|
Plagegeister aller Art und deren Bekämpfung: Online Banking vermutlich Phishing vor LoginWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.05.2015, 11:29 | #1 |
| Online Banking vermutlich Phishing vor Login Moin, seit gestern kommt beim Login Versuch auf meiner Online Banking Seite eine seltsame Meldung. Es erscheint die Aufforderung zur Installation von Software auf dem Smartphone und dazu wird die Eingabe der Handynummer verlangt. (Vermutlich um damit an die TANs ranzukommen. Die Servicehotline der Bank meint es handelt sich um einen Trojaner. Hat aber keine brauchbaren Lösungsvorschläge parat. Im Anhang schicke ich mal vorerst eine detaillierte Information über die Symptome. Sonst funktioniert der PC einwandfrei. ESET online scan läuft gerade und wird nachgereicht. Bitte um Hilfe! Nina |
16.05.2015, 12:01 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login OK, ESET Log dann bitte posten. Funde wenn möglich nicht löschen lassen. Machen das dann manuell.
__________________Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Geändert von deeprybka (16.05.2015 um 12:25 Uhr) |
16.05.2015, 13:10 | #3 |
| Online Banking vermutlich Phishing vor Login FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02 Ran by nina (administrator) on ACERNOTEBOOK on 15-05-2015 15:48:12 Running from K:\Bilder\2015\04 April Loaded Profiles: nina (Available profiles: nina & Gast) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe (Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\vVX3000.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\FireFox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated) HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X] HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung) HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation) AppInit_DLLs: avgrsstx.dll => C:\Windows\system32\avgrsstx.dll [12536 2010-07-15] (AVG Technologies CZ, s.r.o.) Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294 URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360 SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24] (AVG Technologies CZ, s.r.o.) BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2010-07-15] (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Yahoo! FF Homepage: hxxp://www.google.at/ FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF NetworkProxy: "autoconfig_url", "https://guardvpn.net/facebook.js" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS) FF SearchPlugin: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\searchplugins\yahoo_ff.xml [2015-04-07] FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02] FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21] FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21] FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27] FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-12-31] Chrome: ======= CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.) R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated) R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed] R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-07-28] (AVG Technologies CZ, s.r.o.) R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.) R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed] R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed] S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-15 15:47 - 2015-05-15 15:48 - 00000000 ____D () C:\FRST 2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable 2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk 2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer 2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log 2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer 2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe 2015-04-24 10:03 - 2015-04-30 21:15 - 00000000 ____D () C:\Program Files\FireFox 2015-04-19 21:51 - 2015-04-19 21:51 - 00002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina 2015-05-15 15:05 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-15 14:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-15 13:47 - 2009-07-07 02:17 - 01371694 _____ () C:\Windows\WindowsUpdate.log 2015-05-15 11:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-15 11:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-15 10:59 - 2009-12-31 18:07 - 00000000 ____D () C:\Windows\system32\Drivers\Avg 2015-05-15 10:52 - 2015-03-30 09:26 - 00006979 _____ () C:\Windows\setupact.log 2015-05-15 10:52 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-15 10:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db 2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer 2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer 2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-03 19:18 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job 2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc 2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird 2015-04-30 21:15 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast 2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype 2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype 2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype 2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna 2015-04-25 09:37 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne 2015-04-19 21:51 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0 2015-04-19 21:51 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8 2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-19 19:31 - 2015-04-03 10:21 - 00001454 _____ () C:\Windows\PFRO.log 2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 09:56 - 2012-04-25 13:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-15 09:56 - 2011-12-09 18:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2009-10-17 10:31 - 2009-02-10 21:23 - 0192484 _____ () C:\Program Files\Common Files\Acer GameZone online.ico 2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin 2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm 2015-04-19 21:51 - 2015-04-19 21:51 - 0002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg 2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log 2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some content of TEMP: ==================== C:\Users\nina\AppData\Local\Temp\SkypeSetup.exe C:\Users\nina\AppData\Local\Temp\utt484D.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 00:23 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 02 Ran by nina at 2015-05-15 15:49:23 Running from K:\Bilder\2015\04 April Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3389578649-474333246-578579119-500 - Administrator - Disabled) Gast (S-1-5-21-3389578649-474333246-578579119-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-3389578649-474333246-578579119-1005 - Limited - Enabled) nina (S-1-5-21-3389578649-474333246-578579119-1006 - Administrator - Enabled) => C:\Users\nina ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden A1 Servicecenter (HKLM\...\A1 Servicecenter) (Version: 1.4.0.43 - A1 Telekom Austria AG) Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated) Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated) Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.) Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.01.0805 - Acer Incorporated) Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated) Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.) AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version: - AVG Technologies) BitComet 1.36 (HKLM\...\BitComet) (Version: 1.36 - CometNetwork) BitTorrent (HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.) Brinno Incorporated Brinno TimeLapse Camera 1.75.0 (HKLM\...\Brinno TimeLapse Camera) (Version: 1.75.0 - Brinno Incorporated) Canon MP Navigator EX 1.2 (HKLM\...\MP Navigator EX 1.2) (Version: - ) Canon MP190 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant) DeepBurner v1.9.0.228 (HKLM\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version: - ) Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) FastStone Photo Resizer 3.2 (HKLM\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.) Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden Green City - Go South (HKLM\...\e44bb2cd2c15dad53d3887ef83640eaa) (Version: - Zylom) HappyFoto-Designer 5.4 (HKLM\...\HappyFoto-Designer_is1) (Version: - ) HOFER Bestellsoftware 4.14.5 (HKLM\...\HOFER Bestellsoftware) (Version: 4.14.5 - ORWO Net) Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) InterActual Player (HKLM\...\InterActual Player) (Version: - ) InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.) InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden KeePass Password Safe 1.17 (HKLM\...\KeePass Password Safe_is1) (Version: 1.17 - Dominik Reichl) Launch Manager (HKLM\...\LManager) (Version: 3.0.03 - Acer Inc.) Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.) LucasArts' Monkey4 (HKLM\...\LucasArts' Monkey4) (Version: - ) MedienManager 1.5.1 (HKLM\...\8781-9705-0578-2960) (Version: 1.5.1 - A1 Telekom Austria AG) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Picture It! Foto Designer Pro Plus 10 (HKLM\...\PictureItSuite_v10) (Version: 10.0.0708 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia) Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems) NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems) NTI Media Maker 8 (Version: 8.0.12.6623 - NewTech Infosystems) Hidden O&O Defrag Free Edition (HKLM\...\{E29CFB36-F070-4612-8DB5-7038161B6294}) (Version: 14.1.431 - O&O Software GmbH) O&O SafeErase (HKLM\...\{C0DB2307-0373-4CEF-B841-5C2431897336}) (Version: 4.1.153 - O&O Software GmbH) Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - ) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - ) SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited) Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.) Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated) TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software) Unity Web Player (HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3389578649-474333246-578579119-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ==================== Restore Points ========================= 07-05-2015 10:19:30 Geplanter Prüfpunkt 14-05-2015 19:24:24 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00725960-1587-4E58-9406-F0A0B08CEDE2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {054BC02A-AEC3-43C0-B6B3-84BB9B444E57} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {29D0FBE7-7E08-47DB-814A-221C67B7C562} - System32\Tasks\Paragon Archive name arc_121014163857289 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group) Task: {2C5384C9-5890-4AF0-BF0E-B12E4B976F5F} - System32\Tasks\Paragon Archive name arc_121014163721442 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group) Task: {39A26BEE-C322-479C-82EA-302B70D5C6B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.) Task: {3E206D79-79E0-4B0E-8CC3-36CFE21FA3A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {3F5EE653-260C-4DEE-9C3C-84F87F5CB911} - System32\Tasks\Paragon Archive name arc_121014164056536 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group) Task: {4814C721-B672-4B9E-8002-0E3257B3CD05} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {4F441DC2-1E14-4607-B85F-CA342AC79DBA} - System32\Tasks\{30AFB53F-3582-4BCA-9C9A-3C501F8B31ED} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\nina\Desktop Task: {81A1C4BB-DC00-4703-BBFA-56DA7DE385CE} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] () Task: {8EDA5EB4-2448-4F5C-8EC7-33CB5EDF57AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.) Task: {9598C3F4-F2A5-407B-B77B-FB1C1D44A0BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A5E408A2-D24D-4EBF-BC3D-E72246AFBD0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {B23327A8-5F71-4BDB-BE6F-AC81BDE65895} - System32\Tasks\Paragon Archive name arc_121014164007286 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19] (Paragon Software Group) Task: {BC7A9D6F-9B27-4898-807E-2EBFB4846A8B} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] () Task: {D9605096-5080-4FC1-BB77-BA1D5A117737} - System32\Tasks\{0611987B-0C3E-47AD-9819-7F2766480BDB} => C:\Program Files\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.) Task: {FE35006A-D1AA-4394-8617-1B9A94398902} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014163838647.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic Task: C:\Windows\Tasks\Paragon Archive name arc_121014163857289.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014163956242.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic Task: C:\Windows\Tasks\Paragon Archive name arc_121014164007286.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014164039485.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic Task: C:\Windows\Tasks\Paragon Archive name arc_121014164056536.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_121014164118423.pslIC:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\nina.Sic ==================== Loaded Modules (Whitelisted) ============== 2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 2015-02-15 11:17 - 2015-02-15 11:17 - 00182784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\6e34b85e4b592f012562cd3ea07a3609\Kies.Common.DeviceServiceLib.Interface.ni.dll 2015-02-15 11:18 - 2015-02-15 11:18 - 15005696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\377f67cec6e354732922f4cfdac2623e\Kies.Theme.ni.dll 2015-02-15 11:17 - 2015-02-15 11:17 - 01833984 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\dffddc07bad99dc5b76f2c8f7e74a839\Kies.UI.ni.dll 2015-02-15 11:17 - 2015-02-15 11:17 - 00077824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\639d0f46adb0215d1e316e8477638409\Kies.MVVM.ni.dll 2015-02-15 11:18 - 2015-02-15 11:18 - 00233472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\de6a15348040911b2e63c8dbe3c77275\ASF_cSharpAPI.ni.dll 2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F AlternateDataStreams: C:\ProgramData\TEMP:140AD176 AlternateDataStreams: C:\ProgramData\TEMP:260575F1 AlternateDataStreams: C:\ProgramData\TEMP:270A3983 AlternateDataStreams: C:\ProgramData\TEMP:2C678471 AlternateDataStreams: C:\ProgramData\TEMP:32A82570 AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 AlternateDataStreams: C:\ProgramData\TEMP:6017A808 AlternateDataStreams: C:\ProgramData\TEMP:6641B59F AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 AlternateDataStreams: C:\ProgramData\TEMP:7B52659E AlternateDataStreams: C:\ProgramData\TEMP:E51234A9 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\nina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: BcmSqlStartupSvc => 2 MSCONFIG\Services: SQLWriter => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C822F4F2-BC00-44DE-ABDC-9041D4521A82}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{D1DF1E13-5A2C-4A60-806D-4DB09F982CDE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{E0E327E6-A15E-4C6E-A694-BC426EB6E0DE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{8AB5CF77-CDCF-4FF7-88EB-26A8F7296A05}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{491AAAC6-4E3B-4ACA-B80F-D83C64EC119A}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe FirewallRules: [{7CBD0C0A-735F-4601-B26C-711DE90ABC8A}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe FirewallRules: [{4371448C-E089-4BA7-96F8-2CD3847098A3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{C5791CD6-84FE-4543-9AAD-68919703490E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{9203D4DC-08E7-4F35-8708-233EEDF39500}] => (Allow) svchost.exe FirewallRules: [{B613AC91-420C-4AF2-9B93-9C011F89550F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{A7F47625-206F-4529-9840-2B5B1A068546}] => (Allow) C:\Program Files\AVG\AVG9\avgnsx.exe FirewallRules: [{31578B3D-78C6-4D93-84F3-E2E0B974E440}] => (Allow) C:\Program Files\AVG\AVG9\avgemc.exe FirewallRules: [{9788B5EC-076C-4757-B7A3-D180B15F3A68}] => (Allow) C:\Program Files\AVG\AVG9\avgupd.exe FirewallRules: [{29FF43C1-3A88-45E0-B3D6-1C0C4EAD1D96}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{3F1A7833-5562-4F99-B96F-A42A0A453AF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{B8015FB5-F9EC-401D-9F66-C7C6F43C9CB6}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{8DB4DD6A-45AA-4EA0-A8DA-F2DA00F8A66B}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [{28E7C70A-520A-4CFD-B1CE-EE03B51360C2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [TCP Query User{6CC4FF0C-27F7-451A-AB23-FAF6AD0E27F6}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{0A2D0E97-7302-44ED-9A3F-E7131FABE87A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [{45CE1AFD-45D6-457B-971D-D0BDEA96D384}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe FirewallRules: [{971CE99B-E6AE-4B7C-B8D4-CDE92E494B47}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe FirewallRules: [{DFB6013D-A78E-46E0-9506-B073D67CE0DB}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{A1469E5D-729D-49D7-A174-1A4A9A83F2B6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{EF3DC344-0570-48B0-AD15-421B0C7D65F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe FirewallRules: [{D3A55F21-E36B-4B66-8C39-5E7016FB087F}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe FirewallRules: [{0BCD1E8D-A9BB-4B40-B92F-EA354FE01185}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe FirewallRules: [{56D76889-892F-493A-A093-6DC3A18A4A79}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe FirewallRules: [{3271B1A8-0117-41A6-AC28-FD8EA17EBE11}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe FirewallRules: [{73DBF6ED-DDA0-43FF-B922-E57A441A8703}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe FirewallRules: [{3DDD6AC8-4C52-495D-B84A-C7E9B86025EA}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{A664FD27-1102-40A7-80E9-AA2F20051B7E}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{BD1DF53E-B630-4AC4-AA5F-65989332E40F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{F18AFB04-58F4-4703-9305-CADD18C84D62}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe FirewallRules: [TCP Query User{B5BE8917-C2E3-4D02-B3A0-6C1D1768617F}C:\program files\firefox\plugin-container.exe] => (Allow) C:\program files\firefox\plugin-container.exe FirewallRules: [UDP Query User{D3C5DFC0-6E61-4EB7-9A72-42979537EC21}C:\program files\firefox\plugin-container.exe] => (Allow) C:\program files\firefox\plugin-container.exe FirewallRules: [{6FD47898-8A61-4CD8-AD5E-B630C6AFDAF0}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Servicecenter\Start.exe FirewallRules: [{F249B5EE-639F-4DEA-81E2-F964120B9DDC}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Servicecenter\Start.exe FirewallRules: [{F243B0A7-725B-456A-97B5-A8D1D4E0831D}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Breitband\A1Breitband.exe FirewallRules: [{08D45A01-8DBE-4B71-8ED0-52F9448C8B82}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Breitband\A1Breitband.exe FirewallRules: [{90596C98-4E3F-4239-BFEA-1D9A5A100F05}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Modemwechsel\A1Modemwechsel.exe FirewallRules: [{0DAA9DA8-1701-4B9D-954F-3CC0B2B7BEB8}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Modemwechsel\A1Modemwechsel.exe FirewallRules: [{EB083CDA-EFBF-47BA-8FB1-9DABCCCA2625}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe FirewallRules: [{E8F92151-AE11-4FF6-A098-8BB3BE26691C}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe FirewallRules: [{8CD6832F-45AD-4F98-B852-C320878CE6B5}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Modemkonfigurator.exe FirewallRules: [{3C168986-A3D9-41EB-BF23-937663696D66}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Modemkonfigurator.exe FirewallRules: [{7CD70E09-633F-4A9E-BFD4-97E56ED1BA54}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe FirewallRules: [{7CAD7F81-8024-448F-9EDE-C3130F645190}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1WLANAssistent.exe FirewallRules: [{FD15F0DA-4E37-4227-969F-ED6A0C9CF319}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe FirewallRules: [{9B52A403-E369-434B-8125-AC46C509BC67}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe FirewallRules: [{ECEC3DB9-56AD-46A5-9C02-66244B0770A5}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1CMDTool.exe FirewallRules: [{C4BC22C2-0086-4F37-A71B-BDFC0D632A8C}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1CMDTool.exe