| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Telekom Abuse Team, Infektion: genericWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.02.2015, 22:12
| #1 |
| |  Telekom Abuse Team, Infektion: generic Hallo, ich habe vor kurzem einen Brief sowie 2 Mails vom Telekom-Abuse-Team erhalten mit folgendem Text: Code:
ATTFilter Sehr geehrte Kundin,
sehr geehrter Kunde,
uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein
Rechner, der sich über Ihren Internetzugang mit dem Internet verbindet,
mit einem Virus/Trojaner infiziert ist.
Die folgende IP-Adresse war zu dem genannten Zeitpunkt Ihnen zugeordnet:
IP-Adresse: XXXXXXXXXXXXX
Zeitangabe: 16.02.2015, 15:54:50 (MEZ)
Infektion: generic
Wir empfehlen Ihnen jetzt folgende Schritte:
1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und
Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer
Wahl.
2. Ändern Sie dann alle Passwörter:
- das 'Persönliche Kennwort' (für die Einwahl ins Internet)
- das 'Passwort' (für das E-Mail- und Kundencenter)
- das 'E-Mail-Passwort' (für E-Mail Programme, wie z.B. Microsoft
Outlook)
für die Dienste der Deutschen Telekom. Dies können Sie zentral im
Kundencenter unter
https://kundencenter.telekom.de/kundencenter/kundendaten/passwoerter
tätigen. Vergessen Sie nicht etwaige Passwörter für Onlinebanking,
eBay, Amazon, Paypal und so weiter, falls Sie solche Dienste nutzen.
3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das
Betriebssystem und die installierte Software aktuell sind.
Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt
wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene
Schadsoftware nicht zuvor entfernt wurde.
Wenn Sie hierbei Unterstützung benötigen, erreichen Sie uns von Montag
bis Freitag von 08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien
Rufnummer 0800 5544 300. Halten Sie hierzu Ihre Abuse-ID und
Zugangsnummer, welche Sie im Betreff finden, bereit.
Auf unserer Seite https://abusefaq.telekom.de haben wir Ihnen viele
hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt.
Wenn Sie Fragen zu unserer E-Mail haben, schreiben Sie uns an
abuse@telekom.de und geben Sie dabei Ihre im Betreff genannte
Zugangsnummer an.
Mit freundlichen Grüßen
Deutsche Telekom AG
SEC-CDM / Abuse-Team
T-Online-Allee 1
D-64295 Darmstadt
E-Mail: abuse@telekom.de
hxxp://www.t-online.de/abuse
hxxp://www.telekom.de
ERLEBEN, WAS VERBINDET.
Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben
Große Veränderungen fangen klein an - Ressourcen schonen und nicht jede
E-Mail drucken.
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail und der darin enthaltenen
Informationen sind nicht gestattet.
Auch habe ich noch an das Telekom-Abuse-Team geschrieben wg. weiteren Details und habe diese Antwort erhalten: Code:
ATTFilter So wurde die Schadsoftware entdeckt
-----------------------------------
Über Ihren Internetzugang wurde ein "Sinkhole" kontaktiert. Das ist ein
Server, der als Falle für durch Schadsoftware befallene Rechner dient,
indem er einen Command&Control-Server eines Botnets simuliert. Ein
Command&Control-Server ist ein Bestandteil eines Botnets, der zwischen
dem eigentlichen Verbrecher und seinen "Bots" vermittelt. Unter
hxxp://www.elektronik-kompendium.de/sites/net/1501041.htm finden Sie bei
Interesse eine gute Erklärung der Struktur eines Botnets sowie eine
schematische Darstellung.
Bei den beschwerdegegenständlichen Zugriffen handelt es sich nicht um
den Versand von E-Mails. Die Steuerung der Bots erfolgt über die Ports
80 (HTTP) und 443 (HTTPS), das ist die übliche Vorgehensweise der
Botnetzbetreiber, da es keine Internetzugänge gibt, bei denen diese
Ports gesperrt sind. Per HTTP(S) aktualisieren sich die Bots, liefern
gestohlene Login-Daten ab und holen sich ihre Aufgabenlisten ab: An
DoS-Attacken teilnehmen, rechtswidrige Inhalte verbreiten, Spam
versenden, usw.
Informationen zum detektierten Schädling
----------------------------------------
Leider liegen uns keine spezifischen Informationen dazu vor, welche
Schadsoftware für den Zugriff verantwortlich ist.
Aus den bisherigen Rückmeldungen anderer Kunden können wir (abgesehen
von den üblichen 'verseuchten' Windows-Rechnern) darauf schließen, dass
auch folgende Geräteklassen in Frage kommen:
- Geräte mit einer Android-Version < 4.4 (Elf Sicherheitslücken in
Systemkomponente WebView, die nicht gefixt werden, siehe
hxxp://ct.de/-2528130)
- Spezielle Geräte mit meist unixoiden OS, die einen Webserver
beinhalten. Die darauf installierte Software wird oft nicht gepflegt,
sodass veraltete Installationen (CMS, PHP, SQL, Apache, Bash, ntpd)
vorliegen, die Sicherheitslücken beinhalten. Sind diese Geräte von
außen erreichbar, kann man davon ausgehen, dass diese auch früher
oder später gefunden und missbraucht werden. In erster Linie betrifft
dies NAS (Netzwerkspeichersystem), aber auch IP-Kameras oder anderes
wären denkbar.
- Von außen erreichbare Server oder Gateways mit unixoiden OS
(betrifft insbesondere Linux und Mac OS)
Die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem
Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt,
die relevanten Zeitangaben aus den Beschwerden haben wir in die
jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:
| 217.238.145.154 Sa, 07.02.2015 14:56:22 MEZ
| 217.238.157.157 So, 08.02.2015 12:57:34 MEZ
| 217.238.136.124 Mo, 09.02.2015 07:04:55 MEZ
| 217.238.157.213 Di, 10.02.2015 19:56:01 MEZ
| 217.238.133.52 Mi, 11.02.2015 18:56:18 MEZ
| 217.238.138.7 Do, 12.02.2015 19:57:28 MEZ
| 217.238.132.122 Sa, 14.02.2015 15:57:30 MEZ
| 217.238.134.92 So, 15.02.2015 11:55:13 MEZ
| 217.238.131.95 Mo, 16.02.2015 15:54:50 MEZ
| 217.238.145.245 Di, 17.02.2015 14:57:00 MEZ
| 217.238.147.180 Mi, 18.02.2015 11:57:14 MEZ
| 217.238.142.157 Do, 19.02.2015 16:55:45 MEZ
| 217.238.141.103 Fr, 20.02.2015 13:55:33 MEZ
| 217.238.132.84 Sa, 21.02.2015 13:57:46 MEZ
Entsprechend der Anleitung habe ich alle Scans schon durchgeführt. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 23/02/2015 (Egerland)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Egerland (administrator) on EGERLAND-PC on 23-02-2015 17:05:24
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Egerland\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983 /CMPID=1213b
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {10eddee7-cbd3-11de-b12f-002454133c8b} - F:\setup.exe AUTORUN=1
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
https://www.google.de/
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> DefaultScope {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={1A83451E-68B9-495B-B0CC-DB856FABA06D}&mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 16:40:13&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: GMX MailCheck - C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\Extensions\toolbar@gmx.net [2014-12-17]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 vToolbarUpdater18.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-10] (AVG Secure Search)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 17:04 - 2015-02-23 17:05 - 00000000 ____D () C:\FRST
2015-02-23 17:00 - 2015-02-23 17:05 - 00000000 ____D () C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-23 16:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-23 15:17 - 2015-02-23 15:17 - 00000000 ___HD () C:\windows\AxInstSV
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-22 11:45 - 2015-02-23 15:20 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
2015-01-27 14:01 - 2015-01-27 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 20:04 - 2015-01-25 20:04 - 00001169 _____ () C:\Users\Egerland\Desktop\Fitbit Connect.lnk
2015-01-24 13:51 - 2015-02-18 21:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-24 13:51 - 2015-01-25 08:52 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\Program Files\Fitbit Connect
2015-01-24 13:13 - 2015-01-24 13:13 - 32688736 _____ (Fitbit Inc.) C:\Users\Egerland\Downloads\FitbitConnect_Win_20141212_2.0.0.6518.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-23 16:53 - 2009-09-17 07:44 - 01317671 _____ () C:\windows\WindowsUpdate.log
2015-02-23 16:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 16:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 16:17 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:25 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 15:17 - 2013-01-21 20:13 - 00000342 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-23 15:17 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-23 15:17 - 2009-07-14 05:39 - 00243979 _____ () C:\windows\setupact.log
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 15:35 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-22 11:41 - 2009-09-17 08:19 - 00836386 _____ () C:\windows\PFRO.log
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-21 20:58 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 16:39 - 2012-05-05 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 14:18 - 2009-11-07 13:36 - 00000000 ____D () C:\Users\Egerland\AppData\Local\Adobe
2015-01-25 16:00 - 2015-01-10 18:39 - 00126464 _____ () C:\Users\Egerland\Desktop\kalorienwochenbudget.xls
2015-01-25 15:08 - 2012-05-07 18:22 - 00000000 ____D () C:\Users\Egerland\Documents\Turbo Lister Backup
2015-01-25 09:15 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-25 09:15 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-25 09:11 - 2014-12-10 16:40 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
==================== Files in the root of some directories =======
2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-21 20:58 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\AskSLib.dll
C:\Users\Egerland\AppData\Local\Temp\avguidx.dll
C:\Users\Egerland\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\DivXSetup.exe
C:\Users\Egerland\AppData\Local\Temp\FileSystemView.dll
C:\Users\Egerland\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Egerland\AppData\Local\Temp\GLF6B54.tmp.ConduitEngineSetup.exe
C:\Users\Egerland\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Egerland\AppData\Local\Temp\InstallAX.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Egerland\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Egerland\AppData\Local\Temp\msg3D00.exe
C:\Users\Egerland\AppData\Local\Temp\NEWFB40.tmp.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{4824FC86-92EA-4F8D-976A-41FF091EC03F}.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{B0F039F7-0F24-4293-8632-95A462B79841}.exe
C:\Users\Egerland\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Egerland\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Egerland\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Egerland\AppData\Local\Temp\softonic-de3.exe
C:\Users\Egerland\AppData\Local\Temp\softonic_s_de3.exe
C:\Users\Egerland\AppData\Local\Temp\tbsoft.dll
C:\Users\Egerland\AppData\Local\Temp\tbwww..dll
C:\Users\Egerland\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\Tsu24680825.dll
C:\Users\Egerland\AppData\Local\Temp\Tsu6B95603D.dll
C:\Users\Egerland\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Egerland\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\Egerland\AppData\Local\Temp\www.Freeware-download.com.exe
C:\Users\Egerland\AppData\Local\Temp\_is9990.exe
C:\Users\Egerland\AppData\Local\Temp\_isC13C.exe
C:\Users\Egerland\AppData\Local\Temp\_isDFD3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 17:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Egerland at 2015-02-23 17:06:34
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ACSI Camp Site Guide Europe 2012 (HKLM\...\InstallShield_{B69FBCB1-805A-458B-8850-E93EC2323933}) (Version: 1.00.0000 - Ihr Firmenname)
ACSI Camp Site Guide Europe 2012 (Version: 1.00.0000 - Ihr Firmenname) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Amazon Kindle) (Version: - Amazon)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.2.0 - SlySoft)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Biet-O-Matic v2.14.10 (HKLM\...\Biet-O-Matic v2.14.10) (Version: 2.14.10 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
Canon CanoScan Toolbox 5.0 (HKLM\...\CanoScan Toolbox 5.0) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM\...\conduitEngine) (Version: 6.2.3.0 - Conduit Ltd.) <==== ATTENTION
ContentSAFER for Wizmax (HKLM\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version: - )
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Disc2Phone (HKLM\...\{6E65247F-58F9-41CA-BE69-0316F7907170}) (Version: 1.3.0.106 - Sony Media Software)
DVD2one V2.4.2 (HKLM\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
EmoDio (HKLM\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - SAMSUNG)
EmoDio (Version: 1.0 - SAMSUNG) Hidden
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Firefox 3.6 GMX Edition (HKLM\...\Firefox 3.6 GMX Edition) (Version: - GMX)
Firefox 3.6 GMX Edition (Version: 1.6 - GMX) Hidden
Fitbit Connect (HKLM\...\{08002BE6-6476-4012-8D4B-CF0AE7C71F29}) (Version: 2.0.0.6518 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GMX Update (HKLM\...\GMX Update) (Version: - GMX)
GMX Update (Version: 1.0 - GMX) Hidden
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2) (Version: - )
Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2) (Version: - )
Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version: - )
Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version: - )
Haufe iDesk-Browser (HKLM\...\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}) (Version: 8.07.16.5590 - Haufe)
Haufe iDesk-Service (HKLM\...\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}) (Version: 8.08.20.5622 - Haufe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2082 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Klett Nussknacker 2 (HKLM\...\Klett Nussknacker 2) (Version: - )
Kobo (HKLM\...\Kobo) (Version: 3.2.3 - Kobo Inc.)
