSvc - ok 21:14:43.0855 0x0f04 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\windows\system32\drivers\pci.sys 21:14:43.0902 0x0f04 pci - ok 21:14:43.0948 0x0f04 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\windows\system32\drivers\pciide.sys 21:14:43.0995 0x0f04 pciide - ok 21:14:44.0073 0x0f04 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\windows\system32\drivers\pcmcia.sys 21:14:44.0120 0x0f04 pcmcia - ok 21:14:44.0151 0x0f04 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\windows\system32\drivers\pcw.sys 21:14:44.0182 0x0f04 pcw - ok 21:14:44.0260 0x0f04 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\windows\system32\drivers\peauth.sys 21:14:44.0401 0x0f04 PEAUTH - ok 21:14:44.0853 0x0f04 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\windows\system32\pla.dll 21:14:45.0181 0x0f04 pla - ok 21:14:45.0274 0x0f04 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\windows\system32\umpnpmgr.dll 21:14:45.0415 0x0f04 PlugPlay - ok 21:14:45.0446 0x0f04 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 21:14:45.0524 0x0f04 PNRPAutoReg - ok 21:14:45.0571 0x0f04 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\windows\system32\pnrpsvc.dll 21:14:45.0649 0x0f04 PNRPsvc - ok 21:14:45.0742 0x0f04 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 21:14:45.0867 0x0f04 PolicyAgent - ok 21:14:45.0930 0x0f04 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\windows\system32\umpo.dll 21:14:46.0054 0x0f04 Power - ok 21:14:46.0101 0x0f04 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 21:14:46.0226 0x0f04 PptpMiniport - ok 21:14:46.0257 0x0f04 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\windows\system32\drivers\processr.sys 21:14:46.0320 0x0f04 Processor - ok 21:14:46.0382 0x0f04 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\windows\system32\profsvc.dll 21:14:46.0491 0x0f04 ProfSvc - ok 21:14:46.0522 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\windows\system32\lsass.exe 21:14:46.0585 0x0f04 ProtectedStorage - ok 21:14:46.0647 0x0f04 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\windows\system32\DRIVERS\pacer.sys 21:14:46.0741 0x0f04 Psched - ok 21:14:46.0897 0x0f04 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\windows\system32\drivers\ql2300.sys 21:14:47.0037 0x0f04 ql2300 - ok 21:14:47.0115 0x0f04 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\windows\system32\drivers\ql40xx.sys 21:14:47.0162 0x0f04 ql40xx - ok 21:14:47.0240 0x0f04 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\windows\system32\qwave.dll 21:14:47.0365 0x0f04 QWAVE - ok 21:14:47.0396 0x0f04 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 21:14:47.0458 0x0f04 QWAVEdrv - ok 21:14:47.0474 0x0f04 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 21:14:47.0599 0x0f04 RasAcd - ok 21:14:47.0630 0x0f04 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 21:14:47.0724 0x0f04 RasAgileVpn - ok 21:14:47.0770 0x0f04 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\windows\System32\rasauto.dll 21:14:47.0895 0x0f04 RasAuto - ok 21:14:47.0958 0x0f04 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 21:14:48.0067 0x0f04 Rasl2tp - ok 21:14:48.0176 0x0f04 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\windows\System32\rasmans.dll 21:14:48.0301 0x0f04 RasMan - ok 21:14:48.0332 0x0f04 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 21:14:48.0426 0x0f04 RasPppoe - ok 21:14:48.0457 0x0f04 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 21:14:48.0550 0x0f04 RasSstp - ok 21:14:48.0644 0x0f04 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 21:14:48.0769 0x0f04 rdbss - ok 21:14:48.0784 0x0f04 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\windows\system32\drivers\rdpbus.sys 21:14:48.0862 0x0f04 rdpbus - ok 21:14:48.0909 0x0f04 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 21:14:48.0987 0x0f04 RDPCDD - ok 21:14:49.0034 0x0f04 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 21:14:49.0128 0x0f04 RDPENCDD - ok 21:14:49.0174 0x0f04 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 21:14:49.0284 0x0f04 RDPREFMP - ok 21:14:49.0377 0x0f04 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 21:14:49.0486 0x0f04 RDPWD - ok 21:14:49.0533 0x0f04 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 21:14:49.0596 0x0f04 rdyboost - ok 21:14:49.0642 0x0f04 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\windows\System32\mprdim.dll 21:14:49.0752 0x0f04 RemoteAccess - ok 21:14:49.0783 0x0f04 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\windows\system32\regsvc.dll 21:14:49.0970 0x0f04 RemoteRegistry - ok 21:14:50.0017 0x0f04 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 21:14:50.0079 0x0f04 RFCOMM - ok 21:14:50.0110 0x0f04 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 21:14:50.0220 0x0f04 RpcEptMapper - ok 21:14:50.0266 0x0f04 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\windows\system32\locator.exe 21:14:50.0344 0x0f04 RpcLocator - ok 21:14:50.0438 0x0f04 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\windows\system32\rpcss.dll 21:14:50.0625 0x0f04 RpcSs - ok 21:14:50.0688 0x0f04 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 21:14:50.0797 0x0f04 rspndr - ok 21:14:50.0859 0x0f04 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys 21:14:50.0937 0x0f04 RTL8167 - ok 21:14:50.0984 0x0f04 [ 41CE6B172542A9A227E34A45881E1D2A, 3C0A36990F7EEF89B2D5F454B6452B6DF1304609903F31F475502E4050241DD8 ] rtport C:\windows\system32\drivers\rtport.sys 21:14:51.0031 0x0f04 rtport - ok 21:14:51.0062 0x0f04 [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI C:\windows\system32\Drivers\SABI.sys 21:14:51.0156 0x0f04 SABI - ok 21:14:51.0187 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\windows\system32\lsass.exe 21:14:51.0249 0x0f04 SamSs - ok 21:14:51.0296 0x0f04 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\windows\system32\drivers\sbp2port.sys 21:14:51.0343 0x0f04 sbp2port - ok 21:14:51.0405 0x0f04 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\windows\System32\SCardSvr.dll 21:14:51.0530 0x0f04 SCardSvr - ok 21:14:51.0561 0x0f04 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 21:14:51.0655 0x0f04 scfilter - ok 21:14:51.0748 0x0f04 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\windows\system32\schedsvc.dll 21:14:51.0936 0x0f04 Schedule - ok 21:14:51.0967 0x0f04 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\windows\System32\certprop.dll 21:14:52.0060 0x0f04 SCPolicySvc - ok 21:14:52.0123 0x0f04 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\windows\System32\SDRSVC.dll 21:14:52.0232 0x0f04 SDRSVC - ok 21:14:52.0279 0x0f04 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\windows\system32\drivers\secdrv.sys 21:14:52.0388 0x0f04 secdrv - ok 21:14:52.0419 0x0f04 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\windows\system32\seclogon.dll 21:14:52.0575 0x0f04 seclogon - ok 21:14:52.0638 0x0f04 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\windows\System32\sens.dll 21:14:52.0747 0x0f04 SENS - ok 21:14:52.0794 0x0f04 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\windows\system32\drivers\serenum.sys 21:14:52.0840 0x0f04 Serenum - ok 21:14:52.0903 0x0f04 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\windows\system32\drivers\serial.sys 21:14:52.0981 0x0f04 Serial - ok 21:14:53.0043 0x0f04 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\windows\system32\drivers\sermouse.sys 21:14:53.0106 0x0f04 sermouse - ok 21:14:53.0199 0x0f04 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\windows\system32\sessenv.dll 21:14:53.0340 0x0f04 SessionEnv - ok 21:14:53.0371 0x0f04 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\windows\system32\drivers\sffdisk.sys 21:14:53.0433 0x0f04 sffdisk - ok 21:14:53.0464 0x0f04 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 21:14:53.0527 0x0f04 sffp_mmc - ok 21:14:53.0558 0x0f04 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 21:14:53.0652 0x0f04 sffp_sd - ok 21:14:53.0683 0x0f04 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 21:14:53.0745 0x0f04 sfloppy - ok 21:14:53.0808 0x0f04 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\windows\System32\ipnathlp.dll 21:14:53.0964 0x0f04 SharedAccess - ok 21:14:54.0073 0x0f04 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll 21:14:54.0198 0x0f04 ShellHWDetection - ok 21:14:54.0260 0x0f04 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\windows\system32\drivers\sisagp.sys 21:14:54.0307 0x0f04 sisagp - ok 21:14:54.0338 0x0f04 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 21:14:54.0369 0x0f04 SiSRaid2 - ok 21:14:54.0400 0x0f04 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 21:14:54.0447 0x0f04 SiSRaid4 - ok 21:14:54.0525 0x0f04 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 21:14:54.0572 0x0f04 SkypeUpdate - ok 21:14:54.0619 0x0f04 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\windows\system32\DRIVERS\smb.sys 21:14:54.0728 0x0f04 Smb - ok 21:14:54.0806 0x0f04 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\windows\System32\snmptrap.exe 21:14:54.0868 0x0f04 SNMPTRAP - ok 21:14:54.0915 0x0f04 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\windows\system32\drivers\spldr.sys 21:14:54.0962 0x0f04 spldr - ok 21:14:55.0040 0x0f04 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\windows\System32\spoolsv.exe 21:14:55.0165 0x0f04 Spooler - ok 21:14:55.0414 0x0f04 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\windows\system32\sppsvc.exe 21:14:55.0914 0x0f04 sppsvc - ok 21:14:55.0976 0x0f04 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\windows\system32\sppuinotify.dll 21:14:56.0148 0x0f04 sppuinotify - ok 21:14:56.0210 0x0f04 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\windows\system32\DRIVERS\srv.sys 21:14:56.0319 0x0f04 srv - ok 21:14:56.0382 0x0f04 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 21:14:56.0475 0x0f04 srv2 - ok 21:14:56.0522 0x0f04 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 21:14:56.0616 0x0f04 srvnet - ok 21:14:56.0694 0x0f04 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\windows\System32\ssdpsrv.dll 21:14:56.0834 0x0f04 SSDPSRV - ok 21:14:56.0881 0x0f04 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\windows\system32\sstpsvc.dll 21:14:57.0006 0x0f04 SstpSvc - ok 21:14:57.0068 0x0f04 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\windows\system32\drivers\stexstor.sys 21:14:57.0099 0x0f04 stexstor - ok 21:14:57.0193 0x0f04 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\windows\System32\wiaservc.dll 21:14:57.0333 0x0f04 StiSvc - ok 21:14:57.0380 0x0f04 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\windows\system32\DRIVERS\swenum.sys 21:14:57.0411 0x0f04 swenum - ok 21:14:57.0489 0x0f04 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\windows\System32\swprv.dll 21:14:57.0645 0x0f04 swprv - ok 21:14:57.0770 0x0f04 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\windows\system32\sysmain.dll 21:14:57.0942 