FirewallRules: [{B359EF6B-CC51-489B-A9E3-8A95DD0859CE}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe FirewallRules: [{97502A5B-AF93-43E8-9A74-7D8EBBB8BB74}] => (Allow) C:\Program Files\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe FirewallRules: [{3699E62E-6F7E-418E-86CD-F9F8ACB0BFC7}] => (Allow) C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe FirewallRules: [{17CF6469-529A-4EA1-9A3F-BEFD7C4B843B}] => (Allow) C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe FirewallRules: [{372992F4-2129-4812-BE38-E9E890539CF0}] => (Allow) C:\Program Files\Telekom-Austria\MedienManager\MedienManager.exe FirewallRules: [{5E3D6AEC-40ED-4681-B4E0-E7B1AE100134}] => (Allow) C:\Program Files\Telekom-Austria\MedienManager\MedienManager.exe FirewallRules: [{D797096E-CC57-4F90-BD33-A103B187914B}] => (Allow) LPort=4004 FirewallRules: [{D40ADB4E-13E3-4DE4-9F59-8F2EBEB8661A}] => (Allow) LPort=1900 FirewallRules: [{82997A2E-606E-48FD-9402-5971BDE3D220}] => (Allow) C:\Users\nina\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{F7C3221C-1023-45CD-8B6A-A43B5169384F}] => (Allow) C:\Users\nina\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{06767E68-CE34-4D0A-AF36-4CCA676B8309}] => (Allow) C:\Program Files\FireFox\firefox.exe FirewallRules: [{FAEB8AD1-9AB0-4D07-945C-0C84717A4C99}] => (Allow) C:\Program Files\FireFox\firefox.exe FirewallRules: [TCP Query User{C41EA1CF-7C98-4821-BA8C-F206E92814D2}C:\program files\firefox\firefox.exe] => (Allow) C:\program files\firefox\firefox.exe FirewallRules: [UDP Query User{926C827E-D6C6-497D-A24C-4A4F0548EF00}C:\program files\firefox\firefox.exe] => (Allow) C:\program files\firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2015 11:43:42 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/14/2015 10:53:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm HappyFoto-Designer.exe, Version 5.3.13.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: af8 Startzeit: 01d08e2348fec705 Endzeit: 47 Anwendungspfad: C:\Program Files\HappyFoto-Designer\HappyFoto-Designer.exe Berichts-ID: Error: (05/14/2015 10:49:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm HappyFoto-Designer.exe, Version 5.3.13.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10dc Startzeit: 01d08e22252ddf86 Endzeit: 47 Anwendungspfad: C:\Program Files\HappyFoto-Designer\HappyFoto-Designer.exe Berichts-ID: Error: (05/14/2015 00:48:57 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/13/2015 04:13:17 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/13/2015 02:42:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: AcerNotebook) Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/12/2015 09:51:17 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/11/2015 11:18:50 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/11/2015 10:30:34 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (05/09/2015 01:20:04 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. System errors: ============= Error: (05/15/2015 03:30:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 03:30:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 03:30:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (05/15/2015 11:03:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 11:03:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 11:03:18 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (05/15/2015 10:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 10:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/15/2015 10:54:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (05/15/2015 10:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= Error: (03/19/2015 08:53:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1917 seconds with 660 seconds of active time. This session ended with a crash. Error: (02/25/2015 06:19:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz Percentage of memory in use: 53% Total physical RAM: 1976.93 MB Available physical RAM: 910.52 MB Total Pagefile: 3953.85 MB Available Pagefile: 2087.28 MB Total Virtual: 2047.88 MB Available Virtual: 1887.68 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:88.12 GB) (Free:22.48 GB) NTFS Drive d: (Daten) (Fixed) (Total:48.83 GB) (Free:27.23 GB) NTFS Drive f: (ext_Eigene) (Fixed) (Total:79.16 GB) (Free:18.9 GB) NTFS Drive g: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:466.22 GB) NTFS Drive h: (ext_Daten) (Fixed) (Total:104.89 GB) (Free:11.97 GB) NTFS Drive k: (ext_sonstige) (Fixed) (Total:48.83 GB) (Free:19.82 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3A3B601C) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=88.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=48.8 GB) - (Type=OF Extended) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ======================================================== Disk: 2 (Size: 232.9 GB) (Disk ID: B559B559) Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=79.2 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter C:\Users\nina\AppData\Local\Temp\utt484D.tmp.exe Variante von Win32/Toolbar.Widgi.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\AppData\Local\Temp\~sp607C.tmp Win32/Toolbar.Widgi.O evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\AppData\Local\Temp\nsc9D9A.tmp\SP.dll Variante von Win32/Toolbar.Widgi.P evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\Downloads\Free Mp3 Wma Converter - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\Downloads\MP3Gain - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\nina\Downloads\PDFCreator-2_0_1-setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert H:\Studium\Stefan\Downloads\Setup_641FreeFlvConverter.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert H:\Studium\Stefan\Downloads\Alcohol 120% v1.9.7 (Build 6221) [CiM Patch][h33t][matt14]\Alcohol120_trial_1.9.7.6221.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert K:\Bilder\2015\04 April\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\IslandRealmsSetup-dm.exe Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\ShamanOdysseySetup-dm.exe Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert K:\RECYCLER\S-1-5-21-1060284298-152049171-854245398-1003\Df1\TropicalFarmSetup-dm.exe Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert |
16.05.2015, 13:26 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Hi, kommen diese Meldungen auch wenn Du den Internet Explorer benutzt? Wann warst Du das letzte Mal im OB ohne diese Meldungen?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
16.05.2015, 20:30 | #5 |
| Online Banking vermutlich Phishing vor Login Beim IE kommt die gleiche Meldung. Wann ich das online banking zuletzt genutzt habe kann ich nicht genau sagen, maximal eine Woche. Beim letzten Mal war noch alles normal. |
16.05.2015, 20:31 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Schritt 1 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Online Banking vermutlich Phishing vor Login |
16.05.2015, 20:48 | #7 |
| Online Banking vermutlich Phishing vor Login TDDS report: Code:
ATTFilter 21:41:00.0460 0x1498 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 21:41:07.0463 0x1498 ============================================================ 21:41:07.0463 0x1498 Current date / time: 2015/05/16 21:41:07.0463 21:41:07.0463 0x1498 SystemInfo: 21:41:07.0463 0x1498 21:41:07.0463 0x1498 OS Version: 6.1.7601 ServicePack: 1.0 21:41:07.0463 0x1498 Product type: Workstation 21:41:07.0463 0x1498 ComputerName: ACERNOTEBOOK 21:41:07.0464 0x1498 UserName: nina 21:41:07.0464 0x1498 Windows directory: C:\Windows 21:41:07.0464 0x1498 System windows directory: C:\Windows 21:41:07.0464 0x1498 Processor architecture: Intel x86 21:41:07.0464 0x1498 Number of processors: 2 21:41:07.0464 0x1498 Page size: 0x1000 21:41:07.0464 0x1498 Boot type: Normal boot 21:41:07.0464 0x1498 ============================================================ 21:41:08.0215 0x1498 KLMD registered as C:\Windows\system32\drivers\39705263.sys 21:41:08.0598 0x1498 System UUID: {FC610601-5636-42D7-D565-9D8929B6216B} 21:41:09.0137 0x1498 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:41:09.0156 0x1498 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115000 ( 1863.02 Gb ), SectorSize: 0x1000, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:41:09.0157 0x1498 ============================================================ 21:41:09.0157 0x1498 \Device\Harddisk0\DR0: 21:41:09.0157 0x1498 MBR partitions: 21:41:09.0157 0x1498 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000 21:41:09.0157 0x1498 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0xB03E800 21:41:09.0174 0x1498 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC871800, BlocksNum 0x61A7800 21:41:09.0174 0x1498 \Device\Harddisk1\DR1: 21:41:09.0405 0x1498 MBR partitions: 21:41:09.0405 0x1498 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C0915 21:41:09.0405 0x1498 ============================================================ 21:41:09.0506 0x1498 C: <-> \Device\Harddisk0\DR0\Partition2 21:41:09.0549 0x1498 D: <-> \Device\Harddisk0\DR0\Partition3 21:41:09.0569 0x1498 G: <-> \Device\Harddisk1\DR1\Partition1 21:41:09.0585 0x1498 ============================================================ 21:41:09.0585 0x1498 Initialize success 21:41:09.0585 0x1498 ============================================================ 21:42:30.0982 0x06e4 ============================================================ 21:42:30.0982 0x06e4 Scan started 21:42:30.0982 0x06e4 Mode: Manual; SigCheck; TDLFS; 21:42:30.0982 0x06e4 ============================================================ 21:42:30.0982 0x06e4 KSN ping started 21:42:40.0676 0x06e4 KSN ping finished: true 21:42:41.0910 0x06e4 ================ Scan system memory ======================== 21:42:41.0910 0x06e4 System memory - ok 21:42:41.0911 0x06e4 ================ Scan services ============================= 21:42:42.0119 0x06e4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:42:42.0258 0x06e4 1394ohci - ok 21:42:42.0334 0x06e4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:42:42.0357 0x06e4 ACPI - ok 21:42:42.0410 0x06e4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:42:42.0490 0x06e4 AcpiPmi - ok 21:42:42.0598 