Lexware Elster (HKLM\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware financial office 2011 (HKLM\...\{757469A9-396B-45E7-B069-67297D08470E}) (Version: 15.40.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten 2007 (HKLM\...\{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}) (Version: 14.00 - Lexware)
Lexware reisekosten 2007 (Version: 14.00 - Lexware) Hidden
MABBLE Junior 1.3 (HKLM\...\MABBLE Junior) (Version: 1.3 - )
MATHEARBEIT G 4.5 (HKLM\...\MATHEARBEIT G) (Version: 4.5 - MA-Software)
MATHE-PROFI 3.5 (HKLM\...\MATHE-PROFI) (Version: 3.5 - MA-Software)
MATHETEXT G 1.2 (HKLM\...\MATHETEXT G) (Version: 1.2 - )
MetaTrader 4 - RoboForex (HKLM\...\MetaTrader 4 - RoboForex) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PIXELA AAC LC CODEC (HKLM\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Power DVD Player (HKLM\...\Power DVD Player) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rasche`s Kartenspiele (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Rasche`s Kartenspiele) (Version: - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Schoener Fernsehen 0.0.0.2c (HKLM\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Steuer Update 15.09 (Version: 15.09 - Lexware) Hidden
streamWriter (HKLM\...\streamWriter_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TAXMAN 2008 (HKLM\...\{F331FBDC-7DCF-4598-9E7C-E11865677AB4}) (Version: 14.00 - Lexware)
TAXMAN 2008 (Version: 14.00 - Lexware) Hidden
TAXMAN 2009 (HKLM\...\{EFE38CC6-2592-4F93-B59B-CE4B69600890}) (Version: 15.00.00.0026 - Lexware)
TAXMAN 2009 (Version: 15.00.00.0026 - Lexware) Hidden
TAXMAN 2010 (HKLM\...\{5C5B0836-9648-4057-8044-2DF181E073E2}) (Version: 16.14.00.0002 - Haufe-Lexware GmbH & Co. KG)
TAXMAN 2011 spezial (HKLM\...\{D3898F55-9EF3-490F-8AF6-DD9EE5512BC0}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2012 (HKLM\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.10.00.0007 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2015 (HKLM\...\{5613CAD3-71ED-4207-95A0-1BA0BF465E38}) (Version: 20.27.130 - Haufe-Lexware GmbH & Co.KG)
TAXMAN Bibliothek 2008 (HKLM\...\{1716D952-F601-4A07-8988-7FCFAEDE6FDC}) (Version: 14.0.0.0 - Haufe Mediengruppe)
TAXMAN Bibliothek 2009 (HKLM\...\{700C61BE-9424-4B20-9153-7A0C59722AF4}) (Version: 15.0.1.0 - Haufe Mediengruppe)
TELL ME MORE (HKLM\...\TMM90) (Version: - )
TELL ME MORE (HKLM\...\TMM90bis) (Version: - )
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity Web Player (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WD Quick View (HKLM\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{752EC2DC-0313-435A-BF9A-9B02927C049A}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WÖRTER-ZIRKUS 1.2 (HKLM\...\WÖRTER-ZIRKUS) (Version: 1.2 - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InprocServer32 -> C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\NEROOE~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
21-02-2015 21:24:45 TAXMAN 2015 wurde installiert.
21-02-2015 21:28:10 Installed AAVUpdateManager.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13EF8802-E98C-4044-841F-09939F00B4CA} - System32\Tasks\{610DCC01-61C0-4292-8C58-AA305922EB46} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {2EA70280-0F8B-494D-933F-B7BB03B14B87} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {367DECB2-BD37-4DB0-A698-8330E9C1C2EA} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {3873F851-5E91-480B-92A7-AB8D1BFD922A} - System32\Tasks\Western Digital\SmartWare\____Volume_511e6cee_a3da_11de_8773_806e6f6e6963______Volume_a38d148b_ed08_11e0_b8a7_002454133c8b__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2014-12-02] (Western Digital Technologies, Inc.)
Task: {4C651BF6-28CA-4682-8CB8-C231ACF5953E} - System32\Tasks\{46B3FD0C-BB4C-4212-93C8-E1AF8D5ECED4} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {53BBBDF9-0E4C-464C-9193-2C582D60A182} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {5F5F4027-363A-43FD-8211-7A2BF4BF0E1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C26E75A-35C7-471F-AA49-1C8CE4E389CA} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {7A0D0A0B-DC9F-4A69-A646-1F963FCCE23E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {B2A658A5-E557-4413-BADF-0003EB869DD5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {B4A4B44D-DCB4-4BE9-8B6F-26007C2CD356} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BB01EB0E-8B75-42D7-BE30-3BF9D69CF38B} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {C5265011-C843-45D0-8F2B-0D9DE00A416F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
Task: {D26BCE6D-33D9-40F6-9B7B-44EDB866CD45} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {D3B61819-77A1-42CC-A171-783162CDF082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {EB8E8B1F-9C02-4436-9CDE-3A17A4BED76E} - System32\Tasks\{16DAC1D2-1A99-42B1-B8F5-DE02D0130882} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Task: {F7F7FBF4-798E-49B7-887A-30D694F135D8} - System32\Tasks\{ED4D7821-B5CB-454A-9385-5C49C63DB51E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsPlugin
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
==================== Loaded Modules (whitelisted) ==============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-22 15:40 - 2010-03-22 15:40 - 00011264 _____ () C:\Program Files\Netzmanager\NMInfraIS2\SoftPlugInterOp.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2009-09-17 07:50 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2009-10-16 14:16 - 2009-10-16 14:16 - 02229632 _____ () C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 01686552 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 03081752 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2007-09-06 08:28 - 2007-09-06 08:28 - 00391168 _____ () C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
2014-11-19 22:02 - 2014-11-19 22:02 - 40622592 ____R () C:\Program Files\Fitbit Connect\libcef.dll
2013-10-24 18:57 - 2013-05-15 09:10 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-10-24 18:57 - 2013-05-15 09:05 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:A42A9F39
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1131658597-4005637612-88016806-500 - Administrator - Enabled) => C:\Users\Administrator.Egerland-PC
ASPNET (S-1-5-21-1131658597-4005637612-88016806-1009 - Limited - Enabled)
Egerland (S-1-5-21-1131658597-4005637612-88016806-1000 - Administrator - Enabled) => C:\Users\Egerland
Gast (S-1-5-21-1131658597-4005637612-88016806-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1131658597-4005637612-88016806-1007 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357
System errors:
=============
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357
CodeIntegrity Errors:
===================================
Date: 2014-06-30 16:48:30.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:47:55.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:33:10.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:33:05.494
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:50:08.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:50:02.754
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:52.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:10.503
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:07.198
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:04.945
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3004.61 MB
Available physical RAM: 1799.84 MB
Total Pagefile: 6005.46 MB
Available Pagefile: 4177.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.05 GB) (Free:76.12 GB) NTFS
Drive d: () (Fixed) (Total:50.94 GB) (Free:50.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 07A54FFB)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-23 21:25:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Egerland\AppData\Local\Temp\pwdyqkob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x933C06E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x933C0800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x933C0010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x933C04D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x933C0300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x933C03E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x933C0120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x933C0210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x933C05E0]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRequestWaitReplyPort + 1499 83082995 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A2612 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 161F 830A9CE4 8 Bytes [E0, 06, 3C, 93, 00, 08, 3C, ...] {LOOPNZ 0x8; CMP AL, 0x93; ADD [EAX], CL; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1667 830A9D2C 4 Bytes [10, 00, 3C, 93] {ADC [EAX], AL; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1687 830A9D4C 4 Bytes [D0, 04, 3C, 93] {ROL BYTE [ESP+EDI], 0x1; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 1927 830A9FEC 8 Bytes [00, 03, 3C, 93, E0, 03, 3C, ...] {ADD [EBX], AL; CMP AL, 0x93; LOOPNZ 0x9; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 830A9FFC 8 Bytes [20, 01, 3C, 93, 10, 02, 3C, ...] {AND [ECX], AL; CMP AL, 0x93; ADC [EDX], AL; CMP AL, 0x93}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\ctfmon.exe[3680] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\msiexec.exe[4396] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iPod\bin\iPodService.exe[4448] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\SearchIndexer.exe[4676] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\igfxext.exe[4716] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text ...