0x0f04 SysMain - ok 21:14:58.0004 0x0f04 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll 21:14:58.0129 0x0f04 TabletInputService - ok 21:14:58.0176 0x0f04 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\windows\System32\tapisrv.dll 21:14:58.0285 0x0f04 TapiSrv - ok 21:14:58.0316 0x0f04 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\windows\System32\tbssvc.dll 21:14:58.0441 0x0f04 TBS - ok 21:14:58.0597 0x0f04 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\windows\system32\drivers\tcpip.sys 21:14:58.0737 0x0f04 Tcpip - ok 21:14:58.0846 0x0f04 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 21:14:59.0049 0x0f04 TCPIP6 - ok 21:14:59.0158 0x0f04 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 21:14:59.0268 0x0f04 tcpipreg - ok 21:14:59.0314 0x0f04 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 21:14:59.0424 0x0f04 TDPIPE - ok 21:14:59.0486 0x0f04 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 21:14:59.0564 0x0f04 TDTCP - ok 21:14:59.0595 0x0f04 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\windows\system32\DRIVERS\tdx.sys 21:14:59.0704 0x0f04 tdx - ok 21:14:59.0767 0x0f04 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 21:14:59.0814 0x0f04 TermDD - ok 21:14:59.0860 0x0f04 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\windows\System32\termsrv.dll 21:15:00.0001 0x0f04 TermService - ok 21:15:00.0032 0x0f04 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\windows\system32\themeservice.dll 21:15:00.0141 0x0f04 Themes - ok 21:15:00.0188 0x0f04 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\windows\system32\mmcss.dll 21:15:00.0297 0x0f04 THREADORDER - ok 21:15:00.0375 0x0f04 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\windows\System32\trkwks.dll 21:15:00.0500 0x0f04 TrkWks - ok 21:15:00.0594 0x0f04 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 21:15:00.0718 0x0f04 TrustedInstaller - ok 21:15:00.0765 0x0f04 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 21:15:00.0874 0x0f04 tssecsrv - ok 21:15:00.0906 0x0f04 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 21:15:01.0015 0x0f04 TsUsbFlt - ok 21:15:01.0046 0x0f04 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 21:15:01.0124 0x0f04 TsUsbGD - ok 21:15:01.0186 0x0f04 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 21:15:01.0342 0x0f04 tunnel - ok 21:15:01.0389 0x0f04 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\windows\system32\drivers\uagp35.sys 21:15:01.0467 0x0f04 uagp35 - ok 21:15:01.0530 0x0f04 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\windows\system32\DRIVERS\udfs.sys 21:15:01.0654 0x0f04 udfs - ok 21:15:01.0732 0x0f04 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\windows\system32\UI0Detect.exe 21:15:01.0795 0x0f04 UI0Detect - ok 21:15:01.0842 0x0f04 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 21:15:01.0888 0x0f04 uliagpkx - ok 21:15:01.0935 0x0f04 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\windows\system32\DRIVERS\umbus.sys 21:15:01.0998 0x0f04 umbus - ok 21:15:02.0044 0x0f04 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\windows\system32\drivers\umpass.sys 21:15:02.0107 0x0f04 UmPass - ok 21:15:02.0154 0x0f04 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\windows\System32\upnphost.dll 21:15:02.0310 0x0f04 upnphost - ok 21:15:02.0388 0x0f04 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 21:15:02.0481 0x0f04 usbccgp - ok 21:15:02.0544 0x0f04 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\windows\system32\drivers\usbcir.sys 21:15:02.0622 0x0f04 usbcir - ok 21:15:02.0684 0x0f04 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\windows\system32\drivers\usbehci.sys 21:15:02.0762 0x0f04 usbehci - ok 21:15:02.0809 0x0f04 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 21:15:02.0902 0x0f04 usbhub - ok 21:15:02.0965 0x0f04 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\windows\system32\drivers\usbohci.sys 21:15:03.0027 0x0f04 usbohci - ok 21:15:03.0105 0x0f04 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 21:15:03.0183 0x0f04 usbprint - ok 21:15:03.0230 0x0f04 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 21:15:03.0308 0x0f04 usbscan - ok 21:15:03.0355 0x0f04 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 21:15:03.0417 0x0f04 USBSTOR - ok 21:15:03.0464 0x0f04 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\windows\system32\drivers\usbuhci.sys 21:15:03.0526 0x0f04 usbuhci - ok 21:15:03.0573 0x0f04 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 21:15:03.0651 0x0f04 usbvideo - ok 21:15:03.0698 0x0f04 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\windows\System32\uxsms.dll 21:15:03.0823 0x0f04 UxSms - ok 21:15:03.0854 0x0f04 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\windows\system32\lsass.exe 21:15:03.0901 0x0f04 VaultSvc - ok 21:15:03.0963 0x0f04 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 21:15:03.0994 0x0f04 vdrvroot - ok 21:15:04.0072 0x0f04 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\windows\System32\vds.exe 21:15:04.0228 0x0f04 vds - ok 21:15:04.0275 0x0f04 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\windows\system32\DRIVERS\vgapnp.sys 21:15:04.0338 0x0f04 vga - ok 21:15:04.0400 0x0f04 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\windows\System32\drivers\vga.sys 21:15:04.0509 0x0f04 VgaSave - ok 21:15:04.0572 0x0f04 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\windows\system32\drivers\vhdmp.sys 21:15:04.0618 0x0f04 vhdmp - ok 21:15:04.0681 0x0f04 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\windows\system32\drivers\viaagp.sys 21:15:04.0712 0x0f04 viaagp - ok 21:15:04.0759 0x0f04 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\windows\system32\drivers\viac7.sys 21:15:04.0837 0x0f04 ViaC7 - ok 21:15:04.0868 0x0f04 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\windows\system32\drivers\viaide.sys 21:15:04.0915 0x0f04 viaide - ok 21:15:04.0946 0x0f04 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\windows\system32\drivers\volmgr.sys 21:15:04.0993 0x0f04 volmgr - ok 21:15:05.0071 0x0f04 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\windows\system32\drivers\volmgrx.sys 21:15:05.0133 0x0f04 volmgrx - ok 21:15:05.0196 0x0f04 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\windows\system32\drivers\volsnap.sys 21:15:05.0258 0x0f04 volsnap - ok 21:15:05.0476 0x0f04 [ 18507BDC6C15BD464DE9AB18B6AF1C23, B06C90A2E2B1A2915DA5BDFB9B9F48D8B6D541AF9147A0AFE9461AAE208ACC9B ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 21:15:05.0539 0x0f04 vpnagent - ok 21:15:05.0570 0x0f04 [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva C:\windows\system32\DRIVERS\vpnva.sys 21:15:05.0601 0x0f04 vpnva - ok 21:15:05.0664 0x0f04 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 21:15:05.0710 0x0f04 vsmraid - ok 21:15:05.0851 0x0f04 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\windows\system32\vssvc.exe 21:15:06.0054 0x0f04 VSS - ok 21:15:06.0085 0x0f04 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 21:15:06.0194 0x0f04 vwifibus - ok 21:15:06.0241 0x0f04 [ 632F1B4B573B19CE0C80DF8432D1F65D, 522D93304B473696360AD8BE423E5A24541873AF5E362724644788C171AB27B0 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 21:15:06.0303 0x0f04 vwififlt - ok 21:15:06.0366 0x0f04 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\windows\system32\w32time.dll 21:15:06.0522 0x0f04 W32Time - ok 21:15:06.0584 0x0f04 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\windows\system32\drivers\wacompen.sys 21:15:06.0646 0x0f04 WacomPen - ok 21:15:06.0709 0x0f04 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 21:15:06.0880 0x0f04 WANARP - ok 21:15:06.0896 0x0f04 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 21:15:07.0005 0x0f04 Wanarpv6 - ok 21:15:07.0146 0x0f04 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\windows\system32\wbengine.exe 21:15:07.0348 0x0f04 wbengine - ok 21:15:07.0411 0x0f04 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 21:15:07.0536 0x0f04 WbioSrvc - ok 21:15:07.0629 0x0f04 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\windows\System32\wcncsvc.dll 21:15:07.0754 0x0f04 wcncsvc - ok 21:15:07.0785 0x0f04 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 21:15:07.0894 0x0f04 WcsPlugInService - ok 21:15:07.0941 0x0f04 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\windows\system32\drivers\wd.sys 21:15:07.0988 0x0f04 Wd - ok 21:15:08.0082 0x0f04 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 21:15:08.0160 0x0f04 Wdf01000 - ok 21:15:08.0206 0x0f04 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\windows\system32\wdi.dll 21:15:08.0331 0x0f04 WdiServiceHost - ok 21:15:08.0347 0x0f04 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\windows\system32\wdi.dll 21:15:08.0409 0x0f04 WdiSystemHost - ok 21:15:08.0534 0x0f04 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\windows\System32\webclnt.dll 21:15:08.0643 0x0f04 WebClient - ok 21:15:08.0706 0x0f04 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\windows\system32\wecsvc.dll 21:15:08.0862 0x0f04 Wecsvc - ok 21:15:08.0877 0x0f04 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\windows\System32\wercplsupport.dll 21:15:08.0986 0x0f04 wercplsupport - ok 21:15:09.0049 0x0f04 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\windows\System32\WerSvc.dll 21:15:09.0174 0x0f04 WerSvc - ok 21:15:09.0220 0x0f04 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 21:15:09.0345 0x0f04 WfpLwf - ok 21:15:09.0361 0x0f04 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\windows\system32\drivers\wimmount.sys 21:15:09.0408 0x0f04 WIMMount - ok 21:15:09.0564 0x0f04 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 21:15:09.0735 0x0f04 WinDefend - ok 21:15:09.0813 0x0f04 WinHttpAutoProxySvc - ok 21:15:09.0922 0x0f04 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 21:15:10.0032 0x0f04 Winmgmt - ok 21:15:10.0172 0x0f04 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\windows\system32\WsmSvc.dll 21:15:10.0375 0x0f04 WinRM - ok 21:15:10.0640 0x0f04 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\windows\System32\wlansvc.dll 21:15:10.0796 0x0f04 Wlansvc - ok 21:15:10.0905 0x0f04 [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 21:15:10.0968 0x0f04 wlcrasvc - ok 21:15:11.0155 0x0f04 [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:15:11.0311 0x0f04 wlidsvc - ok 21:15:11.0358 0x0f04 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 21:15:11.0420 0x0f04 WmiAcpi - ok 21:15:11.0514 0x0f04 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 21:15:11.0607 0x0f04 wmiApSrv - ok 21:15:11.0841 0x0f04 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 21:15:12.0013 0x0f04 WMPNetworkSvc - ok 21:15:12.0060 0x0f04 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\windows\System32\wpcsvc.dll 21:15:12.0231 0x0f04 WPCSvc - ok 21:15:12.0247 0x0f04 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 21:15:12.0434 0x0f04 WPDBusEnum - ok 