0x06e4 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 21:42:42.0612 0x06e4 AdobeARMservice - ok 21:42:42.0727 0x06e4 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:42:42.0746 0x06e4 AdobeFlashPlayerUpdateSvc - ok 21:42:42.0816 0x06e4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:42:42.0854 0x06e4 adp94xx - ok 21:42:42.0886 0x06e4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:42:42.0920 0x06e4 adpahci - ok 21:42:42.0946 0x06e4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:42:42.0964 0x06e4 adpu320 - ok 21:42:43.0001 0x06e4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:42:43.0048 0x06e4 AeLookupSvc - ok 21:42:43.0117 0x06e4 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys 21:42:43.0185 0x06e4 AFD - ok 21:42:43.0209 0x06e4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys 21:42:43.0225 0x06e4 agp440 - ok 21:42:43.0271 0x06e4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 21:42:43.0286 0x06e4 aic78xx - ok 21:42:43.0342 0x06e4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe 21:42:43.0392 0x06e4 ALG - ok 21:42:43.0439 0x06e4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys 21:42:43.0452 0x06e4 aliide - ok 21:42:43.0477 0x06e4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:42:43.0492 0x06e4 amdagp - ok 21:42:43.0509 0x06e4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys 21:42:43.0522 0x06e4 amdide - ok 21:42:43.0558 0x06e4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:42:43.0613 0x06e4 AmdK8 - ok 21:42:43.0630 0x06e4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:42:43.0662 0x06e4 AmdPPM - ok 21:42:43.0704 0x06e4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:42:43.0720 0x06e4 amdsata - ok 21:42:43.0760 0x06e4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:42:43.0781 0x06e4 amdsbs - ok 21:42:43.0799 0x06e4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:42:43.0815 0x06e4 amdxata - ok 21:42:43.0859 0x06e4 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys 21:42:43.0897 0x06e4 AppID - ok 21:42:43.0919 0x06e4 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:42:43.0958 0x06e4 AppIDSvc - ok 21:42:44.0021 0x06e4 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll 21:42:44.0068 0x06e4 Appinfo - ok 21:42:44.0108 0x06e4 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll 21:42:44.0168 0x06e4 AppMgmt - ok 21:42:44.0226 0x06e4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys 21:42:44.0242 0x06e4 arc - ok 21:42:44.0290 0x06e4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:42:44.0307 0x06e4 arcsas - ok 21:42:44.0426 0x06e4 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 21:42:44.0452 0x06e4 aspnet_state - ok 21:42:44.0491 0x06e4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:42:44.0617 0x06e4 AsyncMac - ok 21:42:44.0667 0x06e4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys 21:42:44.0681 0x06e4 atapi - ok 21:42:44.0740 0x06e4 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:42:44.0793 0x06e4 AudioEndpointBuilder - ok 21:42:44.0812 0x06e4 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:42:44.0838 0x06e4 Audiosrv - ok 21:42:44.0946 0x06e4 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe 21:42:45.0005 0x06e4 avg9emc - ok 21:42:45.0057 0x06e4 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe 21:42:45.0093 0x06e4 avg9wd - ok 21:42:45.0146 0x06e4 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys 21:42:45.0166 0x06e4 AvgLdx86 - ok 21:42:45.0216 0x06e4 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys 21:42:45.0226 0x06e4 AvgMfx86 - ok 21:42:45.0263 0x06e4 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys 21:42:45.0280 0x06e4 AvgTdiX - ok 21:42:45.0327 0x06e4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:42:45.0402 0x06e4 AxInstSV - ok 21:42:45.0462 0x06e4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 21:42:45.0549 0x06e4 b06bdrv - ok 21:42:45.0600 0x06e4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 21:42:45.0648 0x06e4 b57nd60x - ok 21:42:45.0717 0x06e4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll 21:42:45.0746 0x06e4 BDESVC - ok 21:42:45.0785 0x06e4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys 21:42:45.0838 0x06e4 Beep - ok 21:42:45.0917 0x06e4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll 21:42:46.0002 0x06e4 BFE - ok 21:42:46.0066 0x06e4 BITCOMET_HELPER_SERVICE - ok 21:42:46.0118 0x06e4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll 21:42:46.0306 0x06e4 BITS - ok 21:42:46.0330 0x06e4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:42:46.0360 0x06e4 blbdrive - ok 21:42:46.0397 0x06e4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:42:46.0453 0x06e4 bowser - ok 21:42:46.0482 0x06e4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:42:46.0564 0x06e4 BrFiltLo - ok 21:42:46.0574 0x06e4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:42:46.0590 0x06e4 BrFiltUp - ok 21:42:46.0628 0x06e4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll 21:42:46.0661 0x06e4 Browser - ok 21:42:46.0692 0x06e4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:42:46.0749 0x06e4 Brserid - ok 21:42:46.0774 0x06e4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:42:46.0805 0x06e4 BrSerWdm - ok 21:42:46.0828 0x06e4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:42:46.0860 0x06e4 BrUsbMdm - ok 21:42:46.0866 0x06e4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:42:46.0884 0x06e4 BrUsbSer - ok 21:42:46.0911 0x06e4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:42:46.0950 0x06e4 BTHMODEM - ok 21:42:47.0010 0x06e4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll 21:42:47.0058 0x06e4 bthserv - ok 21:42:47.0103 0x06e4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:42:47.0134 0x06e4 cdfs - ok 21:42:47.0193 0x06e4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:42:47.0224 0x06e4 cdrom - ok 21:42:47.0262 0x06e4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll 21:42:47.0314 0x06e4 CertPropSvc - ok 21:42:47.0352 0x06e4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:42:47.0390 0x06e4 circlass - ok 21:42:47.0432 0x06e4 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys 21:42:47.0455 0x06e4 CLFS - ok 21:42:47.0521 0x06e4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:42:47.0535 0x06e4 clr_optimization_v2.0.50727_32 - ok 21:42:47.0588 0x06e4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:42:47.0625 0x06e4 clr_optimization_v4.0.30319_32 - ok 21:42:47.0646 0x06e4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:42:47.0679 0x06e4 CmBatt - ok 21:42:47.0702 0x06e4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:42:47.0716 0x06e4 cmdide - ok 21:42:47.0753 0x06e4 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys 21:42:47.0815 0x06e4 CNG - ok 21:42:47.0886 0x06e4 [ 720A32C2D7BE2F21C1213A2EC9C16CDD, B8B276E2A5486ED78849E72F895729AE5077EE1C1AA459C74163BD5909ABE927 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys 21:42:47.0938 0x06e4 CnxtHdAudService - ok 21:42:47.0956 0x06e4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:42:47.0971 0x06e4 Compbatt - ok 21:42:48.0008 0x06e4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:42:48.0044 0x06e4 CompositeBus - ok 21:42:48.0057 0x06e4 COMSysApp - ok 21:42:48.0080 0x06e4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:42:48.0094 0x06e4 crcdisk - ok 21:42:48.0136 0x06e4 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:42:48.0173 0x06e4 CryptSvc - ok 21:42:48.0238 0x06e4 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys 21:42:48.0319 0x06e4 CSC - ok 21:42:48.0370 0x06e4 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll 21:42:48.0434 0x06e4 CscService - ok 21:42:48.0481 0x06e4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll 21:42:48.0548 0x06e4 DcomLaunch - ok 21:42:48.0582 0x06e4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll 21:42:48.0620 0x06e4 defragsvc - ok 21:42:48.0649 0x06e4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:42:48.0680 0x06e4 DfsC - ok 21:42:48.0736 0x06e4 [ 560B0DCE52DFED6623B27C9BAFA6F236, BB4156BB1CCA64CCDE065870DAE56CD58BF05CEBF7C3B17C7A821FDF02A8B157 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 21:42:48.0771 0x06e4 dg_ssudbus - ok 21:42:48.0846 0x06e4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll 21:42:48.0911 0x06e4 Dhcp - ok 21:42:48.0937 0x06e4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys 21:42:48.0974 0x06e4 discache - ok 21:42:49.0023 0x06e4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:42:49.0038 0x06e4 Disk - ok 21:42:49.0104 0x06e4 [ C701324C9E0C25DD9D60311BD87FBC84, 86BE238FCC60A55C92D303452A9D5DFA838AE560BDC03A5C6F0F9ABE92062B5A ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 21:42:49.0115 0x06e4 DKbFltr - ok 21:42:49.0147 0x06e4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:42:49.0198 0x06e4 Dnscache - ok 21:42:49.0230 0x06e4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll 21:42:49.0265 0x06e4 dot3svc - ok 21:42:49.0329 0x06e4 [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 21:42:49.0373 0x06e4 Dot4 - ok 21:42:49.0416 0x06e4 [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 21:42:49.0449 0x06e4 Dot4Print - ok 21:42:49.0500 0x06e4 [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 21:42:49.0530 0x06e4 dot4usb - ok 21:42:49.0583 0x06e4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll 21:42:49.0648 0x06e4 DPS - ok 21:42:49.0694 0x06e4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:42:49.0743 0x06e4 drmkaud - ok 21:42:49.0796 0x06e4 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:42:49.0860 0x06e4 DXGKrnl - ok 21:42:49.0918 0x06e4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll 21:42:49.0965 0x06e4 EapHost - ok 21:42:50.0137 0x06e4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 21:42:50.0329 0x06e4 ebdrv - ok 21:42:50.0369 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] EFS C:\Windows\System32\lsass.exe 21:42:50.0416 0x06e4 EFS - ok 21:42:50.0481 0x06e4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:42:50.0562 0x06e4 ehRecvr - ok 21:42:50.0581 0x06e4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe 21:42:50.0643 0x06e4 ehSched - ok 21:42:50.0710 