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[7472] ole32.dll!OleLoadFromStream 74956143 5 Bytes JMP 01FD44C3 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
Device \Driver\iaStor \Device\Ide\iaStor0 AnyDVD.sys
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 AnyDVD.sys
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 AnyDVD.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B266379E 2996
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank schonmal für Eure Hilfe vorab Viele Grüße kroko123 |
|
24.02.2015, 06:14
| #2 |
| /// the machine /// TB-Ausbilder    | Telekom Abuse Team, Infektion: generic hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
24.02.2015, 17:35
| #3 |
| | Telekom Abuse Team, Infektion: generic Hallo Schrauber,
__________________vielen Dank für die schnelle Antwort. Hier sind die Logfiles: Mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.02.24.03
rootkit: v2015.02.22.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17633
Egerland :: EGERLAND-PC [administrator]
24.02.2015 15:27:46
mbar-log-2015-02-24 (15-27-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 475932
Time elapsed: 42 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 11.0.9600.17633
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 3150565376, free: 1305260032
Downloaded database version: v2015.02.24.03
Downloaded database version: v2015.02.22.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
02/24/2015 15:27:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.02.24.03
rootkit: v2015.02.22.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d8f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d8fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d8f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f39028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7A54FFB
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 486647808
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 518311936 Numsec = 106827776
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
File "c:\programdata\avg2015\chjw\60cc47a3cc4771f8.dat:e2fff535-31d9-4a0c-9155-5d16f3ab2158" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\8c82b57382b5627e.dat:07ca5e0b-b742-4e7c-9479-6b09a979005b" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\d86645d76645b752.dat:7c3ba307-658c-414a-b29f-233ac6db4d2d" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2015\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-31459328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Code:
ATTFilter 17:03:00.0720 0x104c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:03:09.0440 0x104c ============================================================
17:03:09.0440 0x104c Current date / time: 2015/02/24 17:03:09.0440
17:03:09.0440 0x104c SystemInfo:
17:03:09.0440 0x104c
17:03:09.0440 0x104c OS Version: 6.1.7601 ServicePack: 1.0
17:03:09.0440 0x104c Product type: Workstation
17:03:09.0440 0x104c ComputerName: EGERLAND-PC
17:03:09.0440 0x104c UserName: Egerland
17:03:09.0440 0x104c Windows directory: C:\windows
17:03:09.0440 0x104c System windows directory: C:\windows
17:03:09.0440 0x104c Processor architecture: Intel x86
17:03:09.0440 0x104c Number of processors: 2
17:03:09.0440 0x104c Page size: 0x1000
17:03:09.0440 0x104c Boot type: Normal boot
17:03:09.0440 0x104c ============================================================
17:03:09.0580 0x104c KLMD registered as C:\windows\system32\drivers\66759062.sys
17:03:09.0908 0x104c System UUID: {59B0E7F4-4F9A-ABCF-545B-39660A5502C3}
17:03:10.0438 0x104c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:03:10.0438 0x104c ============================================================
17:03:10.0438 0x104c \Device\Harddisk0\DR0:
17:03:10.0438 0x104c MBR partitions:
17:03:10.0438 0x104c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:03:10.0438 0x104c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1D01A800
17:03:10.0438 0x104c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EE4D000, BlocksNum 0x65E1000
17:03:10.0438 0x104c ============================================================
17:03:10.0485 0x104c C: <-> \Device\Harddisk0\DR0\Partition2
17:03:10.0548 0x104c D: <-> \Device\Harddisk0\DR0\Partition3
17:03:10.0548 0x104c ============================================================
17:03:10.0548 0x104c Initialize success
17:03:10.0548 0x104c ============================================================
17:03:24.0291 0x107c ============================================================
17:03:24.0291 0x107c Scan started
17:03:24.0291 0x107c Mode: Manual; SigCheck; TDLFS;
17:03:24.0291 0x107c ============================================================
17:03:24.0291 0x107c KSN ping started
17:03:38.0051 0x107c KSN ping finished: true
17:03:38.0909 0x107c ================ Scan system memory ========================
17:03:38.0909 0x107c System memory - ok
17:03:38.0909 0x107c ================ Scan services =============================
17:03:39.0143 0x107c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:03:39.0221 0x107c 1394ohci - ok
17:03:39.0423 0x107c [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
17:03:39.0455 0x107c AAV UpdateService - ok
17:03:39.0533 0x107c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\windows\system32\drivers\ACPI.sys
17:03:39.0564 0x107c ACPI - ok
17:03:39.0595 0x107c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:03:39.0626 0x107c AcpiPmi - ok
17:03:39.0813 0x107c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:03:39.0845 0x107c AdobeARMservice - ok
17:03:39.0954 0x107c [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:03:39.0985 0x107c AdobeFlashPlayerUpdateSvc - ok
17:03:40.0063 0x107c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:03:40.0094 0x107c adp94xx - ok
17:03:40.0125 0x107c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:03:40.0141 0x107c adpahci - ok
17:03:40.0157 0x107c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:03:40.0188 0x107c adpu320 - ok
17:03:40.0219 0x107c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:03:40.0235 0x107c AeLookupSvc - ok
17:03:40.0313 0x107c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\windows\system32\drivers\afd.sys
17:03:40.0344 0x107c AFD - ok
17:03:40.0406 0x107c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\windows\system32\drivers\agp440.sys
17:03:40.0437 0x107c agp440 - ok
17:03:40.0500 0x107c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
17:03:40.0531 0x107c aic78xx - ok
17:03:40.0593 0x107c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\windows\System32\alg.exe
17:03:40.0625 0x107c ALG - ok
17:03:40.0671 0x107c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\windows\system32\drivers\aliide.sys
17:03:40.0687 0x107c aliide - ok
17:03:40.0703 0x107c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\windows\system32\drivers\amdagp.sys
17:03:40.0718 0x107c amdagp - ok
17:03:40.0749 0x107c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\windows\system32\drivers\amdide.sys
17:03:40.0765 0x107c amdide - ok
17:03:40.0827 0x107c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:03:40.0859 0x107c AmdK8 - ok
17:03:40.0874 0x107c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:03:40.0890 0x107c AmdPPM - ok
17:03:40.0952 0x107c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:03:40.0983 0x107c amdsata - ok
17:03:40.0999 0x107c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:03:41.0015 0x107c amdsbs - ok
17:03:41.0030 0x107c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:03:41.0046 0x107c amdxata - ok
17:03:41.0155 0x107c [ 4B9828DB2CCDF6DBE82D42B2E9836759, B868910CDB5D1BA7AD2A2533380F95ED638409FFC83CE79003C135DEB1CFFBE3 ] AnyDVD C:\windows\system32\Drivers\AnyDVD.sys
17:03:41.0186 0x107c AnyDVD - ok
17:03:41.0249 0x107c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\windows\system32\drivers\appid.sys
17:03:41.0295 0x107c AppID - ok
17:03:41.0358 0x107c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\windows\System32\appidsvc.dll
17:03:41.0405 0x107c AppIDSvc - ok
17:03:41.0451 0x107c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\windows\System32\appinfo.dll
17:03:41.0483 0x107c Appinfo - ok
17:03:41.0576 0x107c [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:03:41.0592 0x107c Apple Mobile Device - ok
17:03:41.0654 0x107c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\windows\system32\DRIVERS\arc.sys
17:03:41.0670 0x107c arc - ok
17:03:41.0685 0x107c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:03:41.0701 0x107c arcsas - ok
17:03:41.0857 0x107c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:03:41.0888 0x107c aspnet_state - ok
17:03:41.0935 0x107c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:03:41.0966 0x107c AsyncMac - ok
17:03:42.0029 0x107c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\windows\system32\drivers\atapi.sys
17:03:42.0044 0x107c atapi - ok
17:03:42.0185 0x107c [ 49F17A2E79469BE6581D491706720671, C6D1497847286A0C63779B27F730526235250D2113B4BED66AF630DC1CF22527 ] athr C:\windows\system32\DRIVERS\athr.sys
17:03:42.0263 0x107c athr - ok
17:03:42.0341 0x107c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:03:42.0372 0x107c AudioEndpointBuilder - ok
17:03:42.0387 0x107c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\windows\System32\Audiosrv.dll
17:03:42.0419 0x107c Audiosrv - ok
17:03:42.0528 0x107c [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx C:\windows\system32\DRIVERS\avgdiskx.sys
17:03:42.0559 0x107c Avgdiskx - ok
17:03:42.0996 0x107c [ 2568C3B3A5B58D04CE89A37C12576B73, D7178D0E780071C9C8B2917B873F2ED105890DFB87472B377B5A8C2EC1E3F0D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2015\avgidsagent.exe
17:03:43.0105 0x107c AVGIDSAgent - ok
17:03:43.0214 0x107c [ EB1AA821F99D5D2DA05511AE8D4704C4, 68AE41B7DA35200B24E27733DC05D9DA1F2D4C98524531AB8F1BD2AB4AFC831C ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys
17:03:43.0245 0x107c AVGIDSDriver - ok
17:03:43.0308 0x107c [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys
17:03:43.0323 0x107c AVGIDSHX - ok
17:03:43.0355 0x107c [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys
17:03:43.0370 0x107c AVGIDSShim - ok
17:03:43.0448 0x107c [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys
17:03:43.0479 0x107c Avgldx86 - ok
17:03:43.0526 0x107c [ D94378757947E02AE9BC484DF196A44D, 91B711C07320EFFDB780356EF84D39A06673198C4E0B45EE1D1412B996CB9227 ] Avglogx C:\windows\system32\DRIVERS\avglogx.sys
17:03:43.0542 0x107c Avglogx - ok
17:03:43.0604 0x107c [ 35DD83C14AA01F4817BA46A4D6B6A520, 563619CDFC2ACC061C2421091E3527CA3C6C5F595008C5E9E45CFBE954D45841 ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys
17:03:43.0635 0x107c Avgmfx86 - ok
17:03:43.0682 0x107c [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys
17:03:43.0698 0x107c Avgrkx86 - ok
17:03:43.0760 0x107c [ 5A22A7A67BFB67D3223B7A339FC97780, 1DADB75B30665866FC93DADDC1EC9F612CD8CE5EC8582BCAF2A527FFDAFF8DBE ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys
17:03:43.0776 0x107c Avgtdix - ok
17:03:43.0854 0x107c [ B63C803D00D231392BE12F317F56F833, AE6105A1B69AD7CF4A29974028D25C062ABE9480DC0C982EBF0597728166D20E ] avgtp C:\windows\system32\drivers\avgtpx86.sys
17:03:43.0885 0x107c avgtp - ok
17:03:43.0963 0x107c [ 9B3B23AF6396FCC8899F0214A27EE49A, 187D8D2726891000702A4FAFDE9DFF1750F8B9C7EDE474547177E1213E0CCAF7 ] avgwd C:\Program Files\AVG\AVG2015\avgwdsvc.exe
17:03:43.0994 0x107c avgwd - ok
17:03:44.0072 0x107c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\windows\System32\AxInstSV.dll
17:03:44.0103 0x107c AxInstSV - ok
17:03:44.0181 0x107c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
17:03:44.0228 0x107c b06bdrv - ok
17:03:44.0275 0x107c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
17:03:44.0306 0x107c b57nd60x - ok
17:03:44.0415 0x107c [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:03:44.0431 0x107c BcmSqlStartupSvc - ok
17:03:44.0478 0x107c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\windows\System32\bdesvc.dll
17:03:44.0493 0x107c BDESVC - ok
17:03:44.0509 0x107c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\windows\system32\drivers\Beep.sys
17:03:44.0540 0x107c Beep - ok
17:03:44.0618 0x107c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\windows\System32\bfe.dll
17:03:44.0649 0x107c BFE - ok
17:03:44.0712 0x107c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\windows\System32\qmgr.dll
17:03:44.0759 0x107c BITS - ok
17:03:44.0790 0x107c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:03:44.0805 0x107c blbdrive - ok
17:03:44.0915 0x107c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:03:44.0946 0x107c Bonjour Service - ok
17:03:44.0977 0x107c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:03:45.0008 0x107c bowser - ok
17:03:45.0039 0x107c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:03:45.0055 0x107c BrFiltLo - ok
17:03:45.0071 0x107c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:03:45.0086 0x107c BrFiltUp - ok
17:03:45.0133 0x107c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\windows\System32\browser.dll
17:03:45.0149 0x107c Browser - ok
17:03:45.0180 0x107c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:03:45.0211 0x107c Brserid - ok
17:03:45.0242 0x107c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:03:45.0258 0x107c BrSerWdm - ok
17:03:45.0289 0x107c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:03:45.0305 0x107c BrUsbMdm - ok
17:03:45.0336 0x107c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:03:45.0351 0x107c BrUsbSer - ok
17:03:45.0398 0x107c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:03:45.0429 0x107c BTHMODEM - ok
17:03:45.0476 0x107c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\windows\system32\bthserv.dll
17:03:45.0539 0x107c bthserv - ok
17:03:45.0585 0x107c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:03:45.0632 0x107c cdfs - ok
17:03:45.0695 0x107c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:03:45.0726 0x107c cdrom - ok
17:03:45.0804 0x107c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\windows\System32\certprop.dll
17:03:45.0835 0x107c CertPropSvc - ok
17:03:45.0913 0x107c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:03:45.0944 0x107c circlass - ok
17:03:45.0975 0x107c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\windows\system32\CLFS.sys
17:03:45.0991 0x107c CLFS - ok
17:03:46.0053 0x107c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:46.0069 0x107c clr_optimization_v2.0.50727_32 - ok
17:03:46.0147 0x107c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:46.0163 0x107c clr_optimization_v4.0.30319_32 - ok