21:15:12.0496 0x0f04 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 21:15:12.0637 0x0f04 ws2ifsl - ok 21:15:12.0668 0x0f04 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\windows\System32\wscsvc.dll 21:15:12.0777 0x0f04 wscsvc - ok 21:15:12.0840 0x0f04 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys 21:15:12.0902 0x0f04 WSDPrintDevice - ok 21:15:12.0949 0x0f04 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys 21:15:13.0011 0x0f04 WSDScan - ok 21:15:13.0027 0x0f04 WSearch - ok 21:15:13.0230 0x0f04 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\windows\system32\wuaueng.dll 21:15:13.0464 0x0f04 wuauserv - ok 21:15:13.0542 0x0f04 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\windows\system32\drivers\WudfPf.sys 21:15:13.0666 0x0f04 WudfPf - ok 21:15:13.0776 0x0f04 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 21:15:13.0854 0x0f04 WUDFRd - ok 21:15:13.0900 0x0f04 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\windows\System32\WUDFSvc.dll 21:15:13.0978 0x0f04 wudfsvc - ok 21:15:14.0056 0x0f04 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\windows\System32\wwansvc.dll 21:15:14.0197 0x0f04 WwanSvc - ok 21:15:14.0275 0x0f04 [ 75D06DB1C2E1401D72F76C0BFA39E57E, 7A243CA48108F7A628720A87BB6564BF4A60299DA158067D226E2457D635DE21 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys 21:15:14.0337 0x0f04 yukonw7 - ok 21:15:14.0431 0x0f04 ================ Scan global =============================== 21:15:14.0462 0x0f04 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll 21:15:14.0509 0x0f04 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll 21:15:14.0556 0x0f04 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll 21:15:14.0618 0x0f04 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll 21:15:14.0696 0x0f04 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe 21:15:14.0727 0x0f04 [ Global ] - ok 21:15:14.0727 0x0f04 ================ Scan MBR ================================== 21:15:14.0758 0x0f04 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 21:15:16.0459 0x0f04 \Device\Harddisk0\DR0 - ok 21:15:16.0459 0x0f04 ================ Scan VBR ================================== 21:15:16.0490 0x0f04 [ 0C71242BC1B78E273CA254CFF9031FC5 ] \Device\Harddisk0\DR0\Partition1 21:15:16.0506 0x0f04 \Device\Harddisk0\DR0\Partition1 - ok 21:15:16.0537 0x0f04 [ B69AC52BD4D3CC738C92C1BB58547FE7 ] \Device\Harddisk0\DR0\Partition2 21:15:16.0552 0x0f04 \Device\Harddisk0\DR0\Partition2 - ok 21:15:16.0584 0x0f04 [ 45C3DDED6A35ED65EF9B341955CB70CF ] \Device\Harddisk0\DR0\Partition3 21:15:16.0599 0x0f04 \Device\Harddisk0\DR0\Partition3 - ok 21:15:16.0599 0x0f04 ================ Scan generic autorun ====================== 21:15:17.0426 0x0f04 [ E708F1FDB3B20F2656827FCB0581CBCD, 595DADD681345F82CC387AA7BDFEDC608C1DF04831D2D0439D2F16DF1740099C ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 21:15:18.0393 0x0f04 RtHDVCpl - ok 21:15:18.0643 0x0f04 [ 51BEEB33DF2F491144744D1E1D6C1B03, 7C50CF072E210E3B9EB98350BC7EC5A00E6CB4CD07AE17F7C5E68F6892C2F3E7 ] C:\Program Files\Elantech\ETDCtrl.exe 21:15:18.0814 0x0f04 ETDCtrl - ok 21:15:18.0970 0x0f04 [ 12E54BDE520DC85A611D7245DF44BCE5, 8F90F71AC97CE47D6A4F3491A48E3F857E8DEFD51E2DFDD528666AFC592E3B4E ] C:\Program Files\FreePDF_XP\fpassist.exe 21:15:19.0033 0x0f04 FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 ) 21:15:21.0560 0x0f04 Detect skipped due to KSN trusted 21:15:21.0560 0x0f04 FreePDF Assistant - ok 21:15:21.0747 0x0f04 [ 12374FB94EB77D553BDB248D73C42710, E26C1C9710FE10D296A7AFF4E39A5D15E187E8E07E6AA405E13AB0BDBBA35180 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe 21:15:21.0825 0x0f04 Cisco AnyConnect Secure Mobility Agent for Windows - ok 21:15:21.0919 0x0f04 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe 21:15:21.0966 0x0f04 SunJavaUpdateSched - ok 21:15:22.0137 0x0f04 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 21:15:22.0262 0x0f04 Adobe ARM - ok 21:15:22.0792 0x0f04 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe 21:15:23.0245 0x0f04 AvastUI.exe - ok 21:15:23.0432 0x0f04 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 21:15:23.0635 0x0f04 Sidebar - ok 21:15:23.0666 0x0f04 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 21:15:23.0760 0x0f04 mctadmin - ok 21:15:23.0853 0x0f04 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 21:15:23.0994 0x0f04 Sidebar - ok 21:15:24.0025 0x0f04 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 21:15:24.0103 0x0f04 mctadmin - ok 21:15:24.0243 0x0f04 [ 7D96575EDC74DD8435776349C807CA95, 2C12670478C1D67A50FEE1FB6E55E4D521754B5B4D6766F3A9147428C94D932C ] C:\Program Files\Duden\Duden Korrektor\DKTray.exe 21:15:24.0321 0x0f04 Duden Korrektor SysTray - ok 21:15:24.0321 0x0f04 Waiting for KSN requests completion. In queue: 9 21:15:25.0335 0x0f04 Waiting for KSN requests completion. In queue: 9 21:15:26.0349 0x0f04 Waiting for KSN requests completion. In queue: 9 21:15:27.0722 0x0f04 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated ) 21:15:27.0738 0x0f04 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x40010 ( disabled ) 21:15:27.0847 0x0f04 Win FW state via NFP2: enabled 21:15:30.0374 0x0f04 ============================================================ 21:15:30.0374 0x0f04 Scan finished 21:15:30.0374 0x0f04 ============================================================ 21:15:30.0405 0x14e4 Detected object count: 0 21:15:30.0405 0x14e4 Actual detected object count: 0 |
16.09.2014, 12:58 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr hi, Scan mit Combofix
__________________ --> Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr |
16.09.2014, 14:38 | #7 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Hi, es wird keine txt erstellt. Geändert von MeepMeep (16.09.2014 um 15:21 Uhr) |
16.09.2014, 15:37 | #8 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr screenshots der vorhandenen dateien |
17.09.2014, 05:52 | #9 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr poste bitte mal ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.09.2014, 08:01 | #10 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr danke für deine Hilfe FRST log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Beate Michaela (administrator) on BEATE-NETBOOK on 17-09-2014 08:59:28 Running from C:\Users\Beate Michaela\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files\Duden\Duden Korrektor\DKTray.exe [481824 2013-09-02] (Expert System S.p.A.) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\MountPoints2: {bd48516d-6701-11e3-a15e-e81132dc253e} - E:\ibs.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {333EB6DA-01D3-48CF-9958-CD7DA7AF19CE} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = ^hxxp://www\.claro-search\.com/\?affID=114508.* SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043 SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV= SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043 SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] Chrome: ======= CHR CustomProfile: C:\Users\Beate Michaela\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Beate Michaela\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx [] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx [2013-08-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [87976 2012-06-07] (Cisco Systems, Inc.) R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-16] () R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software) R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] () S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-09] (ELAN Microelectronics Corp.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-27] (Windows (R) 2003 DDK 3790 provider) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 08:59 - 2014-09-17 09:00 - 00012845 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-17 08:56 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-16 16:14 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:10 - 2014-09-16 16:14 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:26 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-15 13:46 - 2014-09-15 13:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-15 13:18 - 2014-09-15 13:34 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:15 - 2014-09-15 13:34 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 13:14 - 2014-09-17 08:59 - 00000000 ____D () C:\FRST 2014-09-15 13:12 - 2014-09-14 22:30 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:57 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:05 - 2014-09-15 12:06 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:43 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-15 03:43 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-15 03:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-15 03:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-15 03:43 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-15 03:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-15 03:43 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-15 03:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-15 03:43 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-15 03:43 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-15 03:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-15 03:43 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-15 03:43 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-15 03:43 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-15 03:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-15 03:43 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-15 03:43 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-15 03:43 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-15 03:43 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-15 03:43 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-15 03:43 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-15 03:43 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-15 03:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-15 03:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-15 03:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 20:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-14 20:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-14 20:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-14 20:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-14 20:38 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-14 20:38 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-31 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 19:11 - 2014-08-30 18:48 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 13:30 - 2014-08-27 13:42 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-22 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-22 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 09:00 - 2014-09-17 08:59 - 00012845 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-17 09:00 