0x06e4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:42:50.0757 0x06e4 elxstor - ok 21:42:50.0855 0x06e4 [ 7FC5C35144B2FF94FD65576D8C129D2B, DE7AAB85110617A51965030781C91E4A9EA0AB42B3B6200F88ADCF40009664BC ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 21:42:50.0902 0x06e4 ePowerSvc - ok 21:42:50.0926 0x06e4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:42:50.0961 0x06e4 ErrDev - ok 21:42:51.0029 0x06e4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll 21:42:51.0112 0x06e4 EventSystem - ok 21:42:51.0147 0x06e4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys 21:42:51.0197 0x06e4 exfat - ok 21:42:51.0227 0x06e4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:42:51.0282 0x06e4 fastfat - ok 21:42:51.0346 0x06e4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe 21:42:51.0428 0x06e4 Fax - ok 21:42:51.0442 0x06e4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:42:51.0470 0x06e4 fdc - ok 21:42:51.0509 0x06e4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll 21:42:51.0557 0x06e4 fdPHost - ok 21:42:51.0583 0x06e4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll 21:42:51.0613 0x06e4 FDResPub - ok 21:42:51.0626 0x06e4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:42:51.0642 0x06e4 FileInfo - ok 21:42:51.0666 0x06e4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:42:51.0718 0x06e4 Filetrace - ok 21:42:51.0727 0x06e4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:42:51.0744 0x06e4 flpydisk - ok 21:42:51.0797 0x06e4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:42:51.0818 0x06e4 FltMgr - ok 21:42:51.0916 0x06e4 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll 21:42:52.0031 0x06e4 FontCache - ok 21:42:52.0117 0x06e4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:42:52.0132 0x06e4 FontCache3.0.0.0 - ok 21:42:52.0150 0x06e4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:42:52.0166 0x06e4 FsDepends - ok 21:42:52.0216 0x06e4 [ 790A4CA68F44BE35967B3DF61F3E4675, 7CBC77C620ABA75FEF4BA8AD9C38766D50CD18106EBA4693F162F2C5A7D46AA8 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 21:42:52.0238 0x06e4 FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 ) 21:43:01.0932 0x06e4 Detect skipped due to KSN trusted 21:43:01.0932 0x06e4 FsUsbExDisk - ok 21:43:02.0022 0x06e4 [ D3F9205CC4CB07553F2F9472C767EA87, B1DF2B8D718CF7958E5E0B367859EEFB45CC9042B1B88E0C4DA884DF2608B59A ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe 21:43:02.0064 0x06e4 FsUsbExService - detected UnsignedFile.Multi.Generic ( 1 ) 21:43:11.0930 0x06e4 Detect skipped due to KSN trusted 21:43:11.0930 0x06e4 FsUsbExService - ok 21:43:11.0991 0x06e4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:43:12.0011 0x06e4 Fs_Rec - ok 21:43:12.0067 0x06e4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:43:12.0091 0x06e4 fvevol - ok 21:43:12.0145 0x06e4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:43:12.0160 0x06e4 gagp30kx - ok 21:43:12.0264 0x06e4 [ DA3E277F51F300CCAB335D5382148E27, AE3DE9CA0B70DE4D157BCEB5D84B30D53A14E7DF445B3DC70768FCDC955226DB ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe 21:43:12.0304 0x06e4 Garmin Core Update Service - ok 21:43:12.0355 0x06e4 [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:43:12.0366 0x06e4 GEARAspiWDM - ok 21:43:12.0428 0x06e4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll 21:43:12.0503 0x06e4 gpsvc - ok 21:43:12.0611 0x06e4 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files\Acer\Registration\GregHSRW.exe 21:43:12.0671 0x06e4 Greg_Service - ok 21:43:12.0754 0x06e4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 21:43:12.0773 0x06e4 gupdate - ok 21:43:12.0796 0x06e4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 21:43:12.0807 0x06e4 gupdatem - ok 21:43:12.0844 0x06e4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:43:12.0912 0x06e4 hcw85cir - ok 21:43:12.0984 0x06e4 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:43:13.0046 0x06e4 HdAudAddService - ok 21:43:13.0096 0x06e4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:43:13.0139 0x06e4 HDAudBus - ok 21:43:13.0157 0x06e4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:43:13.0200 0x06e4 HidBatt - ok 21:43:13.0231 0x06e4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:43:13.0266 0x06e4 HidBth - ok 21:43:13.0274 0x06e4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:43:13.0301 0x06e4 HidIr - ok 21:43:13.0342 0x06e4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll 21:43:13.0399 0x06e4 hidserv - ok 21:43:13.0453 0x06e4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:43:13.0480 0x06e4 HidUsb - ok 21:43:13.0496 0x06e4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll 21:43:13.0543 0x06e4 hkmsvc - ok 21:43:13.0588 0x06e4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:43:13.0638 0x06e4 HomeGroupListener - ok 21:43:13.0697 0x06e4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:43:13.0718 0x06e4 HomeGroupProvider - ok 21:43:13.0765 0x06e4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:43:13.0782 0x06e4 HpSAMD - ok 21:43:13.0838 0x06e4 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:43:13.0910 0x06e4 HTTP - ok 21:43:13.0942 0x06e4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:43:13.0956 0x06e4 hwpolicy - ok 21:43:14.0021 0x06e4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:43:14.0051 0x06e4 i8042prt - ok 21:43:14.0124 0x06e4 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 21:43:14.0157 0x06e4 IAANTMON - ok 21:43:14.0181 0x06e4 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:43:14.0198 0x06e4 iaStor - ok 21:43:14.0239 0x06e4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:43:14.0273 0x06e4 iaStorV - ok 21:43:14.0345 0x06e4 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:43:14.0405 0x06e4 idsvc - ok 21:43:14.0711 0x06e4 [ 36CC40B02AE593D6152AC8BD657720AF, 4AE1417A762EA3B00D49B721D5E147FA741D416DC4617BFBB21BD2EF1F81F057 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 21:43:15.0152 0x06e4 igfx - ok 21:43:15.0220 0x06e4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:43:15.0234 0x06e4 iirsp - ok 21:43:15.0300 0x06e4 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll 21:43:15.0372 0x06e4 IKEEXT - ok 21:43:15.0456 0x06e4 [ 4D8D5B1C895EA0F2A721B98A7CE198F1, A7BB7060B9C5353A5EDD18EE5A0950EE94E44B1B686F110F0E5BFA432D743DD1 ] int15.sys C:\Windows\System32\OEM\Factory\int15.sys 21:43:15.0486 0x06e4 int15.sys - detected UnsignedFile.Multi.Generic ( 1 ) 21:43:25.0194 0x06e4 Detect skipped due to KSN trusted 21:43:25.0194 0x06e4 int15.sys - ok 21:43:25.0259 0x06e4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys 21:43:25.0282 0x06e4 intelide - ok 21:43:25.0344 0x06e4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:43:25.0387 0x06e4 intelppm - ok 21:43:25.0421 0x06e4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:43:25.0470 0x06e4 IPBusEnum - ok 21:43:25.0503 0x06e4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:43:25.0534 0x06e4 IpFilterDriver - ok 21:43:25.0577 0x06e4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:43:25.0674 0x06e4 iphlpsvc - ok 21:43:25.0710 0x06e4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:43:25.0748 0x06e4 IPMIDRV - ok 21:43:25.0778 0x06e4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:43:25.0810 0x06e4 IPNAT - ok 21:43:25.0836 0x06e4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:43:25.0904 0x06e4 IRENUM - ok 21:43:25.0918 0x06e4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:43:25.0933 0x06e4 isapnp - ok 21:43:25.0968 0x06e4 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:43:25.0992 0x06e4 iScsiPrt - ok 21:43:26.0065 0x06e4 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 21:43:26.0079 0x06e4 IviRegMgr - ok 21:43:26.0096 0x06e4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:43:26.0111 0x06e4 kbdclass - ok 21:43:26.0146 0x06e4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:43:26.0174 0x06e4 kbdhid - ok 21:43:26.0192 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] KeyIso C:\Windows\system32\lsass.exe 21:43:26.0206 0x06e4 KeyIso - ok 21:43:26.0242 0x06e4 [ 746F89CE0C6569C589E6AC4D3DA82D41, 6D41311CBA8BB7C9C09C1757D7947539B67FE3EFF6299502176C673809BAEAD8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:43:26.0257 0x06e4 KSecDD - ok 21:43:26.0291 0x06e4 [ D800E1EAF33630A1636BB21E8256AA92, D07542A242E0D52B494BE63A6A141207D0A59CF66ABEBA9CE33877594BF7BA5D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:43:26.0309 0x06e4 KSecPkg - ok 21:43:26.0358 0x06e4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll 21:43:26.0424 0x06e4 KtmRm - ok 21:43:26.0472 0x06e4 [ 3705B2273E8EFC9A707864AB7324B614, CDEDA70C51E4F9F511396F43C857FFE5537E7EEC8D385169C0D7435A54FCA646 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys 21:43:26.0525 0x06e4 L1C - ok 21:43:26.0544 0x06e4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:43:26.0594 0x06e4 LanmanServer - ok 21:43:26.0648 0x06e4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:43:26.0695 0x06e4 LanmanWorkstation - ok 21:43:26.0764 0x06e4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:43:26.0814 0x06e4 lltdio - ok 21:43:26.0862 0x06e4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:43:26.0921 0x06e4 lltdsvc - ok 21:43:26.0932 0x06e4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:43:26.0966 0x06e4 lmhosts - ok 21:43:27.0003 0x06e4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:43:27.0024 0x06e4 LSI_FC - ok 21:43:27.0043 0x06e4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:43:27.0060 0x06e4 LSI_SAS - ok 21:43:27.0080 0x06e4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:43:27.0095 0x06e4 LSI_SAS2 - ok 21:43:27.0117 0x06e4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:43:27.0136 0x06e4 LSI_SCSI - ok 21:43:27.0184 0x06e4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys 21:43:27.0233 0x06e4 luafv - ok 21:43:27.0305 0x06e4 [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys 21:43:27.0316 0x06e4 LVPr2Mon - ok 21:43:27.0364 0x06e4 [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 21:43:27.0378 0x06e4 LVPrcSrv - ok 21:43:27.0437 0x06e4 [ B895839B8743E400D7C7DAE156F74E7E, 52E13C6260F7E6718C782DF0B43D838FB4939B314695A7A9CB2012D8B224066B ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys 21:43:27.0490 0x06e4 LVRS - ok 21:43:27.0544 0x06e4 [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys 21:43:27.0555 0x06e4 LVUSBSta - ok 21:43:27.0585 0x06e4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:43:27.0603 0x06e4 Mcx2Svc - ok 21:43:27.0638 0x06e4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:43:27.0653 0x06e4 megasas - ok 21:43:27.0706 0x06e4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:43:27.0729 0x06e4 MegaSR - ok 21:43:27.0830 0x06e4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 21:43:27.0844 0x06e4 Microsoft Office Groove Audit Service - ok 21:43:27.0882 0x06e4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll 21:43:27.0932 0x06e4 MMCSS - ok 21:43:27.0941 0x06e4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys 21:43:27.0981 0x06e4 Modem - ok 21:43:28.0024 0x06e4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:43:28.0041 0x06e4 monitor - ok 21:43:28.0087 0x06e4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:43:28.0101 0x06e4 mouclass - ok 21:43:28.0153 0x06e4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:43:28.0195 0x06e4 mouhid - ok 21:43:28.0241 0x06e4 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:43:28.0256 0x06e4 mountmgr - ok 21:43:28.0318 0x06e4 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:43:28.0337 0x06e4 MozillaMaintenance - ok 21:43:28.0371 0x06e4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys 21:43:28.0388 0x06e4 mpio - ok 21:43:28.0434 0x06e4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:43:28.0465 0x06e4 mpsdrv - ok 21:43:28.0514 0x06e4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:43:28.0570 0x06e4 MpsSvc - ok 21:43:28.0614 0x06e4 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:43:28.0665 0x06e4 MRxDAV - ok 21:43:28.0699 0x06e4 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:43:28.0733 0x06e4 mrxsmb - ok 21:43:28.0756 0x06e4 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:43:28.0795 0x06e4 mrxsmb10 - ok 21:43:28.0805 0x06e4 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:43:28.0825 0x06e4 mrxsmb20 - ok 21:43:28.0864 0x06e4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys 21:43:28.0878 0x06e4 msahci - ok 21:43:28.0973 0x06e4 [ D98350792A7CE82E7459A7C36481BEDA, 7A7634F78ECF4E26F83C49A52806F2DD84158DFC0A33EDC3C87B38B3846129F2 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe 21:43:28.0988 0x06e4 MSCamSvc - ok 21:43:29.0011 0x06e4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:43:29.0028 0x06e4 msdsm - ok 21:43:29.0048 0x06e4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe 21:43:29.0068 0x06e4 MSDTC - ok 21:43:29.0091 0x06e4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:43:29.0140 0x06e4 Msfs - ok 21:43:29.0162 0x06e4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:43:29.0227 0x06e4 mshidkmdf - ok 21:43:29.0252 0x06e4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:43:29.0266 0x06e4 msisadrv - ok 21:43:29.0320 0x06e4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:43:29.0351 0x06e4 MSiSCSI - ok 21:43:29.0357 0x06e4 msiserver - ok 21:43:29.0393 0x06e4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:43:29.0423 0x06e4 MSKSSRV - ok 21:43:29.0450 0x06e4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:43:29.0495 0x06e4 MSPCLOCK - ok 21:43:29.0518 0x06e4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:43:29.0565 0x06e4 MSPQM - ok 21:43:29.0594 0x06e4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:43:29.0613 0x06e4 MsRPC - ok 21:43:29.0630 0x06e4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:43:29.0644 0x06e4 mssmbios - ok 21:43:29.0651 0x06e4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:43:29.0695 0x06e4 MSTEE - ok 21:43:29.0702 0x06e4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:43:29.0723 0x06e4 MTConfig - ok 21:43:29.0743 0x06e4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys 21:43:29.0757 0x06e4 Mup - ok 21:43:29.0787 0x06e4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll 21:43:29.0857 0x06e4 napagent - ok 21:43:29.0896 0x06e4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:43:29.0938 0x06e4 NativeWifiP - ok 21:43:30.0007 0x06e4 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:43:30.0081 0x06e4 NDIS - ok 21:43:30.0113 0x06e4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:43:30.0151 0x06e4 NdisCap - ok 21:43:30.0181 0x06e4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:43:30.0231 0x06e4 NdisTapi - ok 21:43:30.0260 0x06e4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:43:30.0308 0x06e4 Ndisuio - ok 21:43:30.0334 0x06e4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:43:30.0365 0x06e4 NdisWan - ok 21:43:30.0388 0x06e4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:43:30.0437 0x06e4 NDProxy - ok 21:43:30.0501 0x06e4 [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 21:43:30.0507 0x06e4 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 21:43:40.0648 0x06e4 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:43:40.0648 0x06e4 Force sending object to P2P due to detect: Net Driver HPZ12 21:44:00.0650 0x06e4 Object send P2P result: false 21:44:10.0439 0x06e4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:44:10.0501 0x06e4 NetBIOS - ok 21:44:10.0547 0x06e4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:44:10.0622 0x06e4 NetBT - ok 21:44:10.0643 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] Netlogon C:\Windows\system32\lsass.exe 21:44:10.0657 0x06e4 Netlogon - ok 21:44:10.0692 0x06e4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll 21:44:10.0745 0x06e4 Netman - ok 21:44:10.0812 0x06e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:44:10.0858 0x06e4 NetMsmqActivator - ok 21:44:10.0869 0x06e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:44:10.0885 0x06e4 NetPipeActivator - ok 21:44:10.0913 0x06e4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll 21:44:10.0988 0x06e4 netprofm - ok 21:44:11.0018 0x06e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:44:11.0033 0x06e4 NetTcpActivator - ok 21:44:11.0042 0x06e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:44:11.0058 0x06e4 NetTcpPortSharing - ok 21:44:11.0323 0x06e4 [ EF51B405AD8ACAAE6F0231290D20F516, 2BBD53127E1375E36590ECBA9DA6AAD133E850A90D5B5610DED99D37987CAADD ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys 21:44:11.0723 0x06e4 NETw5s32 - ok 21:44:11.0932 0x06e4 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 21:44:12.0146 0x06e4 netw5v32 - ok 21:44:12.0189 0x06e4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:44:12.0204 0x06e4 nfrd960 - ok 21:44:12.0245 0x06e4 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:44:12.0299 0x06e4 NlaSvc - ok 21:44:12.0342 0x06e4 [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 21:44:12.0441 0x06e4 nmwcd - ok 21:44:12.0482 0x06e4 [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 21:44:12.0531 0x06e4 nmwcdc - ok 21:44:12.0551 0x06e4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:44:12.0582 0x06e4 Npfs - ok 21:44:12.0610 0x06e4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll 21:44:12.0662 0x06e4 nsi - ok 21:44:12.0701 0x06e4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:44:12.0731 0x06e4 nsiproxy - ok 21:44:12.0806 0x06e4 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:44:12.0869 0x06e4 Ntfs - ok 21:44:12.0930 0x06e4 [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 21:44:12.0952 0x06e4 NTIBackupSvc - ok 21:44:12.0993 0x06e4 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F, 97CE08B0797A6A13567B49A2AD9BE95C019E3F199857823005F68702CD6A5B08 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 21:44:13.0003 0x06e4 NTIDrvr - ok 21:44:13.0046 0x06e4 [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 21:44:13.0083 0x06e4 NTISchedulerSvc - ok 21:44:13.0109 0x06e4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys 21:44:13.0138 0x06e4 Null - ok 21:44:13.0174 0x06e4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:44:13.0191 0x06e4 nvraid - ok 21:44:13.0217 0x06e4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:44:13.0235 0x06e4 nvstor - ok 21:44:13.0254 0x06e4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:44:13.0271 0x06e4 nv_agp - ok 21:44:13.0363 0x06e4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:44:13.0416 0x06e4 odserv - ok 21:44:13.0510 0x06e4 [ B3E5887095F1DE8737DA3441D29F60E4, 722DCC5F8AE62C7EE87C14AFA447EB630EDDB23C56E921E5FA8C72C12011C676 ] ogmservice C:\Program Files\Online Games Manager\ogmservice.exe 21:44:13.0568 0x06e4 ogmservice - ok 21:44:13.0608 0x06e4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:44:13.0625 0x06e4 ohci1394 - ok 21:44:13.0795 0x06e4 [ A696D9A45009FB110922FB1A53002FAC, 1DD82A60F3CF86D8BAD82128AEC23407A673C5B7E1DA31026770E94C30B5E65E ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe 21:44:13.0947 0x06e4 OODefragAgent - ok 21:44:14.0019 0x06e4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:44:14.0034 0x06e4 ose - ok 21:44:14.0079 0x06e4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:44:14.0140 0x06e4 p2pimsvc - ok 21:44:14.0184 0x06e4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll 21:44:14.0218 0x06e4 p2psvc - ok 21:44:14.0247 0x06e4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:44:14.0284 0x06e4 Parport - ok 21:44:14.0329 0x06e4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:44:14.0344 0x06e4 partmgr - ok 21:44:14.0357 0x06e4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 21:44:14.0392 0x06e4 Parvdm - ok 21:44:14.0425 0x06e4 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll 21:44:14.0471 0x06e4 PcaSvc - ok 21:44:14.0542 0x06e4 [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 21:44:14.0607 0x06e4 pccsmcfd - ok 21:44:14.0622 0x06e4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys 21:44:14.0639 0x06e4 pci - ok 21:44:14.0662 0x06e4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys 21:44:14.0675 0x06e4 pciide - ok 21:44:14.0703 0x06e4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:44:14.0722 0x06e4 pcmcia - ok 21:44:14.0730 0x06e4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys 21:44:14.0744 0x06e4 pcw - ok 21:44:14.0788 0x06e4 