17:03:46.0178 0x107c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:03:46.0194 0x107c CmBatt - ok
17:03:46.0225 0x107c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\windows\system32\drivers\cmdide.sys
17:03:46.0241 0x107c cmdide - ok
17:03:46.0287 0x107c [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG C:\windows\system32\Drivers\cng.sys
17:03:46.0303 0x107c CNG - ok
17:03:46.0350 0x107c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:03:46.0381 0x107c Compbatt - ok
17:03:46.0443 0x107c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:03:46.0475 0x107c CompositeBus - ok
17:03:46.0506 0x107c COMSysApp - ok
17:03:46.0537 0x107c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:03:46.0553 0x107c crcdisk - ok
17:03:46.0631 0x107c [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:03:46.0662 0x107c CryptSvc - ok
17:03:46.0724 0x107c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\windows\system32\rpcss.dll
17:03:46.0771 0x107c DcomLaunch - ok
17:03:46.0818 0x107c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\windows\System32\defragsvc.dll
17:03:46.0849 0x107c defragsvc - ok
17:03:46.0880 0x107c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:03:46.0927 0x107c DfsC - ok
17:03:47.0005 0x107c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\windows\system32\dhcpcore.dll
17:03:47.0036 0x107c Dhcp - ok
17:03:47.0052 0x107c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\windows\system32\drivers\discache.sys
17:03:47.0083 0x107c discache - ok
17:03:47.0130 0x107c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\windows\system32\DRIVERS\disk.sys
17:03:47.0145 0x107c Disk - ok
17:03:47.0177 0x107c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\windows\System32\dnsrslvr.dll
17:03:47.0208 0x107c Dnscache - ok
17:03:47.0239 0x107c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\windows\System32\dot3svc.dll
17:03:47.0286 0x107c dot3svc - ok
17:03:47.0348 0x107c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\windows\system32\dps.dll
17:03:47.0379 0x107c DPS - ok
17:03:47.0442 0x107c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:03:47.0473 0x107c drmkaud - ok
17:03:47.0551 0x107c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:03:47.0598 0x107c DXGKrnl - ok
17:03:47.0645 0x107c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\windows\System32\eapsvc.dll
17:03:47.0691 0x107c EapHost - ok
17:03:47.0879 0x107c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
17:03:47.0972 0x107c ebdrv - ok
17:03:48.0019 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS C:\windows\System32\lsass.exe
17:03:48.0050 0x107c EFS - ok
17:03:48.0144 0x107c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:03:48.0175 0x107c ehRecvr - ok
17:03:48.0222 0x107c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\windows\ehome\ehsched.exe
17:03:48.0237 0x107c ehSched - ok
17:03:48.0300 0x107c [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO C:\windows\system32\Drivers\ElbyCDIO.sys
17:03:48.0315 0x107c ElbyCDIO - ok
17:03:48.0409 0x107c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:03:48.0440 0x107c elxstor - ok
17:03:48.0471 0x107c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:03:48.0487 0x107c ErrDev - ok
17:03:48.0549 0x107c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\windows\system32\es.dll
17:03:48.0581 0x107c EventSystem - ok
17:03:48.0612 0x107c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\windows\system32\drivers\exfat.sys
17:03:48.0643 0x107c exfat - ok
17:03:48.0674 0x107c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:03:48.0705 0x107c fastfat - ok
17:03:48.0768 0x107c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\windows\system32\fxssvc.exe
17:03:48.0799 0x107c Fax - ok
17:03:48.0861 0x107c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:03:48.0893 0x107c fdc - ok
17:03:48.0908 0x107c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\windows\system32\fdPHost.dll
17:03:48.0939 0x107c fdPHost - ok
17:03:48.0971 0x107c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\windows\system32\fdrespub.dll
17:03:49.0002 0x107c FDResPub - ok
17:03:49.0017 0x107c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:03:49.0033 0x107c FileInfo - ok
17:03:49.0049 0x107c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:03:49.0080 0x107c Filetrace - ok
17:03:49.0423 0x107c [ 65A89589DD9FE02F6F71F8F3CCA51E7A, 65D2FE2553BA7B8B249AA9F389EE4ACBB547C2586C7DA99AEE140A2AA6021820 ] Fitbit Connect C:\Program Files\Fitbit Connect\FitbitConnectService.exe
17:03:49.0579 0x107c Fitbit Connect - ok
17:03:49.0626 0x107c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:03:49.0641 0x107c flpydisk - ok
17:03:49.0719 0x107c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:03:49.0735 0x107c FltMgr - ok
17:03:49.0829 0x107c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\windows\system32\FntCache.dll
17:03:49.0860 0x107c FontCache - ok
17:03:49.0922 0x107c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:03:49.0953 0x107c FontCache3.0.0.0 - ok
17:03:49.0969 0x107c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:03:49.0985 0x107c FsDepends - ok
17:03:50.0047 0x107c [ 2B3BF55BA74EB8118F67AB2B450B8EA9, 6D09D75105FE374E0865A2E5C1F9460AF938B6F62604F0C97B31ED9ADD4AFF4E ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
17:03:50.0078 0x107c fssfltr - ok
17:03:50.0250 0x107c [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:03:50.0297 0x107c fsssvc - ok
17:03:50.0343 0x107c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:03:50.0359 0x107c Fs_Rec - ok
17:03:50.0421 0x107c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:03:50.0437 0x107c fvevol - ok
17:03:50.0484 0x107c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:03:50.0499 0x107c gagp30kx - ok
17:03:50.0562 0x107c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:50.0593 0x107c GEARAspiWDM - ok
17:03:50.0671 0x107c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\windows\System32\gpsvc.dll
17:03:50.0702 0x107c gpsvc - ok
17:03:50.0858 0x107c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate1cacc505e5a502c C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:50.0874 0x107c gupdate1cacc505e5a502c - ok
17:03:50.0921 0x107c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:50.0936 0x107c gupdatem - ok
17:03:50.0999 0x107c [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:03:51.0030 0x107c gusvc - ok
17:03:51.0061 0x107c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:03:51.0077 0x107c hcw85cir - ok
17:03:51.0155 0x107c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:03:51.0186 0x107c HdAudAddService - ok
17:03:51.0233 0x107c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:03:51.0248 0x107c HDAudBus - ok
17:03:51.0279 0x107c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:03:51.0295 0x107c HidBatt - ok
17:03:51.0326 0x107c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:03:51.0357 0x107c HidBth - ok
17:03:51.0404 0x107c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:03:51.0420 0x107c HidIr - ok
17:03:51.0467 0x107c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\windows\system32\hidserv.dll
17:03:51.0498 0x107c hidserv - ok
17:03:51.0545 0x107c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:03:51.0576 0x107c HidUsb - ok
17:03:51.0623 0x107c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\windows\system32\kmsvc.dll
17:03:51.0654 0x107c hkmsvc - ok
17:03:51.0716 0x107c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:03:51.0747 0x107c HomeGroupListener - ok
17:03:51.0794 0x107c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:03:51.0825 0x107c HomeGroupProvider - ok
17:03:51.0888 0x107c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:03:51.0903 0x107c HpSAMD - ok
17:03:51.0981 0x107c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:03:52.0028 0x107c HTTP - ok
17:03:52.0059 0x107c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:03:52.0091 0x107c hwpolicy - ok
17:03:52.0153 0x107c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:03:52.0184 0x107c i8042prt - ok
17:03:52.0262 0x107c [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:03:52.0293 0x107c iaStor - ok
17:03:52.0340 0x107c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:03:52.0371 0x107c iaStorV - ok
17:03:52.0496 0x107c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:03:52.0512 0x107c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
17:03:55.0039 0x107c Detect skipped due to KSN trusted
17:03:55.0039 0x107c IDriverT - ok
17:03:55.0133 0x107c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:03:55.0164 0x107c idsvc - ok
17:03:55.0195 0x107c IEEtwCollectorService - ok
17:03:55.0554 0x107c [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
17:03:55.0803 0x107c igfx - ok
17:03:55.0897 0x107c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:03:55.0928 0x107c iirsp - ok
17:03:56.0022 0x107c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\windows\System32\ikeext.dll
17:03:56.0053 0x107c IKEEXT - ok
17:03:56.0256 0x107c [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F, D5533A7BA7BE65D5D5CE137795419E6C49B51B15B7450C319EE0EA9A83AC73E0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
17:03:56.0334 0x107c IntcAzAudAddService - ok
17:03:56.0396 0x107c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\windows\system32\drivers\intelide.sys
17:03:56.0412 0x107c intelide - ok
17:03:56.0459 0x107c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:03:56.0490 0x107c intelppm - ok
17:03:56.0521 0x107c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:03:56.0552 0x107c IPBusEnum - ok
17:03:56.0583 0x107c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:03:56.0615 0x107c IpFilterDriver - ok
17:03:56.0693 0x107c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:03:56.0724 0x107c iphlpsvc - ok
17:03:56.0755 0x107c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:03:56.0786 0x107c IPMIDRV - ok
17:03:56.0802 0x107c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:03:56.0849 0x107c IPNAT - ok
17:03:56.0942 0x107c [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:03:56.0973 0x107c iPod Service - ok
17:03:57.0020 0x107c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\windows\system32\drivers\irenum.sys
17:03:57.0051 0x107c IRENUM - ok
17:03:57.0067 0x107c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\windows\system32\drivers\isapnp.sys
17:03:57.0098 0x107c isapnp - ok
17:03:57.0145 0x107c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:03:57.0176 0x107c iScsiPrt - ok
17:03:57.0223 0x107c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:03:57.0239 0x107c kbdclass - ok
17:03:57.0270 0x107c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:03:57.0285 0x107c kbdhid - ok
17:03:57.0317 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso C:\windows\system32\lsass.exe
17:03:57.0332 0x107c KeyIso - ok
17:03:57.0379 0x107c [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:03:57.0410 0x107c KSecDD - ok
17:03:57.0441 0x107c [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:03:57.0457 0x107c KSecPkg - ok
17:03:57.0504 0x107c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\windows\system32\msdtckrm.dll
17:03:57.0535 0x107c KtmRm - ok
17:03:57.0582 0x107c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\windows\system32\srvsvc.dll
17:03:57.0613 0x107c LanmanServer - ok
17:03:57.0644 0x107c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:03:57.0675 0x107c LanmanWorkstation - ok
17:03:57.0722 0x107c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:03:57.0753 0x107c lltdio - ok
17:03:57.0800 0x107c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:03:57.0831 0x107c lltdsvc - ok
17:03:57.0847 0x107c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\windows\System32\lmhsvc.dll
17:03:57.0878 0x107c lmhosts - ok
17:03:57.0925 0x107c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:03:57.0956 0x107c LSI_FC - ok
17:03:57.0972 0x107c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:03:57.0987 0x107c LSI_SAS - ok
17:03:58.0003 0x107c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:03:58.0019 0x107c LSI_SAS2 - ok
17:03:58.0034 0x107c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:03:58.0050 0x107c LSI_SCSI - ok
17:03:58.0081 0x107c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\windows\system32\drivers\luafv.sys
17:03:58.0128 0x107c luafv - ok
17:03:58.0175 0x107c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:03:58.0206 0x107c Mcx2Svc - ok
17:03:58.0237 0x107c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:03:58.0253 0x107c megasas - ok
17:03:58.0284 0x107c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:03:58.0315 0x107c MegaSR - ok
17:03:58.0346 0x107c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\windows\system32\mmcss.dll
17:03:58.0377 0x107c MMCSS - ok
17:03:58.0393 0x107c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\windows\system32\drivers\modem.sys
17:03:58.0424 0x107c Modem - ok
17:03:58.0455 0x107c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:03:58.0487 0x107c monitor - ok
17:03:58.0533 0x107c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:03:58.0565 0x107c mouclass - ok
17:03:58.0596 0x107c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:03:58.0611 0x107c mouhid - ok
17:03:58.0658 0x107c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:03:58.0674 0x107c mountmgr - ok
17:03:58.0814 0x107c [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:03:58.0830 0x107c MozillaMaintenance - ok
17:03:58.0861 0x107c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\windows\system32\drivers\mpio.sys
17:03:58.0892 0x107c mpio - ok
17:03:58.0955 0x107c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:03:58.0986 0x107c mpsdrv - ok
17:03:59.0033 0x107c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\windows\system32\mpssvc.dll
17:03:59.0095 0x107c MpsSvc - ok
17:03:59.0142 0x107c [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:03:59.0173 0x107c MRxDAV - ok
17:03:59.0235 0x107c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:03:59.0267 0x107c mrxsmb - ok
17:03:59.0313 0x107c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:03:59.0360 0x107c mrxsmb10 - ok
17:03:59.0376 0x107c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:03:59.0407 0x107c mrxsmb20 - ok
17:03:59.0438 0x107c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\windows\system32\drivers\msahci.sys
17:03:59.0454 0x107c msahci - ok
17:03:59.0485 0x107c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:03:59.0501 0x107c msdsm - ok
17:03:59.0532 0x107c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\windows\System32\msdtc.exe