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-17 09:00 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 08:59 - 2014-09-15 13:14 - 00000000 ____D () C:\FRST 2014-09-17 08:56 - 2011-07-26 04:16 - 01614711 _____ () C:\windows\WindowsUpdate.log 2014-09-17 08:52 - 2013-12-20 10:15 - 00017149 _____ () C:\windows\setupact.log 2014-09-17 08:52 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-16 16:43 - 2014-07-16 22:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-16 16:26 - 2014-09-16 16:09 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:14 - 2014-09-16 16:10 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:14 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-16 15:47 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:15 - 2013-01-05 18:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-15 14:51 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-15 13:46 - 2014-09-15 13:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-15 13:34 - 2014-09-15 13:18 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:34 - 2014-09-15 13:15 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 12:58 - 2014-09-17 08:56 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:58 - 2014-09-15 12:57 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:06 - 2014-09-15 12:05 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:41 - 2012-09-14 21:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-15 03:40 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT 2014-09-15 03:16 - 2013-06-10 17:48 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-15 03:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-09-15 03:15 - 2014-05-06 12:44 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-15 03:07 - 2010-11-20 23:01 - 01594892 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-14 22:30 - 2014-09-15 13:12 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-06 16:45 - 2013-10-22 19:02 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Hilfsjob BZL 2014-09-05 03:52 - 2014-09-14 20:38 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-14 20:38 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 19:58 - 2009-07-14 06:33 - 00350744 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-30 18:48 - 2014-08-29 19:11 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 14:30 - 2012-09-13 18:59 - 00089976 _____ () C:\Users\Beate Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-27 13:42 - 2014-08-27 13:30 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-25 06:53 - 2012-09-14 19:11 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-31 18:07 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-31 18:07 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 19:39 - 2014-09-15 03:43 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-15 03:42 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-15 03:43 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-15 03:43 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-15 03:43 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-15 03:43 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-15 03:43 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-15 03:43 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-15 03:43 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-15 03:43 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-15 03:43 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-15 03:43 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-15 03:43 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-15 03:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-15 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-15 03:42 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-15 03:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-15 03:43 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-15 03:43 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-15 03:43 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-15 03:43 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-15 03:43 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-15 03:43 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 15:59 ==================== End Of Log ============================ Addition log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Beate Michaela at 2014-09-17 09:01:56 Running from C:\Users\Beate Michaela\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057 - Cisco Systems, Inc.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH) Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy Resolution Manager (HKLM\...\{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}) (Version: 1.1.0 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.) Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG) Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden Nitro Reader 3 (HKLM\...\{171478A8-80AD-4295-A2D1-C3D8AE70C9F1}) (Version: 3.5.2.10 - Nitro) Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.) REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-264978880-1747315322-2305944383-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll () ==================== Restore Points ========================= 13-08-2014 12:44:00 Windows Update 17-08-2014 15:49:18 Windows Update 22-08-2014 16:15:43 Windows Update 24-08-2014 11:48:59 Windows Update 30-08-2014 10:25:03 Windows Update 31-08-2014 15:48:20 Windows Update 31-08-2014 17:51:44 Windows Update 05-09-2014 13:52:17 Windows Update 14-09-2014 18:23:09 Windows Update 15-09-2014 01:01:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E65D067-CBEB-444B-B531-555D915E11DD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {186D9905-520E-4480-95AB-53CFB4205FF0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {206510DC-A7C6-4011-8CB6-3C5F9345E9FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.) Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {769E07C5-0BE6-4A6C-B5F3-66FF67031220} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {844E9470-612D-46A9-8743-B043C03DA11C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software) Task: {8BA86EC4-EEE2-4E4E-BFC2-87533622D8F9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {A14135DA-1CF0-47C9-8C6F-94253D1D583A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {B2D1250E-ED13-4F79-B714-706089AED7B5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {BEA77058-F404-4F28-B3A1-97A9CA98C058} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {D320090D-9609-4032-A786-19169D146BFF} - \Browser Manager No Task File <==== ATTENTION Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-16 21:59 - 2014-07-16 21:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-16 15:17 - 2014-09-16 15:17 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091600\algo.dll 2014-09-17 08:53 - 2014-09-17 08:53 - 02863104 _____ () C:\Program Files\AVAST Software\Avast\defs\14091601\algo.dll 2012-10-08 13:26 - 2010-06-17 21:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll 2014-07-16 21:59 - 2014-07-16 21:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-07-25 12:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2014-09-15 13:46 - 2014-09-15 13:46 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/17/2014 08:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2014 08:52:45 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2014 08:52:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2014 08:52:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 05:03:24 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"2" in Zeile Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Definition: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (09/16/2014 05:03:02 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 05:02:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 05:02:13 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 05:02:01 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 05:02:00 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (09/17/2014 08:53:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/17/2014 08:52:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/17/2014 08:52:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Error: (09/16/2014 03:16:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/16/2014 03:15:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/16/2014 03:15:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Error: (09/15/2014 09:09:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht. Error: (09/15/2014 00:14:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/15/2014 00:13:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/15/2014 00:13:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Microsoft Office Sessions: ========================= Error: (09/17/2014 08:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2014 08:52:45 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/17/2014 08:52:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Error: (09/17/2014 08:52:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\windows\System32\bcmihvsrv.dll Error: (09/16/2014 05:03:24 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\Samsung\samsung update plus\SUPBackGround.exec:\program files\Samsung\samsung update plus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST4 Error: (09/16/2014 05:03:02 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Adobe\reader 11.0\Reader\LogTransport2.exe Error: (09/16/2014 05:02:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest Error: (09/16/2014 05:02:13 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe Error: (09/16/2014 05:02:01 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\WIDCOMM\bluetooth software\BtwVdpDefaultSink.exe Error: (09/16/2014 05:02:00 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\WIDCOMM\bluetooth software\btsendto_explorer.exe CodeIntegrity Errors: =================================== Date: 2013-12-20 07:46:08.978 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 19:43:57.918 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 13:48:22.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 77% Total physical RAM: 1013.3 MB Available physical RAM: 231.73 MB Total Pagefile: 2037.3 MB Available Pagefile: 1021.11 MB Total Virtual: 2047.88 MB Available Virtual: 1926.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:74.72 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:162.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: CD3D43EB) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