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:44:14.0833 0x06e4 PEAUTH - ok 21:44:14.0898 0x06e4 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:44:15.0006 0x06e4 PeerDistSvc - ok 21:44:15.0062 0x06e4 [ A05F0D7419CF4680EEDD5736E6549E7B, D8B32DE00A317593D61016E4823370B073618F9760A785FF7DA0F26DD5E4FCAB ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys 21:44:15.0072 0x06e4 pepifilter - ok 21:44:15.0231 0x06e4 [ 4BB5AC2DD485B8EEFCCB977EE66A68AD, 8C45E74697B2484A26DE693D179AF81F2F4DC4EC0985908A89EF6167F3096056 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS 21:44:15.0389 0x06e4 PID_PEPI - ok 21:44:15.0489 0x06e4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll 21:44:15.0609 0x06e4 pla - ok 21:44:15.0684 0x06e4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:44:15.0746 0x06e4 PlugPlay - ok 21:44:15.0784 0x06e4 [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 21:44:15.0791 0x06e4 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 21:44:25.0791 0x06e4 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:44:35.0862 0x06e4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:44:35.0890 0x06e4 PNRPAutoReg - ok 21:44:35.0915 0x06e4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:44:35.0936 0x06e4 PNRPsvc - ok 21:44:35.0979 0x06e4 [ 0648C9DB881557749039CFEE5E97E1A3, B26D87A585D611B0B14133A353AABE0CC305E5080A6A5701095A4DFB0D41C319 ] Point32 C:\Windows\system32\DRIVERS\point32.sys 21:44:36.0000 0x06e4 Point32 - ok 21:44:36.0053 0x06e4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:44:36.0117 0x06e4 PolicyAgent - ok 21:44:36.0162 0x06e4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll 21:44:36.0194 0x06e4 Power - ok 21:44:36.0243 0x06e4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:44:36.0298 0x06e4 PptpMiniport - ok 21:44:36.0340 0x06e4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:44:36.0384 0x06e4 Processor - ok 21:44:36.0427 0x06e4 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll 21:44:36.0462 0x06e4 ProfSvc - ok 21:44:36.0483 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] ProtectedStorage C:\Windows\system32\lsass.exe 21:44:36.0498 0x06e4 ProtectedStorage - ok 21:44:36.0544 0x06e4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:44:36.0596 0x06e4 Psched - ok 21:44:36.0650 0x06e4 [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 21:44:36.0671 0x06e4 PSI_SVC_2 - ok 21:44:36.0723 0x06e4 [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393, EB25ADA930E325728D0569B737FDF34295037DC14DEE7483F77E47438B849741 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 21:44:36.0730 0x06e4 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 ) 21:44:46.0402 0x06e4 Detect skipped due to KSN trusted 21:44:46.0402 0x06e4 PxHelp20 - ok 21:44:46.0527 0x06e4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:44:46.0655 0x06e4 ql2300 - ok 21:44:46.0679 0x06e4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:44:46.0696 0x06e4 ql40xx - ok 21:44:46.0737 0x06e4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll 21:44:46.0777 0x06e4 QWAVE - ok 21:44:46.0802 0x06e4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:44:46.0820 0x06e4 QWAVEdrv - ok 21:44:46.0828 0x06e4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:44:46.0858 0x06e4 RasAcd - ok 21:44:46.0908 0x06e4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:44:46.0959 0x06e4 RasAgileVpn - ok 21:44:46.0989 0x06e4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll 21:44:47.0023 0x06e4 RasAuto - ok 21:44:47.0030 0x06e4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:44:47.0075 0x06e4 Rasl2tp - ok 21:44:47.0118 0x06e4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll 21:44:47.0181 0x06e4 RasMan - ok 21:44:47.0189 0x06e4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:44:47.0228 0x06e4 RasPppoe - ok 21:44:47.0250 0x06e4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:44:47.0279 0x06e4 RasSstp - ok 21:44:47.0367 0x06e4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:44:47.0425 0x06e4 rdbss - ok 21:44:47.0451 0x06e4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:44:47.0492 0x06e4 rdpbus - ok 21:44:47.0523 0x06e4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:44:47.0567 0x06e4 RDPCDD - ok 21:44:47.0612 0x06e4 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:44:47.0661 0x06e4 RDPDR - ok 21:44:47.0680 0x06e4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:44:47.0720 0x06e4 RDPENCDD - ok 21:44:47.0730 0x06e4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:44:47.0761 0x06e4 RDPREFMP - ok 21:44:47.0827 0x06e4 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 21:44:47.0885 0x06e4 RdpVideoMiniport - ok 21:44:47.0918 0x06e4 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:44:47.0947 0x06e4 RDPWD - ok 21:44:47.0980 0x06e4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:44:47.0998 0x06e4 rdyboost - ok 21:44:48.0028 0x06e4 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys 21:44:48.0037 0x06e4 regi - ok 21:44:48.0084 0x06e4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:44:48.0115 0x06e4 RemoteAccess - ok 21:44:48.0145 0x06e4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:44:48.0195 0x06e4 RemoteRegistry - ok 21:44:48.0239 0x06e4 [ 0F6756EF8BDA6DFA7BE50465C83132BB, 1AE76B66F04A2AE99CD1A1368D4998C8081E89578A37D7D535D8CBCAA6136AE0 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys 21:44:48.0297 0x06e4 RimUsb - ok 21:44:48.0322 0x06e4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:44:48.0353 0x06e4 RpcEptMapper - ok 21:44:48.0381 0x06e4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe 21:44:48.0396 0x06e4 RpcLocator - ok 21:44:48.0436 0x06e4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll 21:44:48.0474 0x06e4 RpcSs - ok 21:44:48.0535 0x06e4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:44:48.0585 0x06e4 rspndr - ok 21:44:48.0639 0x06e4 [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 21:44:48.0669 0x06e4 RSUSBSTOR - ok 21:44:48.0752 0x06e4 [ B5A4B7D779CF4070DF408DE18BD33B02, 45D68D32AE10DB0D76F3455DF84ACD2289485C38FC411B71C2DD3E0FB9923473 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe 21:44:48.0781 0x06e4 RS_Service - detected UnsignedFile.Multi.Generic ( 1 ) 21:44:58.0691 0x06e4 Detect skipped due to KSN trusted 21:44:58.0692 0x06e4 RS_Service - ok 21:44:58.0700 0x06e4 RtsUIR - ok 21:44:58.0761 0x06e4 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:44:58.0813 0x06e4 s3cap - ok 21:44:58.0831 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] SamSs C:\Windows\system32\lsass.exe 21:44:58.0844 0x06e4 SamSs - ok 21:44:58.0888 0x06e4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:44:58.0904 0x06e4 sbp2port - ok 21:44:58.0945 0x06e4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:44:58.0998 0x06e4 SCardSvr - ok 21:44:59.0028 0x06e4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:44:59.0066 0x06e4 scfilter - ok 21:44:59.0153 0x06e4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll 21:44:59.0231 0x06e4 Schedule - ok 21:44:59.0264 0x06e4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:44:59.0291 0x06e4 SCPolicySvc - ok 21:44:59.0329 0x06e4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:44:59.0391 0x06e4 SDRSVC - ok 21:44:59.0440 0x06e4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:44:59.0508 0x06e4 secdrv - ok 21:44:59.0543 0x06e4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll 21:44:59.0592 0x06e4 seclogon - ok 21:44:59.0628 0x06e4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll 21:44:59.0659 0x06e4 SENS - ok 21:44:59.0691 0x06e4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:44:59.0755 0x06e4 SensrSvc - ok 21:44:59.0779 0x06e4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:44:59.0808 0x06e4 Serenum - ok 21:44:59.0836 0x06e4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:44:59.0853 0x06e4 Serial - ok 21:44:59.0882 0x06e4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:44:59.0897 0x06e4 sermouse - ok 21:45:00.0021 0x06e4 [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 21:45:00.0078 0x06e4 ServiceLayer - ok 21:45:00.0133 0x06e4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll 21:45:00.0194 0x06e4 SessionEnv - ok 21:45:00.0230 0x06e4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:45:00.0258 0x06e4 sffdisk - ok 21:45:00.0280 0x06e4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:45:00.0309 0x06e4 sffp_mmc - ok 21:45:00.0327 0x06e4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:45:00.0343 0x06e4 sffp_sd - ok 21:45:00.0374 0x06e4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:45:00.0388 0x06e4 sfloppy - ok 21:45:00.0441 0x06e4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:45:00.0490 0x06e4 SharedAccess - ok 21:45:00.0534 0x06e4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:45:00.0582 0x06e4 ShellHWDetection - ok 21:45:00.0615 0x06e4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys 21:45:00.0629 0x06e4 sisagp - ok 21:45:00.0651 0x06e4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:45:00.0666 0x06e4 SiSRaid2 - ok 21:45:00.0674 0x06e4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:45:00.0690 0x06e4 SiSRaid4 - ok 21:45:00.0797 0x06e4 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 21:45:00.0830 0x06e4 SkypeUpdate - ok 21:45:00.0867 0x06e4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:45:00.0918 0x06e4 Smb - ok 21:45:00.0975 0x06e4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:45:01.0006 0x06e4 SNMPTRAP - ok 21:45:01.0041 0x06e4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys 21:45:01.0056 0x06e4 spldr - ok 21:45:01.0089 0x06e4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe 21:45:01.0129 0x06e4 Spooler - ok 21:45:01.0283 0x06e4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe 21:45:01.0499 0x06e4 sppsvc - ok 21:45:01.0545 0x06e4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:45:01.0574 0x06e4 sppuinotify - ok 21:45:01.0654 0x06e4 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 21:45:01.0676 0x06e4 SQLWriter - ok 21:45:01.0718 0x06e4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:45:01.0800 0x06e4 srv - ok 21:45:01.0819 0x06e4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:45:01.0863 