17:03:59.0563 0x107c MSDTC - ok
17:03:59.0610 0x107c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\windows\system32\drivers\Msfs.sys
17:03:59.0641 0x107c Msfs - ok
17:03:59.0672 0x107c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:03:59.0703 0x107c mshidkmdf - ok
17:03:59.0735 0x107c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:03:59.0750 0x107c msisadrv - ok
17:03:59.0813 0x107c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:03:59.0859 0x107c MSiSCSI - ok
17:03:59.0859 0x107c msiserver - ok
17:03:59.0891 0x107c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:03:59.0922 0x107c MSKSSRV - ok
17:03:59.0937 0x107c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:03:59.0969 0x107c MSPCLOCK - ok
17:03:59.0984 0x107c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:04:00.0015 0x107c MSPQM - ok
17:04:00.0047 0x107c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:04:00.0062 0x107c MsRPC - ok
17:04:00.0078 0x107c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:04:00.0093 0x107c mssmbios - ok
17:04:00.0187 0x107c MSSQL$MSSMLBIZ - ok
17:04:00.0234 0x107c [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:04:00.0249 0x107c MSSQLServerADHelper - ok
17:04:00.0265 0x107c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:04:00.0296 0x107c MSTEE - ok
17:04:00.0312 0x107c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:04:00.0327 0x107c MTConfig - ok
17:04:00.0343 0x107c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\windows\system32\Drivers\mup.sys
17:04:00.0359 0x107c Mup - ok
17:04:00.0390 0x107c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\windows\system32\qagentRT.dll
17:04:00.0437 0x107c napagent - ok
17:04:00.0499 0x107c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:04:00.0546 0x107c NativeWifiP - ok
17:04:00.0639 0x107c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\windows\system32\drivers\ndis.sys
17:04:00.0671 0x107c NDIS - ok
17:04:00.0686 0x107c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:04:00.0717 0x107c NdisCap - ok
17:04:00.0764 0x107c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:04:00.0795 0x107c NdisTapi - ok
17:04:00.0858 0x107c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:04:00.0905 0x107c Ndisuio - ok
17:04:00.0951 0x107c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:04:00.0998 0x107c NdisWan - ok
17:04:01.0045 0x107c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:04:01.0076 0x107c NDProxy - ok
17:04:01.0123 0x107c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:04:01.0170 0x107c NetBIOS - ok
17:04:01.0217 0x107c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:04:01.0248 0x107c NetBT - ok
17:04:01.0295 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon C:\windows\system32\lsass.exe
17:04:01.0310 0x107c Netlogon - ok
17:04:01.0357 0x107c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\windows\System32\netman.dll
17:04:01.0404 0x107c Netman - ok
17:04:01.0482 0x107c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0513 0x107c NetMsmqActivator - ok
17:04:01.0544 0x107c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0560 0x107c NetPipeActivator - ok
17:04:01.0575 0x107c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\windows\System32\netprofm.dll
17:04:01.0622 0x107c netprofm - ok
17:04:01.0638 0x107c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0653 0x107c NetTcpActivator - ok
17:04:01.0653 0x107c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0685 0x107c NetTcpPortSharing - ok
17:04:01.0794 0x107c [ 450D0D2062C54DDA23583A78C0EB63D9, CEFB192B635222A2C5ADE8C0778E8228B3200DA94ECF870B9AC330557298E709 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
17:04:01.0809 0x107c Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 )
17:04:04.0352 0x107c Detect skipped due to KSN trusted
17:04:04.0352 0x107c Netzmanager Service - ok
17:04:04.0415 0x107c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:04:04.0446 0x107c nfrd960 - ok
17:04:04.0493 0x107c [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\windows\System32\nlasvc.dll
17:04:04.0508 0x107c NlaSvc - ok
17:04:04.0555 0x107c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:04:04.0586 0x107c Npfs - ok
17:04:04.0617 0x107c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\windows\system32\nsisvc.dll
17:04:04.0649 0x107c nsi - ok
17:04:04.0664 0x107c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:04:04.0695 0x107c nsiproxy - ok
17:04:04.0789 0x107c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:04:04.0836 0x107c Ntfs - ok
17:04:04.0867 0x107c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\windows\system32\drivers\Null.sys
17:04:04.0898 0x107c Null - ok
17:04:04.0961 0x107c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\windows\system32\drivers\nvraid.sys
17:04:04.0976 0x107c nvraid - ok
17:04:05.0007 0x107c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\windows\system32\drivers\nvstor.sys
17:04:05.0023 0x107c nvstor - ok
17:04:05.0054 0x107c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:04:05.0085 0x107c nv_agp - ok
17:04:05.0163 0x107c [ B5D5DA8230D3D3525839D939A9196C3E, 32058E8D55D55D3E0EA31AFC37548B8F904A946D97E5E5FBC079AB1AD1650A60 ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
17:04:05.0195 0x107c OberonGameConsoleService - ok
17:04:05.0226 0x107c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:04:05.0257 0x107c ohci1394 - ok
17:04:05.0351 0x107c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:04:05.0366 0x107c ose - ok
17:04:05.0429 0x107c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:04:05.0460 0x107c p2pimsvc - ok
17:04:05.0507 0x107c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\windows\system32\p2psvc.dll
17:04:05.0538 0x107c p2psvc - ok
17:04:05.0569 0x107c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\windows\system32\DRIVERS\parport.sys
17:04:05.0585 0x107c Parport - ok
17:04:05.0616 0x107c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\windows\system32\drivers\partmgr.sys
17:04:05.0631 0x107c partmgr - ok
17:04:05.0647 0x107c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
17:04:05.0663 0x107c Parvdm - ok
17:04:05.0694 0x107c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\windows\System32\pcasvc.dll
17:04:05.0709 0x107c PcaSvc - ok
17:04:05.0741 0x107c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\windows\system32\drivers\pci.sys
17:04:05.0772 0x107c pci - ok
17:04:05.0787 0x107c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\windows\system32\drivers\pciide.sys
17:04:05.0803 0x107c pciide - ok
17:04:05.0834 0x107c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:04:05.0850 0x107c pcmcia - ok
17:04:05.0881 0x107c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\windows\system32\drivers\pcw.sys
17:04:05.0897 0x107c pcw - ok
17:04:05.0943 0x107c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:04:06.0006 0x107c PEAUTH - ok
17:04:06.0115 0x107c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\windows\system32\pla.dll
17:04:06.0193 0x107c pla - ok
17:04:06.0255 0x107c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:04:06.0302 0x107c PlugPlay - ok
17:04:06.0318 0x107c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:04:06.0333 0x107c PNRPAutoReg - ok
17:04:06.0365 0x107c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:04:06.0396 0x107c PNRPsvc - ok
17:04:06.0458 0x107c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:04:06.0521 0x107c PolicyAgent - ok
17:04:06.0567 0x107c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\windows\system32\umpo.dll
17:04:06.0614 0x107c Power - ok
17:04:06.0661 0x107c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:04:06.0708 0x107c PptpMiniport - ok
17:04:06.0723 0x107c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\windows\system32\DRIVERS\processr.sys
17:04:06.0739 0x107c Processor - ok
17:04:06.0801 0x107c [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\windows\system32\profsvc.dll
17:04:06.0833 0x107c ProfSvc - ok
17:04:06.0848 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\windows\system32\lsass.exe
17:04:06.0879 0x107c ProtectedStorage - ok
17:04:06.0926 0x107c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:04:06.0973 0x107c Psched - ok
17:04:07.0051 0x107c [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
17:04:07.0067 0x107c PxHelp20 - ok
17:04:07.0145 0x107c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:04:07.0191 0x107c ql2300 - ok
17:04:07.0223 0x107c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:04:07.0254 0x107c ql40xx - ok
17:04:07.0285 0x107c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\windows\system32\qwave.dll
17:04:07.0316 0x107c QWAVE - ok
17:04:07.0347 0x107c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:04:07.0363 0x107c QWAVEdrv - ok
17:04:07.0379 0x107c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:04:07.0410 0x107c RasAcd - ok
17:04:07.0472 0x107c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:04:07.0519 0x107c RasAgileVpn - ok
17:04:07.0535 0x107c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\windows\System32\rasauto.dll
17:04:07.0581 0x107c RasAuto - ok
17:04:07.0597 0x107c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:04:07.0628 0x107c Rasl2tp - ok
17:04:07.0675 0x107c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\windows\System32\rasmans.dll
17:04:07.0722 0x107c RasMan - ok
17:04:07.0737 0x107c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:04:07.0769 0x107c RasPppoe - ok
17:04:07.0784 0x107c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:04:07.0815 0x107c RasSstp - ok
17:04:07.0862 0x107c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:04:07.0909 0x107c rdbss - ok
17:04:07.0925 0x107c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:04:07.0956 0x107c rdpbus - ok
17:04:07.0971 0x107c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:04:08.0003 0x107c RDPCDD - ok
17:04:08.0049 0x107c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:04:08.0081 0x107c RDPENCDD - ok
17:04:08.0096 0x107c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:04:08.0127 0x107c RDPREFMP - ok
17:04:08.0252 0x107c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
17:04:08.0283 0x107c RdpVideoMiniport - ok
17:04:08.0330 0x107c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:04:08.0346 0x107c RDPWD - ok
17:04:08.0408 0x107c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:04:08.0439 0x107c rdyboost - ok
17:04:08.0486 0x107c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\windows\System32\mprdim.dll
17:04:08.0517 0x107c RemoteAccess - ok
17:04:08.0564 0x107c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\windows\system32\regsvc.dll
17:04:08.0595 0x107c RemoteRegistry - ok
17:04:08.0642 0x107c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:04:08.0689 0x107c RpcEptMapper - ok
17:04:08.0705 0x107c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\windows\system32\locator.exe
17:04:08.0720 0x107c RpcLocator - ok
17:04:08.0767 0x107c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\windows\system32\rpcss.dll
17:04:08.0798 0x107c RpcSs - ok
17:04:08.0829 0x107c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:04:08.0861 0x107c rspndr - ok
17:04:08.0907 0x107c [ 6465166DD9B2F841DABAD16ABDADBE98, C5E93E9739A14375A8242D11F3661A2D069DC0F88DD13C869F525E19808A362E ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
17:04:08.0939 0x107c RTL8167 - ok
17:04:08.0985 0x107c [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI C:\windows\system32\Drivers\SABI.sys
17:04:09.0017 0x107c SABI - ok
17:04:09.0063 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs C:\windows\system32\lsass.exe
17:04:09.0079 0x107c SamSs - ok
17:04:09.0157 0x107c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:04:09.0173 0x107c sbp2port - ok
17:04:09.0219 0x107c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\windows\System32\SCardSvr.dll
17:04:09.0251 0x107c SCardSvr - ok
17:04:09.0266 0x107c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:04:09.0313 0x107c scfilter - ok
17:04:09.0391 0x107c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\windows\system32\schedsvc.dll
17:04:09.0438 0x107c Schedule - ok
17:04:09.0469 0x107c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\windows\System32\certprop.dll
17:04:09.0516 0x107c SCPolicySvc - ok
17:04:09.0547 0x107c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:04:09.0563 0x107c SDRSVC - ok
17:04:09.0625 0x107c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:04:09.0672 0x107c secdrv - ok
17:04:09.0687 0x107c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\windows\system32\seclogon.dll
17:04:09.0719 0x107c seclogon - ok
17:04:09.0734 0x107c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\windows\System32\sens.dll
17:04:09.0765 0x107c SENS - ok
17:04:09.0812 0x107c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:04:09.0843 0x107c SensrSvc - ok
17:04:09.0890 0x107c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:04:09.0906 0x107c Serenum - ok
17:04:09.0953 0x107c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\windows\system32\DRIVERS\serial.sys
17:04:09.0984 0x107c Serial - ok
17:04:09.0999 0x107c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:04:10.0031 0x107c sermouse - ok
17:04:10.0077 0x107c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\windows\system32\sessenv.dll
17:04:10.0109 0x107c SessionEnv - ok
17:04:10.0140 0x107c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:04:10.0171 0x107c sffdisk - ok
17:04:10.0187 0x107c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:04:10.0202 0x107c sffp_mmc - ok
17:04:10.0218 0x107c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:04:10.0233 0x107c sffp_sd - ok
17:04:10.0265 0x107c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:04:10.0296 0x107c sfloppy - ok
17:04:10.0358 0x107c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\windows\System32\ipnathlp.dll
17:04:10.0405 0x107c SharedAccess - ok
17:04:10.0436 0x107c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:04:10.0467 0x107c ShellHWDetection - ok
17:04:10.0499 0x107c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\windows\system32\drivers\sisagp.sys
17:04:10.0514 0x107c sisagp - ok
17:04:10.0561 0x107c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:04:10.0577 0x107c SiSRaid2 - ok
17:04:10.0608 0x107c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:04:10.0623 0x107c SiSRaid4 - ok
17:04:10.0623 0x107c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:04:10.0655 0x107c Smb - ok
17:04:10.0717 0x107c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:04:10.0733 0x107c SNMPTRAP - ok