17.09.2014, 20:21 | #11 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.09.2014, 22:18 | #12 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr mbam Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/09/17 21:46:09 +0200</date> <logfile>mbam-log-2014-09-17 (21-46-04).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.2.1012</version> <malware-database>v2014.09.17.08</malware-database> <rootkit-database>v2014.09.15.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x86</arch> <username>Beate Michaela</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>282745</objects> <time>1737</time> <processes>0</processes> <modules>0</modules> <keys>28</keys> <values>4</values> <datas>1</datas> <folders>0</folders> <files>4</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>6854b23c0972b08633508ffcb74bb14f</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>6854b23c0972b08633508ffcb74bb14f</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>704cc529c8b3cd69bed689fd47bb7090</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>6e4e09e5b2c982b47d467f0711f13ec2</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>c1fbf9f50f6c38fee29a873c19e9b54b</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>c1fbf9f50f6c38fee29a873c19e9b54b</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}</path><vendor>PUP.Optional.Claro.A</vendor><action>success</action><hash>e0dce30b4f2c96a0e531226339c9966a</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEE6C35C-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks</vendor><action>success</action><hash>e0dc6c82b3c8a4922d3e1b72fa0834cc</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE</path><vendor>PUP.Optional.SweetPacks</vendor><action>success</action><hash>e0dc6c82b3c8a4922d3e1b72fa0834cc</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1</path><vendor>PUP.Optional.SweetPacks</vendor><action>success</action><hash>e0dc6c82b3c8a4922d3e1b72fa0834cc</hash></key> <key><path>HKLM\SOFTWARE\DataMngr</path><vendor>PUP.Optional.DataMangr.A</vendor><action>success</action><hash>0fad8a64fc7f9c9ad2df70a87093cb35</hash></key> <key><path>HKLM\SOFTWARE\delta-homesSoftware</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>14a80ae492e90f270bd659b123e0817f</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>5f5d86682c4f6ec876d69fb2d430ae52</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>56665a94cbb005316ddf65ecc73d22de</hash></key> <key><path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dhdepfaagokllfmhfbcfmocaeigmoebo</path><vendor>PUP.Optional.SavingsSideKick.A</vendor><action>success</action><hash>48748b63cab183b32d98cc4f976cfd03</hash></key> <key><path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ifohbjbgfchkkfhphahclmkpgejiplfo</path><vendor>PUP.Optional.Elex.A</vendor><action>success</action><hash>f6c641adb1cacb6b326bff50d430629e</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>d4e8a04e0d6efe38b7b5da7dee16e61a</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhdepfaagokllfmhfbcfmocaeigmoebo</path><vendor>PUP.Optional.SavingsSideKick.A</vendor><action>success</action><hash>516b56982e4dc86e9e27b76443c0e41c</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>6557dc12700bbc7a109d64e78f75f20e</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>b804f1fd7dfea294c3524f1160a4d22e</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick</path><vendor>PUP.Optional.SavingsSidekick.A</vendor><action>success</action><hash>2a9218d64e2df640a0fe8399ab58de22</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>55679f4f4536999ddad63616c0448b75</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>7349c72794e7191d91df8aab649ffa06</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>48749757bebd8ea8696755f65ca87e82</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 Apps</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>29932ac44239181e830d867b14ef3ac6</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>b408ba34c4b7ad8983e85bfcee16c43c</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>9824c5297b00d2643d7a959f0300d52b</hash></key> <key><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>a4189559b0cb072f1985111306fd49b7</hash></key> <value><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0W0U</valuedata><hash>48749757bebd8ea8696755f65ca87e82</hash></value> <value><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS</path><valuename>5060</valuename><vendor>PUP.Optional.CrossFire.SA</vendor><action>success</action><valuedata>Savings Sidekick</valuedata><hash>8c3049a589f2cb6baad35bb57a8ad32d</hash></value> <value><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>bProtector Start Page</valuename><vendor>PUP.BProtector</vendor><action>success</action><valuedata>^hxxp://www\.claro-search\.com/\?affID=114508.*</valuedata><hash>d9e35e90d5a651e5ab03fb500ef6738d</hash></value> <value><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT</path><valuename>Install</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><valuedata>1</valuedata><hash>9824c5297b00d2643d7a959f0300d52b</hash></value> <data><path>HKU\S-1-5-21-264978880-1747315322-2305944383-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><valuedata>hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&SSPV=</valuedata><baddata>hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&SSPV=</baddata><gooddata>www.google.com</gooddata><hash>3b81dd112b5082b46fe96d8b55af45bb</hash></data> <file><path>C:\Users\Beate Michaela\Downloads\SoftonicDownloader_fuer_mahjong-city.exe</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>9a22509eadce86b059e7f838ac55ab55</hash></file> <file><path>C:\Windows\Installer\998855c.msi</path><vendor>PUP.Optional.SweetIM</vendor><action>success</action><hash>03b9ec022853d0668f4e9e8848bdec14</hash></file> <file><path>C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default\searchplugins\conduit-search.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3e7ed01e275483b39d5fdb2516edff01</hash></file> <file><path>C:\User Data\Default\Extensions\newtab.crx</path><vendor>PUP.Optional.Elex.A</vendor><action>success</action><hash>2498e9052f4c44f2049896b941c3fb05</hash></file> </items> </mbam-log> Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 17/09/2014 um 22:40:53 # Aktualisiert 12/09/2014 von Xplode # Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits) # Benutzername : Beate Michaela - BEATE-NETBOOK # Gestartet von : C:\Users\Beate Michaela\Downloads\AdwCleaner_3.310.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn ***** [ Tasks ] ***** Task Gelöscht : Browser Manager ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gelöscht : HKCU\Software\59edddab36aee13 Schlüssel Gelöscht : HKLM\SOFTWARE\59edddab36aee13 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mahjong-city_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mahjong-city_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode Schlüssel Gelöscht : HKLM\SOFTWARE\V9 Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.1 (x86 de) [ Datei : C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [39200 octets] - [12/11/2013 14:56:27] AdwCleaner[R1].txt - [10463 octets] - [17/09/2014 22:32:17] AdwCleaner[S0].txt - [38309 octets] - [12/11/2013 15:10:28] AdwCleaner[S1].txt - [10383 octets] - [17/09/2014 22:40:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10444 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.5 (09.16.2014:1) OS: Windows 7 Starter x86 Ran by Beate Michaela on 17.09.2014 at 22:48:48,12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-264978880-1747315322-2305944383-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Beate Michaela\appdata\local\{81A48A18-A542-46C3-8659-BC631665586F} ~~~ FireFox Emptied folder: C:\Users\Beate Michaela\AppData\Roaming\mozilla\firefox\profiles\3a1zv3ay.default\minidumps [36 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.09.2014 at 22:59:49,14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Beate Michaela (administrator) on BEATE-NETBOOK on 17-09-2014 23:17:28 Running from C:\Users\Beate Michaela\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files\Duden\Duden Korrektor\DKTray.exe [481824 2013-09-02] (Expert System S.p.A.) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\MountPoints2: {bd48516d-6701-11e3-a15e-e81132dc253e} - E:\ibs.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {333EB6DA-01D3-48CF-9958-CD7DA7AF19CE} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] Chrome: ======= CHR CustomProfile: C:\Users\Beate Michaela\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [87976 2012-06-07] (Cisco Systems, Inc.) R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-16] () R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software) S2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] () S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-09] (ELAN Microelectronics Corp.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-27] (Windows (R) 2003 DDK 3790 provider) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 23:17 - 2014-09-17 23:18 - 00010529 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-17 22:59 - 2014-09-17 22:59 - 00001390 _____ () C:\Users\Beate Michaela\Desktop\JRT.txt 2014-09-17 22:47 - 2014-09-17 22:47 - 00000000 ____D () C:\windows\ERUNT 2014-09-17 22:43 - 2014-09-17 22:43 - 00010525 _____ () C:\Users\Beate Michaela\Desktop\AdwCleaner[S1].txt 2014-09-17 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll 2014-09-17 22:31 - 2014-09-17 22:31 - 01016035 _____ (Thisisu) C:\Users\Beate Michaela\Downloads\JRT.exe 2014-09-17 22:28 - 2014-09-17 22:30 - 01373475 _____ () C:\Users\Beate Michaela\Downloads\AdwCleaner_3.310.exe 2014-09-17 22:26 - 2014-09-17 22:26 - 00000271 _____ () C:\Users\Beate Michaela\Desktop\mbam.txt 2014-09-17 21:41 - 2014-09-17 23:10 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 21:40 - 2014-09-17 21:40 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 21:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 21:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 21:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 21:35 - 2014-09-17 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beate Michaela\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-17 08:56 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-16 16:14 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:10 - 2014-09-16 16:14 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:26 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-15 13:46 - 2014-09-15 13:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-15 13:18 - 2014-09-15 13:34 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:15 - 2014-09-15 13:34 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 13:14 - 2014-09-17 23:17 - 00000000 ____D () C:\FRST 2014-09-15 13:12 - 2014-09-14 22:30 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:57 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:05 - 2014-09-15 12:06 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:43 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-15 03:43 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-15 03:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-15 03:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-15 03:43 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-15 03:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-15 