17:04:10.0779 0x107c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\windows\system32\drivers\spldr.sys
17:04:10.0795 0x107c spldr - ok
17:04:10.0842 0x107c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\windows\System32\spoolsv.exe
17:04:10.0857 0x107c Spooler - ok
17:04:11.0013 0x107c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\windows\system32\sppsvc.exe
17:04:11.0138 0x107c sppsvc - ok
17:04:11.0185 0x107c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\windows\system32\sppuinotify.dll
17:04:11.0232 0x107c sppuinotify - ok
17:04:11.0279 0x107c [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:04:11.0294 0x107c SQLBrowser - ok
17:04:11.0357 0x107c [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:04:11.0357 0x107c SQLWriter - ok
17:04:11.0419 0x107c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\windows\system32\DRIVERS\srv.sys
17:04:11.0435 0x107c srv - ok
17:04:11.0466 0x107c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:04:11.0481 0x107c srv2 - ok
17:04:11.0497 0x107c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:04:11.0513 0x107c srvnet - ok
17:04:11.0559 0x107c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:04:11.0606 0x107c SSDPSRV - ok
17:04:11.0637 0x107c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\windows\system32\sstpsvc.dll
17:04:11.0669 0x107c SstpSvc - ok
17:04:11.0700 0x107c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:04:11.0715 0x107c stexstor - ok
17:04:11.0762 0x107c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\windows\System32\wiaservc.dll
17:04:11.0793 0x107c StiSvc - ok
17:04:11.0840 0x107c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\windows\system32\drivers\swenum.sys
17:04:11.0856 0x107c swenum - ok
17:04:11.0887 0x107c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\windows\System32\swprv.dll
17:04:11.0934 0x107c swprv - ok
17:04:12.0012 0x107c [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:04:12.0027 0x107c SynTP - ok
17:04:12.0090 0x107c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\windows\system32\sysmain.dll
17:04:12.0152 0x107c SysMain - ok
17:04:12.0199 0x107c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
17:04:12.0215 0x107c TabletInputService - ok
17:04:12.0261 0x107c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\windows\System32\tapisrv.dll
17:04:12.0308 0x107c TapiSrv - ok
17:04:12.0339 0x107c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\windows\System32\tbssvc.dll
17:04:12.0371 0x107c TBS - ok
17:04:12.0480 0x107c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:04:12.0527 0x107c Tcpip - ok
17:04:12.0589 0x107c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:04:12.0636 0x107c TCPIP6 - ok
17:04:12.0683 0x107c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:04:12.0714 0x107c tcpipreg - ok
17:04:12.0761 0x107c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:04:12.0792 0x107c TDPIPE - ok
17:04:12.0823 0x107c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:04:12.0854 0x107c TDTCP - ok
17:04:12.0885 0x107c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:04:12.0901 0x107c tdx - ok
17:04:12.0932 0x107c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\windows\system32\drivers\termdd.sys
17:04:12.0948 0x107c TermDD - ok
17:04:13.0010 0x107c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\windows\System32\termsrv.dll
17:04:13.0041 0x107c TermService - ok
17:04:13.0088 0x107c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\windows\system32\themeservice.dll
17:04:13.0119 0x107c Themes - ok
17:04:13.0151 0x107c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\windows\system32\mmcss.dll
17:04:13.0182 0x107c THREADORDER - ok
17:04:13.0213 0x107c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\windows\System32\trkwks.dll
17:04:13.0260 0x107c TrkWks - ok
17:04:13.0322 0x107c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:04:13.0369 0x107c TrustedInstaller - ok
17:04:13.0416 0x107c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:04:13.0431 0x107c tssecsrv - ok
17:04:13.0463 0x107c [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:04:13.0478 0x107c TsUsbFlt - ok
17:04:13.0541 0x107c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:04:13.0587 0x107c tunnel - ok
17:04:13.0619 0x107c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:04:13.0634 0x107c uagp35 - ok
17:04:13.0665 0x107c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:04:13.0697 0x107c udfs - ok
17:04:13.0743 0x107c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\windows\system32\UI0Detect.exe
17:04:13.0759 0x107c UI0Detect - ok
17:04:13.0837 0x107c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:04:13.0853 0x107c uliagpkx - ok
17:04:13.0915 0x107c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\windows\system32\drivers\umbus.sys
17:04:13.0946 0x107c umbus - ok
17:04:13.0977 0x107c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:04:13.0993 0x107c UmPass - ok
17:04:14.0024 0x107c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\windows\System32\upnphost.dll
17:04:14.0071 0x107c upnphost - ok
17:04:14.0149 0x107c [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
17:04:14.0165 0x107c USBAAPL - ok
17:04:14.0211 0x107c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:04:14.0227 0x107c usbccgp - ok
17:04:14.0274 0x107c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\windows\system32\drivers\usbcir.sys
17:04:14.0305 0x107c usbcir - ok
17:04:14.0352 0x107c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:04:14.0367 0x107c usbehci - ok
17:04:14.0445 0x107c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:04:14.0461 0x107c usbhub - ok
17:04:14.0477 0x107c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:04:14.0492 0x107c usbohci - ok
17:04:14.0555 0x107c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:04:14.0570 0x107c usbprint - ok
17:04:14.0664 0x107c [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\windows\system32\drivers\usbscan.sys
17:04:14.0695 0x107c usbscan - ok
17:04:14.0711 0x107c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:04:14.0742 0x107c USBSTOR - ok
17:04:14.0757 0x107c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
17:04:14.0773 0x107c usbuhci - ok
17:04:14.0835 0x107c [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:04:14.0867 0x107c usbvideo - ok
17:04:14.0898 0x107c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\windows\System32\uxsms.dll
17:04:14.0929 0x107c UxSms - ok
17:04:14.0960 0x107c [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc C:\windows\system32\lsass.exe
17:04:14.0991 0x107c VaultSvc - ok
17:04:15.0038 0x107c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:04:15.0069 0x107c vdrvroot - ok
17:04:15.0116 0x107c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\windows\System32\vds.exe
17:04:15.0163 0x107c vds - ok
17:04:15.0194 0x107c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:04:15.0210 0x107c vga - ok
17:04:15.0241 0x107c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\windows\System32\drivers\vga.sys
17:04:15.0272 0x107c VgaSave - ok
17:04:15.0335 0x107c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:04:15.0366 0x107c vhdmp - ok
17:04:15.0413 0x107c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\windows\system32\drivers\viaagp.sys
17:04:15.0428 0x107c viaagp - ok
17:04:15.0444 0x107c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
17:04:15.0475 0x107c ViaC7 - ok
17:04:15.0506 0x107c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\windows\system32\drivers\viaide.sys
17:04:15.0522 0x107c viaide - ok
17:04:15.0537 0x107c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:04:15.0553 0x107c volmgr - ok
17:04:15.0584 0x107c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:04:15.0631 0x107c volmgrx - ok
17:04:15.0647 0x107c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:04:15.0678 0x107c volsnap - ok
17:04:15.0740 0x107c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:04:15.0756 0x107c vsmraid - ok
17:04:15.0834 0x107c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\windows\system32\vssvc.exe
17:04:15.0896 0x107c VSS - ok
17:04:16.0130 0x107c [ D47AD4C199EB4F298597BF2EB5305DC3, 7D0E32499AF581C82D5EE0C366AFB6C388F8C4FFCCCE9C0E46162F3C27A96F32 ] vToolbarUpdater18.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
17:04:16.0177 0x107c vToolbarUpdater18.2.0 - ok
17:04:16.0208 0x107c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:04:16.0224 0x107c vwifibus - ok
17:04:16.0255 0x107c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:04:16.0286 0x107c vwififlt - ok
17:04:16.0317 0x107c [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:04:16.0349 0x107c vwifimp - ok
17:04:16.0380 0x107c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\windows\system32\w32time.dll
17:04:16.0427 0x107c W32Time - ok
17:04:16.0458 0x107c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:04:16.0473 0x107c WacomPen - ok
17:04:16.0536 0x107c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:04:16.0567 0x107c WANARP - ok
17:04:16.0567 0x107c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:04:16.0598 0x107c Wanarpv6 - ok
17:04:16.0692 0x107c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\windows\system32\wbengine.exe
17:04:16.0739 0x107c wbengine - ok
17:04:16.0770 0x107c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:04:16.0785 0x107c WbioSrvc - ok
17:04:16.0848 0x107c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\windows\System32\wcncsvc.dll
17:04:16.0910 0x107c wcncsvc - ok
17:04:16.0926 0x107c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:04:16.0957 0x107c WcsPlugInService - ok
17:04:16.0988 0x107c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\windows\system32\DRIVERS\wd.sys
17:04:17.0004 0x107c Wd - ok
17:04:17.0191 0x107c [ 502FA6BD01D9141D34C2FCA8F8726E3F, 078D88854404F989445725B3693F1B22B8C25F5DCCD9AD5B15AE0E6521FB04D7 ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
17:04:17.0238 0x107c WDBackup - ok
17:04:17.0300 0x107c [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam.sys
17:04:17.0316 0x107c WDC_SAM - ok
17:04:17.0409 0x107c [ 28E0104D77501C8576BC4F32BB73CE9F, 120E0C17443CB687A538D0EA75D5CAC8F8E44A70FADCAF9B2395C061D817B695 ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
17:04:17.0441 0x107c WDDriveService - ok
17:04:17.0503 0x107c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:04:17.0534 0x107c Wdf01000 - ok
17:04:17.0597 0x107c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\windows\system32\wdi.dll
17:04:17.0628 0x107c WdiServiceHost - ok
17:04:17.0628 0x107c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\windows\system32\wdi.dll
17:04:17.0659 0x107c WdiSystemHost - ok
17:04:17.0706 0x107c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\windows\System32\webclnt.dll
17:04:17.0737 0x107c WebClient - ok
17:04:17.0768 0x107c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\windows\system32\wecsvc.dll
17:04:17.0799 0x107c Wecsvc - ok
17:04:17.0831 0x107c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:04:17.0862 0x107c wercplsupport - ok
17:04:17.0893 0x107c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\windows\System32\WerSvc.dll
17:04:17.0924 0x107c WerSvc - ok
17:04:17.0971 0x107c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:04:18.0033 0x107c WfpLwf - ok
17:04:18.0049 0x107c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:04:18.0049 0x107c WIMMount - ok
17:04:18.0143 0x107c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:04:18.0174 0x107c WinDefend - ok
17:04:18.0221 0x107c WinHttpAutoProxySvc - ok
17:04:18.0267 0x107c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:04:18.0314 0x107c Winmgmt - ok
17:04:18.0392 0x107c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\windows\system32\WsmSvc.dll
17:04:18.0455 0x107c WinRM - ok
17:04:18.0548 0x107c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:04:18.0579 0x107c WinUsb - ok
17:04:18.0657 0x107c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\windows\System32\wlansvc.dll
17:04:18.0689 0x107c Wlansvc - ok
17:04:18.0876 0x107c [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:04:18.0938 0x107c wlidsvc - ok
17:04:18.0969 0x107c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:04:18.0985 0x107c WmiAcpi - ok
17:04:19.0016 0x107c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:04:19.0032 0x107c wmiApSrv - ok
17:04:19.0157 0x107c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:04:19.0203 0x107c WMPNetworkSvc - ok
17:04:19.0235 0x107c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\windows\System32\wpcsvc.dll
17:04:19.0266 0x107c WPCSvc - ok
17:04:19.0297 0x107c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:04:19.0313 0x107c WPDBusEnum - ok
17:04:19.0359 0x107c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:04:19.0391 0x107c ws2ifsl - ok
17:04:19.0406 0x107c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\windows\System32\wscsvc.dll
17:04:19.0437 0x107c wscsvc - ok
17:04:19.0437 0x107c WSearch - ok
17:04:19.0562 0x107c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\windows\system32\wuaueng.dll
17:04:19.0625 0x107c wuauserv - ok
17:04:19.0687 0x107c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:04:19.0718 0x107c WudfPf - ok
17:04:19.0765 0x107c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:04:19.0796 0x107c WUDFRd - ok
17:04:19.0827 0x107c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:04:19.0859 0x107c wudfsvc - ok
17:04:19.0905 0x107c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\windows\System32\wwansvc.dll
17:04:19.0921 0x107c WwanSvc - ok
17:04:19.0968 0x107c ================ Scan global ===============================
17:04:19.0999 0x107c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
17:04:20.0030 0x107c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:04:20.0046 0x107c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:04:20.0093 0x107c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
17:04:20.0124 0x107c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
17:04:20.0139 0x107c [ Global ] - ok
17:04:20.0139 0x107c ================ Scan MBR ==================================
17:04:20.0155 0x107c [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
17:04:20.0623 0x107c \Device\Harddisk0\DR0 - ok
17:04:20.0623 0x107c ================ Scan VBR ==================================
17:04:20.0639 0x107c [ F19731E6FE94B6AE3E1F3E18BD062D9A ] \Device\Harddisk0\DR0\Partition1
17:04:20.0639 0x107c \Device\Harddisk0\DR0\Partition1 - ok
17:04:20.0670 0x107c [ 039F31F2E9940BD683EF2C7CBAFDFD80 ] \Device\Harddisk0\DR0\Partition2
17:04:20.0670 0x107c \Device\Harddisk0\DR0\Partition2 - ok
17:04:20.0701 0x107c [ 4B236011C4DBD5465D8A22A621C526D4 ] \Device\Harddisk0\DR0\Partition3
17:04:20.0701 0x107c \Device\Harddisk0\DR0\Partition3 - ok
17:04:20.0701 0x107c ================ Scan generic autorun ======================
17:04:21.0029 0x107c [ F50CA00F1929D9294FE01894D0168A7F, 197B7402215422B05837439E6973FD76F8C052A089DB61AA75CF8082A8389344 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
17:04:21.0247 0x107c RtHDVCpl - ok
17:04:21.0356 0x107c [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
17:04:21.0403 0x107c SynTPEnh - ok
17:04:21.0497 0x107c [ 1CEB6E00AEDDAE46BF52DD4741DD80BA, 60266CBB61F73AF3A143C65F5907897B4522D905AA25C2FBAD40EB6CDEF4E65E ] C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
17:04:21.0528 0x107c LexwareInfoService - ok
17:04:21.0621 0x107c [ 2E3E50D717026B41219435A6C649D80D, D1FB5E2EA97F6C0ED7E1EE785D44AD4F7951792BD45969C3E98142A0B66DE860 ] C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
17:04:21.0699 0x107c GMX Update - ok
17:04:21.0746 0x107c [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\windows\system32\NeroCheck.exe
17:04:21.0762 0x107c NeroFilterCheck - detected UnsignedFile.Multi.Generic ( 1 )
17:04:24.0273 0x107c Detect skipped due to KSN trusted
17:04:24.0273 0x107c NeroFilterCheck - ok
17:04:24.0305 0x107c [ 5CA1626C5FC942EDE31F2FF31E9632E2, 270A528B310CDC82E4246259967FE9E38BCAB8BE84B272A1991258C6ACCB55B5 ] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
17:04:24.0336 0x107c SSBkgdUpdate - ok
17:04:24.0383 0x107c [ 8A6ECE22270BD9D4CFD4553E26B5C69A, 5718B0E7ECF55A81EC5E8E6C8B4835F8DB99C3DA54F9A5E6AF86AC5C4EEC2D4A ] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
17:04:24.0398 0x107c OpwareSE4 - ok
17:04:24.0476 0x107c [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
17:04:24.0492 0x107c ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
17:04:27.0440 0x107c Detect skipped due to KSN trusted
17:04:27.0440 0x107c ISUSScheduler - ok
17:04:27.0487 0x107c [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD, 729D283DF70F727824EBCA223D5E5B27D16E3E2B5312B1B34CAE1E763192D7B5 ] C:\windows\system32\igfxtray.exe
17:04:27.0503 0x107c IgfxTray - ok
17:04:27.0518 0x107c [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\windows\system32\hkcmd.exe
17:04:27.0534 0x107c HotKeysCmds - ok
17:04:27.0565 0x107c [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\windows\system32\igfxpers.exe
17:04:27.0581 0x107c Persistence - ok
17:04:27.0627 0x107c [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:04:27.0643 0x107c APSDaemon - ok
17:04:27.0768 0x107c [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:04:27.0815 0x107c Adobe ARM - ok
17:04:27.0939 0x107c [ 63C7C530B77CD57473582CEE538E49AE, 08C84B9ECB934DF46A0DA4769757791DF9A15846E8E9A1B229512D0E0260FF52 ] C:\Program Files\Samsung\EmoDio\SMSTray.exe
17:04:27.0971 0x107c SMSTray - detected UnsignedFile.Multi.Generic ( 1 )
17:04:30.0482 0x107c Detect skipped due to KSN trusted
17:04:30.0482 0x107c SMSTray - ok
17:04:30.0935 0x107c [ 9DB4F8D6F900D0511CC216783C7F7D48, 63FD23A41C26186302104B9752EFEC91FDCB7AEF68ECC4956809F5009B6A65C5 ] C:\Program Files\AVG\AVG2015\avgui.exe
17:04:31.0028 0x107c AVG_UI - ok
17:04:31.0122 0x107c [ 3CD5FBD8B1EA8F5B51DE894A881C0092, C23B4F9DD68B0C58E39407F2F05BB1079AA6C4E33C9DFB8E21571E303284EBEC ] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
17:04:31.0122 0x107c Corel Photo Downloader - detected UnsignedFile.Multi.Generic ( 1 )
17:04:33.0696 0x107c Detect skipped due to KSN trusted
17:04:33.0696 0x107c Corel Photo Downloader - ok
17:04:33.0774 0x107c [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files\PDF24\pdf24.exe
17:04:33.0789 0x107c PDFPrint - ok
17:04:33.0867 0x107c [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
17:04:33.0883 0x107c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:04:36.0395 0x107c Detect skipped due to KSN trusted
17:04:36.0395 0x107c QuickTime Task - ok
17:04:36.0473 0x107c [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files\iTunes\iTunesHelper.exe
17:04:36.0488 0x107c iTunesHelper - ok
17:04:36.0722 0x107c [ 63997A29C8DA4000D7C651B46517E6B2, CCF942AE01D2E0AF8F854C88849AD54CAD2C8C3BA57C88007E4A49E05148197D ] C:\Program Files\AVG Web TuneUp\vprot.exe
17:04:36.0816 0x107c vProt - ok
17:04:37.0097 0x107c [ 36CD605A0DDAFCBC3882B3B3152D5564, 0CD799F2E534D63B6D93D2A7534AD078FE14714F923D158DFEF74C4DD0E5021E ] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
17:04:37.0237 0x107c WD Quick View - ok
17:04:37.0502 0x107c [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files\Fitbit Connect\Fitbit Connect.exe
17:04:37.0627 0x107c Fitbit Connect - ok
17:04:37.0736 0x107c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:04:37.0783 0x107c Sidebar - ok
17:04:37.0830 0x107c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:04:37.0861 0x107c mctadmin - ok
17:04:37.0892 0x107c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:04:37.0939 0x107c Sidebar - ok
17:04:37.0955 0x107c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:04:37.0970 0x107c mctadmin - ok
17:04:38.0001 0x107c [ 58EDDFEC65B6AA166FC7FF4A442CC4B5, 3808ECE0F7CE34F42ABEF38547F6423D637FEA8C3C585283EE5B26C0E068CE05 ] C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
17:04:38.0017 0x107c Power DVD Player - detected UnsignedFile.Multi.Generic ( 1 )
17:04:48.0110 0x107c Power DVD Player ( UnsignedFile.Multi.Generic ) - warning
17:04:48.0110 0x107c Force sending object to P2P due to detect: C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
17:05:00.0746 0x107c Object send P2P result: true
17:05:03.0351 0x107c [ 85458A400758C8533A0CE732B06E5BA1, A4C90E8E98F6B0C27188B089A9789234DE9E8CE6FA2CA64C4D376BB98B1729B6 ] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
17:05:03.0367 0x107c AnyDVD - ok
17:05:03.0414 0x107c [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
17:05:03.0414 0x107c ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
17:05:05.0941 0x107c Detect skipped due to KSN trusted
17:05:05.0941 0x107c ISUSPM Startup - ok
17:05:06.0035 0x107c AVG-Secure-Search-Update_1213b - ok
17:05:06.0237 0x107c [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files\Fitbit Connect\Fitbit Connect.exe
17:05:06.0347 0x107c Fitbit Connect - ok
17:05:06.0425 0x107c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:05:06.0471 0x107c Sidebar - ok
17:05:06.0503 0x107c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:05:06.0534 0x107c mctadmin - ok
17:05:06.0534 0x107c Waiting for KSN requests completion. In queue: 1
17:05:07.0548 0x107c Waiting for KSN requests completion. In queue: 1
17:05:08.0577 0x107c AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5646 ), 0x41000 ( enabled : updated )
17:05:08.0577 0x107c Win FW state via NFP2: enabled
17:05:11.0042 0x107c ============================================================
17:05:11.0042 0x107c Scan finished
17:05:11.0042 0x107c ============================================================
17:05:11.0058 0x1578 Detected object count: 1
17:05:11.0058 0x1578 Actual detected object count: 1
17:05:32.0087 0x1578 Power DVD Player ( UnsignedFile.Multi.Generic ) - skipped by user
17:05:32.0087 0x1578 Power DVD Player ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:05:43.0319 0x0c9c Deinitialize success
Code:
ATTFilter 16:49:03.0128 0x0478 Detected object count: 1
16:49:03.0128 0x0478 Actual detected object count: 1
16:49:15.0873 0x0478 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:15.0873 0x0478 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:23.0065 0x174c Deinitialize success
Code:
ATTFilter 16:44:53.0321 0x1414 Detected object count: 1
16:44:53.0321 0x1414 Actual detected object count: 1
16:45:13.0445 0x1414 NeroFilterCheck ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0445 0x1414 NeroFilterCheck ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:46:48.0965 0x0d4c Deinitialize success
Code:
ATTFilter 16:35:05.0179 0x0c00 Detected object count: 1
16:35:05.0179 0x0c00 Actual detected object count: 1
16:35:14.0776 0x0c00 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:14.0776 0x0c00 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:35:20.0999 0x1964 Deinitialize success
kroko123 |
|
25.02.2015, 07:04
| #4 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: generic hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.02.2015, 21:54
| #5 |
| | Telekom Abuse Team, Infektion: generic Hi Schrauber, hier ist mein Log von Combofix: Code:
ATTFilter ComboFix 15-02-16.01 - Egerland 25.02.2015 19:19:16.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3005.1782 [GMT 1:00]
ausgeführt von:: c:\users\Egerland\Desktop\Virenanalyse\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Egerland\AppData\Roaming\.#
c:\windows\IsUn0407.exe
c:\windows\tmp
c:\windows\tmp\AVG_TB_DumpLog.txt
c:\windows\tmp\dd_vcredistMSI619A.txt
c:\windows\tmp\dd_vcredistMSI7654.txt
c:\windows\tmp\dd_vcredistUI619D.txt
c:\windows\tmp\dd_vcredistUI7654.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile
c:\windows\tmp\toolbar_log.txt
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-25 bis 2015-02-25 ))))))))))))))))))))))))))))))
.
.
2015-02-25 20:04 . 2015-02-25 20:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-02-25 20:04 . 2015-02-25 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-25 20:04 . 2015-02-25 20:04 -------- d-----w- c:\users\Administrator.Egerland-PC\AppData\Local\temp
2015-02-25 14:00 . 2015-02-25 14:00 -------- d-----w- c:\programdata\Avg_Update_0215tb
2015-02-25 13:55 . 2015-02-25 13:55 -------- d--h--w- c:\windows\AxInstSV
2015-02-24 14:27 . 2015-02-24 14:27 -------- d-----w- c:\programdata\Malwarebytes
2015-02-24 14:27 . 2015-02-24 15:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-24 14:27 . 2015-02-24 14:27 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 14:26 . 2015-02-24 14:26 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-24 14:12 . 2015-02-24 14:12 -------- d-----w- c:\program files\VS Revo Group
2015-02-23 20:06 . 2015-02-23 20:06 104960 ----a-w- C:\pwdyqkob.sys
2015-02-23 16:04 . 2015-02-23 16:07 -------- d-----w- C:\FRST
2015-02-21 20:35 . 2015-02-21 20:35 -------- d-----w- c:\users\Egerland\AppData\Local\HL
2015-02-21 20:29 . 2015-02-21 20:29 -------- d-----w- c:\programdata\AAV
2015-02-21 20:21 . 2015-02-21 20:21 -------- d-----w- c:\programdata\HL
2015-02-11 18:07 . 2015-01-23 03:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 18:07 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\system32\jscript9.dll
2015-02-10 18:38 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-10 18:37 . 2015-01-12 02:21 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-10 18:36 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-10 18:36 . 2014-07-07 01:40 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-10 18:36 . 2014-07-07 01:40 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-10 18:36 . 2014-12-08 02:46 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-02-10 18:36 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-07 16:00 . 2015-02-07 16:00 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-25 14:12 . 2014-12-09 12:38 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-02-07 16:00 . 2014-12-07 20:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-05 18:39 . 2012-11-16 20:07 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 18:39 . 2011-11-09 20:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 02:43 . 2015-01-15 12:52 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-15 12:52 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-15 12:52 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-10 15:39 . 2014-12-10 15:40 43296 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-12-08 20:25 . 2014-12-08 20:25 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-12-06 03:50 . 2015-01-15 12:52 242688 ----a-w- c:\windows\system32\nlasvc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-12-10 15:39 2395160 ----a-w- c:\program files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2014-10-01 109480]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"LexwareInfoService"="c:\program files\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]
"GMX Update"="c:\program files\GMX\LiveUpdate\m2LUTray.exe" [2009-10-16 2229632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 106496]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-12-10 3081752]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2014-12-02 5562736]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
.
c:\users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2010-3-22 1540096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2013-10-24 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-01-06 3440080]
R2 gupdate1cacc505e5a502c;Google Update Service (gupdate1cacc505e5a502c);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 208152]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-12-10 43296]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Lexware\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-01-06 309232]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2014-12-12 5738528]
S2 vToolbarUpdater18.2.0;vToolbarUpdater18.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [2014-12-10 1850392]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-02 1042808]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2014-12-02 296312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 18:25 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 18:39]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 11:07]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 11:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ie_banner_deny.htm
IE: Send Image to Photo Library - file://c:\programme\Broderbund\Photo Pro\Temp\MGI00000.html
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: extensions.Softonic.hpOld0 -
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=
FF - user.js: extensions.Softonic.id - cc4771f80000000000002eeee6aeaafc
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16081
FF - user.js: extensions.Softonic.vrsn - 1.8.29.3
FF - user.js: extensions.Softonic.vrsni - 1.8.29.3
FF - user.js: extensions.Softonic.vrsnTs - 1.8.29.320:30
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Egerland\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d8,e6,a6,53,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,61,da,99,8b,17,b1,44,a5,5a,67,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,61,da,99,8b,17,b1,44,a5,5a,67,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-25 21:12:43
ComboFix-quarantined-files.txt 2015-02-25 20:12
.