03:43 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-15 03:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-15 03:43 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-15 03:43 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-15 03:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-15 03:43 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-15 03:43 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-15 03:43 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-15 03:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-15 03:43 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-15 03:43 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-15 03:43 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-15 03:43 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-15 03:43 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-15 03:43 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-15 03:43 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-15 03:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-15 03:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-15 03:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 20:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-14 20:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-14 20:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-14 20:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-14 20:38 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-14 20:38 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-31 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 19:11 - 2014-08-30 18:48 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 13:30 - 2014-08-27 13:42 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-22 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-22 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 23:18 - 2014-09-17 23:17 - 00010529 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-17 23:17 - 2014-09-15 13:14 - 00000000 ____D () C:\FRST 2014-09-17 23:10 - 2014-09-17 21:41 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 22:59 - 2014-09-17 22:59 - 00001390 _____ () C:\Users\Beate Michaela\Desktop\JRT.txt 2014-09-17 22:53 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-17 22:50 - 2014-03-03 17:30 - 00000000 ____D () C:\Users\Beate Michaela\AppData\Local\CrashDumps 2014-09-17 22:50 - 2011-07-26 04:16 - 01645399 _____ () C:\windows\WindowsUpdate.log 2014-09-17 22:49 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-17 22:49 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 22:47 - 2014-09-17 22:47 - 00000000 ____D () C:\windows\ERUNT 2014-09-17 22:43 - 2014-09-17 22:43 - 00010525 _____ () C:\Users\Beate Michaela\Desktop\AdwCleaner[S1].txt 2014-09-17 22:43 - 2014-07-16 22:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-17 22:42 - 2013-12-20 10:15 - 00017261 _____ () C:\windows\setupact.log 2014-09-17 22:42 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-17 22:41 - 2013-12-20 10:14 - 00634348 _____ () C:\windows\PFRO.log 2014-09-17 22:40 - 2013-11-12 14:56 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:31 - 2014-09-17 22:31 - 01016035 _____ (Thisisu) C:\Users\Beate Michaela\Downloads\JRT.exe 2014-09-17 22:30 - 2014-09-17 22:28 - 01373475 _____ () C:\Users\Beate Michaela\Downloads\AdwCleaner_3.310.exe 2014-09-17 22:26 - 2014-09-17 22:26 - 00000271 _____ () C:\Users\Beate Michaela\Desktop\mbam.txt 2014-09-17 22:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system 2014-09-17 21:40 - 2014-09-17 21:40 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 21:35 - 2014-09-17 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beate Michaela\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 16:26 - 2014-09-16 16:09 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:14 - 2014-09-16 16:10 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:14 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-16 15:15 - 2013-01-05 18:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-15 14:51 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-15 13:46 - 2014-09-15 13:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-15 13:34 - 2014-09-15 13:18 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:34 - 2014-09-15 13:15 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 12:58 - 2014-09-17 08:56 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:58 - 2014-09-15 12:57 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:06 - 2014-09-15 12:05 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:41 - 2012-09-14 21:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-15 03:40 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT 2014-09-15 03:16 - 2013-06-10 17:48 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-15 03:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-09-15 03:15 - 2014-05-06 12:44 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-15 03:07 - 2010-11-20 23:01 - 01594892 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-14 22:30 - 2014-09-15 13:12 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-06 16:45 - 2013-10-22 19:02 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Hilfsjob BZL 2014-09-05 03:52 - 2014-09-14 20:38 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-14 20:38 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 19:58 - 2009-07-14 06:33 - 00350744 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-30 18:48 - 2014-08-29 19:11 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 14:30 - 2012-09-13 18:59 - 00089976 _____ () C:\Users\Beate Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-27 13:42 - 2014-08-27 13:30 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-25 06:53 - 2012-09-14 19:11 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-31 18:07 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-31 18:07 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 19:39 - 2014-09-15 03:43 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-15 03:42 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-15 03:43 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-15 03:43 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-15 03:43 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-15 03:43 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-15 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-15 03:43 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-15 03:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-15 03:43 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-15 03:43 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-15 03:43 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-15 03:43 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-15 03:43 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-15 03:43 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-15 03:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-15 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-15 03:43 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-15 03:42 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-15 03:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-15 03:43 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-15 03:43 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-15 03:43 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-15 03:43 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-15 03:43 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-15 03:43 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Beate Michaela\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 15:59 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Beate Michaela at 2014-09-17 23:19:48 Running from C:\Users\Beate Michaela\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057 - Cisco Systems, Inc.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH) Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy Resolution Manager (HKLM\...\{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}) (Version: 1.1.0 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.) Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG) Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden Nitro Reader 3 (HKLM\...\{171478A8-80AD-4295-A2D1-C3D8AE70C9F1}) (Version: 3.5.2.10 - Nitro) Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.) REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-264978880-1747315322-2305944383-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll () ==================== Restore Points ========================= 13-08-2014 12:44:00 Windows Update 17-08-2014 15:49:18 Windows Update 22-08-2014 16:15:43 Windows Update 24-08-2014 11:48:59 Windows Update 30-08-2014 10:25:03 Windows Update 31-08-2014 15:48:20 Windows Update 31-08-2014 17:51:44 Windows Update 05-09-2014 13:52:17 Windows Update 14-09-2014 18:23:09 Windows Update 15-09-2014 01:01:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E65D067-CBEB-444B-B531-555D915E11DD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {186D9905-520E-4480-95AB-53CFB4205FF0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {206510DC-A7C6-4011-8CB6-3C5F9345E9FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.) Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {769E07C5-0BE6-4A6C-B5F3-66FF67031220} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {844E9470-612D-46A9-8743-B043C03DA11C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software) Task: {8BA86EC4-EEE2-4E4E-BFC2-87533622D8F9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {A14135DA-1CF0-47C9-8C6F-94253D1D583A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {B2D1250E-ED13-4F79-B714-706089AED7B5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {BEA77058-F404-4F28-B3A1-97A9CA98C058} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-16 21:59 - 2014-07-16 21:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-17 13:02 - 2014-09-17 13:02 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14091701\algo.dll 2012-10-08 13:26 - 2010-06-17 21:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll 2014-07-16 21:59 - 2014-07-16 21:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-07-25 12:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2014-09-15 13:46 - 2014-09-15 13:46 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-12-20 07:46:08.978 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 19:43:57.918 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 13:48:22.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 71% Total physical RAM: 1013.3 MB Available physical RAM: 289.2 MB Total Pagefile: 2037.3 MB Available Pagefile: 1100.77 MB Total Virtual: 2047.88 MB Available Virtual: 1925.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:74.45 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:162.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: CD3D43EB) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