Vor Suchlauf: 14 Verzeichnis(se), 80.064.974.848 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 90.183.258.112 Bytes frei
.
- - End Of File - - 3C29570FBAE2E5D89B6D8D9A4B0CBD64
2E5DEBB2116B3417023E0D6562D7ED07
PEV.exe funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Ich hab jeweils immer ok geklickt und es ging dann normal weiter. Viele Grüße kroko 123 |
|
26.02.2015, 13:07
| #6 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: generic Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Telekom Abuse Team, Infektion: generic |
|
26.02.2015, 21:10
| #7 |
| | Telekom Abuse Team, Infektion: generic Hallo Schrauber, von Malwarebytes habe ich leider keine Log-Datei bekommen. Es kam die Meldung „Suchlauf beendet – Nicht Malware-Programme entdeckt.“ Diese habe ich dann auch in die Quarantäne verschoben. Nach dem ersten Suchlauf kam folgender Log: Debug Code:
ATTFilter [02:26/17:28:29] pipe error: 232
Ich hab die anderen Programme trotzdem durchlaufen lassen. AdwCleaner: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 26/02/2015 um 20:31:08
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Egerland - EGERLAND-PC
# Gestarted von : C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : vToolbarUpdater18.2.0
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Egerland\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\Egerland\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Egerland\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\5wvv71gq.default\Extensions\Avg@toolbar
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\invalidprefs.js
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\5wvv71gq.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2325506
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09C6AB88-402B-4371-B00B-750CA1B06199}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v35.0.1 (x86 de)
[5q2fhcqa.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.admin", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpg", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hpOld0", "");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.id", "cc4771f80000000000002eeee6aeaafc");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlDay", "16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00009");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTab", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrId", "2013desingbrand");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.29.3");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.29.320:30:27");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.S
oftonic.vrsni", "1.8.29.3");
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [10331 Bytes] - [26/02/2015 20:27:06]
AdwCleaner[S0].txt - [10522 Bytes] - [26/02/2015 20:31:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10582 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Egerland on 26.02.2015 at 20:45:15,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Egerland\AppData\Roaming\getrighttogo"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Egerland\AppData\Roaming\mozilla\firefox\profiles\q5ajt1bs.default-1380970918604\extensions\toolbar@gmx.net
Emptied folder: C:\Users\Egerland\AppData\Roaming\mozilla\firefox\profiles\q5ajt1bs.default-1380970918604\minidumps [340 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2015 at 20:48:28,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Egerland (administrator) on EGERLAND-PC on 26-02-2015 20:51:14
Running from C:\Users\Egerland\Desktop\Virenanalyse
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\extensions\toolbar@gmx.net [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Egerland\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 20:42 - 2015-02-26 20:43 - 01388274 _____ (Thisisu) C:\Users\Egerland\Downloads\JRT.exe
2015-02-26 20:33 - 2015-02-26 20:33 - 00000000 ___HD () C:\windows\AxInstSV
2015-02-26 20:26 - 2015-02-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-02-26 20:21 - 2015-02-26 20:21 - 02126848 _____ () C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-26 16:58 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-26 16:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-26 15:43 - 2015-02-26 20:45 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-25 22:38 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:12 - 2015-02-25 21:12 - 00017319 _____ () C:\ComboFix.txt
2015-02-25 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-25 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-25 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-25 19:14 - 2015-02-25 21:12 - 00000000 ____D () C:\Qoobox
2015-02-25 19:14 - 2015-02-25 21:10 - 00000000 ____D () C:\windows\erdnt
2015-02-25 15:00 - 2015-02-25 15:00 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 15:27 - 2015-02-26 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 15:27 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 15:27 - 2015-02-24 16:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 15:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-24 15:12 - 2015-02-24 15:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-23 21:06 - 2015-02-23 21:06 - 00104960 _____ (GMER) C:\pwdyqkob.sys
2015-02-23 17:04 - 2015-02-26 20:51 - 00000000 ____D () C:\FRST
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-26 20:51 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdriverx.sys
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avglogx.sys
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
2015-01-27 14:01 - 2015-01-27 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 20:42 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 20:42 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 20:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 20:34 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 20:33 - 2009-09-17 08:19 - 00904576 _____ () C:\windows\PFRO.log
2015-02-26 20:33 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-26 20:33 - 2009-07-14 05:39 - 00244651 _____ () C:\windows\setupact.log
2015-02-26 20:31 - 2009-09-17 07:44 - 01529921 _____ () C:\windows\WindowsUpdate.log
2015-02-26 20:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 20:10 - 2010-01-08 20:22 - 00000000 ____D () C:\windows\SQL9_KB970892_ENU
2015-02-26 18:14 - 2009-11-07 13:44 - 00000000 ____D () C:\windows\PCHEALTH
2015-02-26 16:45 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-26 15:51 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 15:51 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 22:04 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-25 21:07 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-02-25 15:01 - 2014-12-10 16:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-02-24 19:09 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-23 17:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 21:11 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 16:39 - 2012-05-05 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 14:18 - 2009-11-07 13:36 - 00000000 ____D () C:\Users\Egerland\AppData\Local\Adobe
==================== Files in the root of some directories =======
2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-25 22:04 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Egerland\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 17:31
==================== End Of Log ============================
--- --- --- Viele Grüße Kroko123 |
|
27.02.2015, 07:25
| #8 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: genericESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.02.2015, 21:55
| #9 |
| | Telekom Abuse Team, Infektion: generic Hallo Schrauber, Eset Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d7df9c3f29f44a40a673556362e82d4e
# engine=22677
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-27 07:35:51
# local_time=2015-02-27 08:35:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 24307 112199735 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39918895 176696942 0 0
# scanned=391802
# found=2
# cleaned=0
# scan_time=17420
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe"
sh=1E90306E14443B76B4DDAFA620D42B1A18D319E8 ft=1 fh=ee978b914a64ce5d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2015
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (GMX.)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Egerland (administrator) on EGERLAND-PC on 27-02-2015 21:12:41
Running from C:\Users\Egerland\Desktop\Virenanalyse\FRST-OlderVersion
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Egerland\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 20:55 - 2015-02-27 20:55 - 00852594 _____ () C:\Users\Egerland\Downloads\SecurityCheck.exe
2015-02-27 15:43 - 2015-02-27 15:43 - 00000000 ____D () C:\Program Files\ESET
2015-02-27 15:03 - 2015-02-27 15:03 - 02347384 _____ (ESET) C:\Users\Egerland\Downloads\esetsmartinstaller_deu.exe
2015-02-26 20:42 - 2015-02-26 20:43 - 01388274 _____ (Thisisu) C:\Users\Egerland\Downloads\JRT.exe
2015-02-26 20:26 - 2015-02-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-02-26 20:21 - 2015-02-26 20:21 - 02126848 _____ () C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-26 16:58 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-26 16:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-26 15:43 - 2015-02-27 14:48 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-25 22:38 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:12 - 2015-02-25 21:12 - 00017319 _____ () C:\ComboFix.txt
2015-02-25 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-25 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-25 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-25 19:14 - 2015-02-25 21:12 - 00000000 ____D () C:\Qoobox
2015-02-25 19:14 - 2015-02-25 21:10 - 00000000 ____D () C:\windows\erdnt
2015-02-25 15:00 - 2015-02-25 15:00 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 15:27 - 2015-02-26 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 15:27 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 15:27 - 2015-02-24 16:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 15:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-24 15:12 - 2015-02-24 15:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-23 21:06 - 2015-02-23 21:06 - 00104960 _____ (GMER) C:\pwdyqkob.sys
2015-02-23 17:04 - 2015-02-27 21:12 - 00000000 ____D () C:\FRST
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-27 21:05 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdriverx.sys
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avglogx.sys
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-27 20:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 20:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 19:32 - 2009-09-17 07:44 - 01565232 _____ () C:\windows\WindowsUpdate.log
2015-02-27 15:25 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 15:07 - 2015-01-27 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 15:03 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-27 14:56 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 14:56 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 14:51 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-27 14:46 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-27 14:46 - 2009-07-14 05:39 - 00244707 _____ () C:\windows\setupact.log
2015-02-26 21:17 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-26 20:33 - 2009-09-17 08:19 - 00904576 _____ () C:\windows\PFRO.log
2015-02-26 20:10 - 2010-01-08 20:22 - 00000000 ____D () C:\windows\SQL9_KB970892_ENU
2015-02-26 18:14 - 2009-11-07 13:44 - 00000000 ____D () C:\windows\PCHEALTH
2015-02-26 15:51 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 15:51 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-25 21:07 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-02-25 15:01 - 2014-12-10 16:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-02-23 17:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 21:11 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-26 21:17 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Egerland\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 17:31
==================== End Of Log ============================
--- --- --- Viele Grüße kroko123 |
|
28.02.2015, 10:58
| #10 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: generic Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe
C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.02.2015, 20:24
| #11 |
| | Telekom Abuse Team, Infektion: generic Hallo Schrauber, Java wollte ich aktualisieren, aber ich bekomme die Meldung, dass die neueste Version 8 Update 31 schon auf meinem PC installiert ist. Vom Adobe Reader habe ich ein Update auf Adobe XI gemacht. Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by Egerland at 2015-02-28 19:54:02 Run:1
Running from C:\Users\Egerland\Desktop\Virenanalyse\FRST-OlderVersion
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe
C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe
Emptytemp:
*****************
C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe => Moved successfully.
C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 504.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:55:59 ====
War es jetzt eigentlich wirklich so ein gefährlicher Virus bzw. Trojaner, auf den mich das Telekom Abuse Team aufmerksam gemacht hat? Für die Zukunft werde ich mir ein kostenpflichtiges Antivirusprogramm zulegen. Ich hoffe, dass ich dann besser geschützt bin. Dein Favorit ist ja Emsisoft, oder? Reicht Emsisoft Anti Malware oder besser Emsisoft Internet Security? Würdest Du dann auch gleich noch Emsisoft Mobile Security für mein Handy empfehlen? Denn da habe ich bisher auch einen kostenlosen Virenscanner. Ich möchte mich nochmal ganz herzlich für deine Hilfe bedanken. Es ist wirklich toll, dass es so ein Forum gibt. Eine Spende ist an Euch natürlich auch schon unterwegs. Vielen, vielen Dank. Viele Grüße kroko123 |
|
01.03.2015, 12:17
| #12 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: generic Immer Passwörter ändern bei Befall. Hier war überwiegend Adware drauf, aber auch die kann das verursachen. Gibt es noch andere Windows Rechner im Netz?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.03.2015, 12:36
| #13 |
| | Telekom Abuse Team, Infektion: generic Nein, das ist der einzige Windows-Rechner im Netz. Sonst gibts nur noch 2 Handy's, die übers Wlan ins Internet gehen. Viele Grüße Kroko123 |
|
01.03.2015, 16:22
| #14 |
| /// the machine /// TB-Ausbilder | Telekom Abuse Team, Infektion: generic Dann passt das
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Telekom Abuse Team, Infektion: generic |
| adware, antivirus, autorun, bonjour, browser, canon, cid, computer, cpu, desktop, device driver, downloader, ebanking, flash player, frage, home, homepage, karte, mozilla, msiexec.exe, realtek, rechtlich, registry, scan, secure search, security, svchost.exe, udp, usb, viren, vtoolbarupdater, wlan |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