18.09.2014, 13:56 | #13 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehrESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2014, 11:14 | #14 |
| Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Hi, ich bin bis Dienstag im Urlaub. Dann poste ich wieder Neuigkeiten. Bitte bis dahin nicht löschen, ich komme wieder eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a2826e65b853bf479607cf75e151ed87 # engine=20226 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-09-19 09:57:52 # local_time=2014-09-19 11:57:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 95 183938 7318957 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 14551 162751863 0 0 # scanned=144481 # found=40 # cleaned=0 # scan_time=13821 sh=111E4FD38F0F7AD2EC2242AECCF9188F014985E1 ft=1 fh=41ab8af7457f4b58 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Savings Sidekick\Savings Sidekick-bg.exe.vir" sh=ADBE0E4DC70F87A066A5CA9998CCA34E9858D206 ft=1 fh=cc0fd52f8703f085 vn="Variante von Win32/Toolbar.CrossRider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Savings Sidekick\Savings Sidekick.dll.vir" sh=111E4FD38F0F7AD2EC2242AECCF9188F014985E1 ft=1 fh=41ab8af7457f4b58 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Savings Sidekick\Savings Sidekick.exe.vir" sh=AB60DB099BD6FB3CA4B46093EB230D322FD280ED ft=1 fh=10ee1fbade391600 vn="Win32/Toolbar.CrossRider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Savings Sidekick\Uninstall.exe.vir" sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir" sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir" sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir" sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir" sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir" sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir" sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir" sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir" sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir" sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir" sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir" sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir" sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir" sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir" sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir" sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir" sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir" sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir" sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir" sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir" sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir" sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir" sh=254E6AFDCAAB3164AFF14E8DE8B3AC1BCC39F854 ft=1 fh=1fc4ebc1d7daefee vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir" sh=F7F9FB0566FD5213BF5513AA054739E2065B6D79 ft=1 fh=94c8b7ca90c36996 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir" sh=F584788A9263B72F54478BA1B85936D04253E924 ft=1 fh=9c00240e418663a3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir" sh=F939555A426C1BD14E59E2711C450CD15ECFD549 ft=1 fh=36df6d446a148e9c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir" sh=34D258C22359F7DBAB977926003EF0BF814D0E74 ft=1 fh=b406e9dec54a62a6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir" sh=A3AF758EC386F6199DC2C921E956D7522D7897CF ft=1 fh=58e5b6d5c9901c7e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir" sh=25FBFD0F512900220DBEB49AEA33692D201BC174 ft=1 fh=165a60b3a0b2304f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir" sh=648FF80C1116BCC33A8E68098C77E5F6B8B32504 ft=1 fh=6ddfa765a635ace9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir" sh=36941F235EA5B4761F765AA51AF47D098829E640 ft=1 fh=84f81ded0ab12f97 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir" sh=41299B4F6903804D30431AF4CF7F6C13F5F933AA ft=1 fh=415b95679a2801b3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir" sh=FAA66F853E6E81745F195A8939DD5280720DF466 ft=1 fh=aff78666cd18d1e3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir" sh=BEFC0099864AA52ABB0A3B99793A5A1BF525401D ft=1 fh=64b34719c3735e0d vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\winzipersvc.exe.vir" sh=C9352C798D66F96D4F894C2BC2CDAD192B662D62 ft=1 fh=7209dc7ad243ecb3 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\Beate's alte Daten vom Laptop\Downloads\zaSetup_92_105_000_de.exe" sh=C9352C798D66F96D4F894C2BC2CDAD192B662D62 ft=1 fh=7209dc7ad243ecb3 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherungskopie Medion-Festplatte\Beate's alte Daten vom Laptop\Downloads\zaSetup_92_105_000_de.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 51 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Beate Michaela (administrator) on BEATE-NETBOOK on 19-09-2014 12:10:11 Running from C:\Users\Beate Michaela\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files\Duden\Duden Korrektor\DKTray.exe [481824 2013-09-02] (Expert System S.p.A.) HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\MountPoints2: {bd48516d-6701-11e3-a15e-e81132dc253e} - E:\ibs.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {333EB6DA-01D3-48CF-9958-CD7DA7AF19CE} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] Chrome: ======= CHR CustomProfile: C:\Users\Beate Michaela\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [87976 2012-06-07] (Cisco Systems, Inc.) R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-16] () R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software) R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] () R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software) S2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software) R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] () S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-09] (ELAN Microelectronics Corp.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-27] (Windows (R) 2003 DDK 3790 provider) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 12:10 - 2014-09-19 12:11 - 00010628 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-19 12:02 - 2014-09-19 12:02 - 00854417 _____ () C:\Users\Beate Michaela\Downloads\SecurityCheck.exe 2014-09-19 07:57 - 2014-09-19 07:57 - 00000000 ____D () C:\Program Files\ESET 2014-09-19 07:55 - 2014-09-19 07:55 - 02347384 _____ (ESET) C:\Users\Beate Michaela\Downloads\esetsmartinstaller_deu.exe 2014-09-17 22:59 - 2014-09-17 22:59 - 00001390 _____ () C:\Users\Beate Michaela\Desktop\JRT.txt 2014-09-17 22:47 - 2014-09-17 22:47 - 00000000 ____D () C:\windows\ERUNT 2014-09-17 22:43 - 2014-09-17 22:43 - 00010525 _____ () C:\Users\Beate Michaela\Desktop\AdwCleaner[S1].txt 2014-09-17 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll 2014-09-17 22:31 - 2014-09-17 22:31 - 01016035 _____ (Thisisu) C:\Users\Beate Michaela\Downloads\JRT.exe 2014-09-17 22:28 - 2014-09-17 22:30 - 01373475 _____ () C:\Users\Beate Michaela\Downloads\AdwCleaner_3.310.exe 2014-09-17 22:26 - 2014-09-17 22:26 - 00000271 _____ () C:\Users\Beate Michaela\Desktop\mbam.txt 2014-09-17 21:41 - 2014-09-17 23:10 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 21:40 - 2014-09-17 21:40 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 21:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 21:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 21:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 21:35 - 2014-09-17 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beate Michaela\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-17 08:56 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-16 16:14 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:10 - 2014-09-16 16:14 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:26 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-15 13:46 - 2014-09-19 08:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-15 13:18 - 2014-09-15 13:34 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:15 - 2014-09-15 13:34 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 13:14 - 2014-09-19 12:10 - 00000000 ____D () C:\FRST 2014-09-15 13:12 - 2014-09-14 22:30 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:57 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:05 - 2014-09-15 12:06 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:43 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-15 03:43 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-15 03:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-15 03:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-15 03:43 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-15 03:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-15 03:43 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-15 03:43 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-15 03:43 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-15 03:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-15 03:43 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-15 03:43 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-15 03:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-15 03:43 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-15 03:43 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-15 03:43 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-15 03:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-15 03:43 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-15 03:43 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-15 03:43 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-15 03:43 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-15 03:43 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-15 03:43 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-15 03:43 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-15 03:43 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-15 03:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-15 03:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-15 03:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 20:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-14 20:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-14 20:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-14 20:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-14 20:38 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-14 20:38 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-31 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-29 19:11 - 2014-08-30 18:48 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 13:30 - 2014-08-27 13:42 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-22 18:18 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-22 18:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-22 18:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-22 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-22 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 12:11 - 2014-09-19 12:10 - 00010628 _____ () C:\Users\Beate Michaela\Desktop\FRST.txt 2014-09-19 12:10 - 2014-09-15 13:14 - 00000000 ____D () C:\FRST 2014-09-19 12:02 - 2014-09-19 12:02 - 00854417 _____ () C:\Users\Beate Michaela\Downloads\SecurityCheck.exe 2014-09-19 11:43 - 2014-07-16 22:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 10:45 - 2011-07-26 04:16 - 01680950 _____ () C:\windows\WindowsUpdate.log 2014-09-19 08:14 - 2010-11-20 23:01 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-19 08:11 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-19 08:01 - 2014-09-15 13:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-19 07:57 - 2014-09-19 07:57 - 00000000 ____D () C:\Program Files\ESET 2014-09-19 07:55 - 2014-09-19 07:55 - 02347384 _____ (ESET) C:\Users\Beate Michaela\Downloads\esetsmartinstaller_deu.exe 2014-09-19 07:51 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-19 07:51 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-19 07:43 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-19 07:42 - 2013-12-20 10:15 - 00017317 _____ () C:\windows\setupact.log 2014-09-17 23:10 - 2014-09-17 21:41 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 22:59 - 2014-09-17 22:59 - 00001390 _____ () C:\Users\Beate Michaela\Desktop\JRT.txt 2014-09-17 22:50 - 2014-03-03 17:30 - 00000000 ____D () C:\Users\Beate Michaela\AppData\Local\CrashDumps 2014-09-17 22:47 - 2014-09-17 22:47 - 00000000 ____D () C:\windows\ERUNT 2014-09-17 22:43 - 2014-09-17 22:43 - 00010525 _____ () C:\Users\Beate Michaela\Desktop\AdwCleaner[S1].txt 2014-09-17 22:41 - 2013-12-20 10:14 - 00634348 _____ () C:\windows\PFRO.log 2014-09-17 22:40 - 2013-11-12 14:56 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:31 - 2014-09-17 22:31 - 01016035 _____ (Thisisu) C:\Users\Beate Michaela\Downloads\JRT.exe 2014-09-17 22:30 - 2014-09-17 22:28 - 01373475 _____ () C:\Users\Beate Michaela\Downloads\AdwCleaner_3.310.exe 2014-09-17 22:26 - 2014-09-17 22:26 - 00000271 _____ () C:\Users\Beate Michaela\Desktop\mbam.txt 2014-09-17 22:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system 2014-09-17 21:40 - 2014-09-17 21:40 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 21:40 - 2014-09-17 21:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 21:35 - 2014-09-17 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beate Michaela\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 16:26 - 2014-09-16 16:09 - 00000000 ___SD () C:\32788R22FWJFW 2014-09-16 16:14 - 2014-09-16 16:10 - 00000000 ___SD () C:\ComboFix 2014-09-16 16:10 - 2014-09-16 16:10 - 00000000 ____D () C:\Qoobox 2014-09-16 16:09 - 2014-09-16 16:09 - 00000000 ____D () C:\windows\erdnt 2014-09-16 16:08 - 2014-09-16 16:14 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Desktop\ComboFix.exe 2014-09-16 16:08 - 2014-09-16 16:08 - 05579386 ____R (Swearware) C:\Users\Beate Michaela\Downloads\ComboFix.exe 2014-09-16 15:15 - 2013-01-05 18:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-15 14:51 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-15 13:34 - 2014-09-15 13:18 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt 2014-09-15 13:34 - 2014-09-15 13:15 - 00027024 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt 2014-09-15 12:58 - 2014-09-17 08:56 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Desktop\FRST.exe 2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe 2014-09-15 12:58 - 2014-09-15 12:57 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe 2014-09-15 12:06 - 2014-09-15 12:05 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe 2014-09-15 03:41 - 2012-09-14 21:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-15 03:40 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT 2014-09-15 03:16 - 2013-06-10 17:48 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-15 03:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-09-15 03:15 - 2014-05-06 12:44 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-14 22:30 - 2014-09-15 13:12 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp 2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-14 21:43 - 2013-06-06 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-06 16:45 - 2013-10-22 19:02 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Hilfsjob BZL 2014-09-05 03:52 - 2014-09-14 20:38 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-14 20:38 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-31 19:58 - 2009-07-14 06:33 - 00350744 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-30 18:48 - 2014-08-29 19:11 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder 2014-08-27 14:30 - 2012-09-13 18:59 - 00089976 _____ () C:\Users\Beate Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-27 13:42 - 2014-08-27 13:30 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe 2014-08-25 06:53 - 2012-09-14 19:11 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-31 18:07 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-31 18:07 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Beate Michaela\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 15:59 ==================== End Of Log ============================ --- --- --- addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Beate Michaela at 2014-09-19 12:12:10 Running from C:\Users\Beate Michaela\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057 - Cisco Systems, Inc.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH) Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy Resolution Manager (HKLM\...\{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}) (Version: 1.1.0 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.) Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG) Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden Nitro Reader 3 (HKLM\...\{171478A8-80AD-4295-A2D1-C3D8AE70C9F1}) (Version: 3.5.2.10 - Nitro) Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.) REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie) Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-264978880-1747315322-2305944383-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll () ==================== Restore Points ========================= 24-08-2014 11:48:59 Windows Update 30-08-2014 10:25:03 Windows Update 31-08-2014 15:48:20 Windows Update 31-08-2014 17:51:44 Windows Update 05-09-2014 13:52:17 Windows Update 14-09-2014 18:23:09 Windows Update 15-09-2014 01:01:10 Windows Update 19-09-2014 05:52:40 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E65D067-CBEB-444B-B531-555D915E11DD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {186D9905-520E-4480-95AB-53CFB4205FF0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {206510DC-A7C6-4011-8CB6-3C5F9345E9FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.) Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {769E07C5-0BE6-4A6C-B5F3-66FF67031220} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {844E9470-612D-46A9-8743-B043C03DA11C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software) Task: {8BA86EC4-EEE2-4E4E-BFC2-87533622D8F9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {A14135DA-1CF0-47C9-8C6F-94253D1D583A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {B2D1250E-ED13-4F79-B714-706089AED7B5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe Task: {BEA77058-F404-4F28-B3A1-97A9CA98C058} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-16 21:59 - 2014-07-16 21:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-19 07:44 - 2014-09-19 07:44 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091804\algo.dll 2014-09-19 11:47 - 2014-09-19 11:47 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091900\algo.dll 2012-10-08 13:26 - 2010-06-17 21:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll 2014-07-16 21:59 - 2014-07-16 21:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-15 13:46 - 2014-09-15 13:46 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2011-07-25 12:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79210258.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/19/2014 08:11:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/19/2014 07:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 07:43:50 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/19/2014 07:43:49 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/19/2014 07:43:01 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (09/19/2014 07:44:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/19/2014 07:43:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (09/19/2014 07:43:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\windows\System32\bcmihvsrv.dll Fehlercode: 14001 Microsoft Office Sessions: ========================= Error: (09/19/2014 08:11:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/19/2014 07:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 07:43:50 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Error: (09/19/2014 07:43:49 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Error: (09/19/2014 07:43:01 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\windows\System32\bcmihvsrv.dll CodeIntegrity Errors: =================================== Date: 2013-12-20 07:46:08.978 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 19:43:57.918 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-19 13:48:22.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 67% Total physical RAM: 1013.3 MB Available physical RAM: 327.04 MB Total Pagefile: 2037.3 MB Available Pagefile: 1048.5 MB Total Virtual: 2047.88 MB Available Virtual: 1926.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:112 GB) (Free:74.43 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:162.1 GB) NTFS Drive e: (DRIVE-N-GO) (Fixed) (Total:465.65 GB) (Free:405.65 GB) FAT32 Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:885.73 GB) NTFS Drive j: () (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: CD3D43EB) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 299BABBA) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B26556BF) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 29.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=29.7 GB) - (Type=0C) ==================== End Of Log ============================ hat jetzt vor der abreise doch noch geklappt. der eset scan hat ewig gedauert, sah nicht so aus, als ob der vorher fertig wird. |
20.09.2014, 06:58 | #15 |
/// the machine /// TB-Ausbilder | Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr Java updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr |
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, conduit-search, conduit-search entfernen, defender, desktop, fehlercode 14001, flash player, homepage, installation, logfile, programm, rootkit avast, services.exe, software, svchost.exe, win32/elex.y, win32/sweetim.f, win32/sweetim.k, win32/sweetim.l, win32/toolbar.conduit.ai, win32/toolbar.crossrider.a, win32/toolbar.crossrider.b, win32/toolbar.crossrider.h, windows |