0x06e4 srv2 - ok 21:45:01.0889 0x06e4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:45:01.0922 0x06e4 srvnet - ok 21:45:01.0956 0x06e4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:45:01.0993 0x06e4 SSDPSRV - ok 21:45:02.0025 0x06e4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:45:02.0056 0x06e4 SstpSvc - ok 21:45:02.0115 0x06e4 [ 585FDB94DB04AC1C56298D1FD1F1389E, 5CEBAAF3B649E580B3EF2B9B38426D6EE13B244BE1274BA0C0A468EC4CFB680C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 21:45:02.0133 0x06e4 ssudmdm - ok 21:45:02.0185 0x06e4 [ E0B86430E0B26C10B355B9E590FD25E0, ACCAF68AB6F905DC474D49E3664D2BEC82B489813F1355E7B4E48C47051DF278 ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys 21:45:02.0202 0x06e4 ssudserd - ok 21:45:02.0262 0x06e4 [ EAA66218CD39F5BB1B4853A78C67C787, 59B4B270A24EDE9B30F2613A4904ECC30C60FEC27DDB87C03EC8F97C33178272 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 21:45:02.0275 0x06e4 ss_bbus - ok 21:45:02.0301 0x06e4 [ 91765F99914ED8693D8BC76524F21581, 2A5D52E05804DED18032646A501047B85FC5C383CC5442349CE525FCD49DC2DC ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 21:45:02.0312 0x06e4 ss_bmdfl - ok 21:45:02.0337 0x06e4 [ 840E7B738B03C10EE91D9B7D3D6EFF15, DE72972834532588C44CD558BEDEE7189F1E2ABC46DD7D6D55117FDCCF928C4B ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 21:45:02.0350 0x06e4 ss_bmdm - ok 21:45:02.0374 0x06e4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:45:02.0387 0x06e4 stexstor - ok 21:45:02.0436 0x06e4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll 21:45:02.0491 0x06e4 StiSvc - ok 21:45:02.0521 0x06e4 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys 21:45:02.0536 0x06e4 storflt - ok 21:45:02.0563 0x06e4 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll 21:45:02.0598 0x06e4 StorSvc - ok 21:45:02.0628 0x06e4 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys 21:45:02.0642 0x06e4 storvsc - ok 21:45:02.0673 0x06e4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys 21:45:02.0686 0x06e4 swenum - ok 21:45:02.0709 0x06e4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll 21:45:02.0781 0x06e4 swprv - ok 21:45:02.0831 0x06e4 [ C93AA00FB1386CC00D0A66BA41847421, DAE280511F7FDD419CB04794A623DDEF7A8921510DA1F2823955B1AB8FC45560 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:45:02.0849 0x06e4 SynTP - ok 21:45:02.0911 0x06e4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll 21:45:03.0008 0x06e4 SysMain - ok 21:45:03.0056 0x06e4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll 21:45:03.0077 0x06e4 TabletInputService - ok 21:45:03.0120 0x06e4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll 21:45:03.0167 0x06e4 TapiSrv - ok 21:45:03.0200 0x06e4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll 21:45:03.0233 0x06e4 TBS - ok 21:45:03.0311 0x06e4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:45:03.0392 0x06e4 Tcpip - ok 21:45:03.0451 0x06e4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:45:03.0497 0x06e4 TCPIP6 - ok 21:45:03.0544 0x06e4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:45:03.0559 0x06e4 tcpipreg - ok 21:45:03.0593 0x06e4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:45:03.0619 0x06e4 TDPIPE - ok 21:45:03.0638 0x06e4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:45:03.0653 0x06e4 TDTCP - ok 21:45:03.0681 0x06e4 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:45:03.0710 0x06e4 tdx - ok 21:45:03.0736 0x06e4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:45:03.0750 0x06e4 TermDD - ok 21:45:03.0804 0x06e4 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll 21:45:03.0898 0x06e4 TermService - ok 21:45:03.0926 0x06e4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll 21:45:03.0945 0x06e4 Themes - ok 21:45:03.0956 0x06e4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll 21:45:03.0986 0x06e4 THREADORDER - ok 21:45:04.0002 0x06e4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll 21:45:04.0034 0x06e4 TrkWks - ok 21:45:04.0100 0x06e4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:45:04.0158 0x06e4 TrustedInstaller - ok 21:45:04.0187 0x06e4 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:45:04.0201 0x06e4 tssecsrv - ok 21:45:04.0240 0x06e4 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:45:04.0300 0x06e4 TsUsbFlt - ok 21:45:04.0351 0x06e4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:45:04.0394 0x06e4 tunnel - ok 21:45:04.0422 0x06e4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:45:04.0437 0x06e4 uagp35 - ok 21:45:04.0460 0x06e4 [ D79C0B9BB011218B93705CBF77FA3E5E, 9205A736E110740AD63A2EBB94676BEE2C89A1EF8168E35FBB9CE82EE32D45EB ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 21:45:04.0472 0x06e4 UBHelper - ok 21:45:04.0500 0x06e4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:45:04.0558 0x06e4 udfs - ok 21:45:04.0608 0x06e4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:45:04.0645 0x06e4 UI0Detect - ok 21:45:04.0703 0x06e4 [ 9F643D4C0F88ABFE8023236A69E52A76, 65CEA73D6B280AB298E2504B11D641E16FDB683EC088DA93C8B738AE41BA3808 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys 21:45:04.0717 0x06e4 UimBus - ok 21:45:04.0765 0x06e4 [ A6EDD08ED92FBF20FCF45D9C63E3235B, 6FA8AE9CE7BA8601DDCC3AAC5DB7CB432AA1B017F48832000262DD5A6FE01B0E ] Uim_DEVIM C:\Windows\system32\DRIVERS\uim_devim.sys 21:45:04.0778 0x06e4 Uim_DEVIM - ok 21:45:04.0815 0x06e4 [ DCE5E9644069981C7646D1CC83A938A2, ABB01072E6014AE94949C198223703B8D413BD4343CF6D87C3931B80F3EC9FFF ] Uim_IM C:\Windows\system32\DRIVERS\uim_im.sys 21:45:04.0857 0x06e4 Uim_IM - ok 21:45:04.0895 0x06e4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:45:04.0910 0x06e4 uliagpkx - ok 21:45:04.0955 0x06e4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys 21:45:04.0972 0x06e4 umbus - ok 21:45:05.0021 0x06e4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:45:05.0036 0x06e4 UmPass - ok 21:45:05.0063 0x06e4 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll 21:45:05.0098 0x06e4 UmRdpService - ok 21:45:05.0168 0x06e4 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 21:45:05.0202 0x06e4 Updater Service - ok 21:45:05.0232 0x06e4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll 21:45:05.0301 0x06e4 upnphost - ok 21:45:05.0358 0x06e4 [ 8721F55D8BC9F89E3A63CEBDF5EF4FA3, C0C82480014B646709869A6A6FA2B71B993F9FCD8E2DB9E8F7D341C21EE169CF ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 21:45:05.0402 0x06e4 upperdev - ok 21:45:05.0441 0x06e4 [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 21:45:05.0462 0x06e4 USBAAPL - detected UnsignedFile.Multi.Generic ( 1 ) 21:45:15.0152 0x06e4 Detect skipped due to KSN trusted 21:45:15.0152 0x06e4 USBAAPL - ok 21:45:15.0242 0x06e4 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:45:15.0289 0x06e4 usbaudio - ok 21:45:15.0318 0x06e4 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:45:15.0385 0x06e4 usbccgp - ok 21:45:15.0392 0x06e4 USBCCID - ok 21:45:15.0451 0x06e4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:45:15.0485 0x06e4 usbcir - ok 21:45:15.0519 0x06e4 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:45:15.0549 0x06e4 usbehci - ok 21:45:15.0605 0x06e4 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:45:15.0638 0x06e4 usbhub - ok 21:45:15.0657 0x06e4 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:45:15.0694 0x06e4 usbohci - ok 21:45:15.0737 0x06e4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:45:15.0779 0x06e4 usbprint - ok 21:45:15.0805 0x06e4 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:45:15.0854 0x06e4 usbscan - ok 21:45:15.0904 0x06e4 [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser C:\Windows\system32\DRIVERS\usbser.sys 21:45:15.0974 0x06e4 usbser - ok 21:45:15.0995 0x06e4 [ 4E66C71D8D010BFB0DF1042D25E9CB0F, E581ED3557A06FEE7F35DF1C18C7D74FEFD1FC5E6CDAD6692F66F4A033830F1C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 21:45:16.0045 0x06e4 UsbserFilt - ok 21:45:16.0084 0x06e4 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:45:16.0121 0x06e4 USBSTOR - ok 21:45:16.0146 0x06e4 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 21:45:16.0183 0x06e4 usbuhci - ok 21:45:16.0247 0x06e4 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 21:45:16.0288 0x06e4 usbvideo - ok 21:45:16.0324 0x06e4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll 21:45:16.0388 0x06e4 UxSms - ok 21:45:16.0409 0x06e4 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] VaultSvc C:\Windows\system32\lsass.exe 21:45:16.0423 0x06e4 VaultSvc - ok 21:45:16.0453 0x06e4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:45:16.0467 0x06e4 vdrvroot - ok 21:45:16.0512 0x06e4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe 21:45:16.0573 0x06e4 vds - ok 21:45:16.0633 0x06e4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:45:16.0650 0x06e4 vga - ok 21:45:16.0675 0x06e4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys 21:45:16.0727 0x06e4 VgaSave - ok 21:45:16.0767 0x06e4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:45:16.0785 0x06e4 vhdmp - ok 21:45:16.0826 0x06e4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys 21:45:16.0841 0x06e4 viaagp - ok 21:45:16.0861 0x06e4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 21:45:16.0900 0x06e4 ViaC7 - ok 21:45:16.0935 0x06e4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys 21:45:16.0948 0x06e4 viaide - ok 21:45:16.0981 0x06e4 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys 21:45:17.0000 0x06e4 vmbus - ok 21:45:17.0017 0x06e4 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:45:17.0043 0x06e4 VMBusHID - ok 21:45:17.0052 0x06e4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:45:17.0068 0x06e4 volmgr - ok 21:45:17.0102 0x06e4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:45:17.0125 0x06e4 volmgrx - ok 21:45:17.0155 0x06e4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:45:17.0177 0x06e4 volsnap - ok 21:45:17.0216 0x06e4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:45:17.0233 0x06e4 vsmraid - ok 21:45:17.0290 0x06e4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe 21:45:17.0380 0x06e4 VSS - ok 21:45:17.0410 0x06e4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:45:17.0457 0x06e4 vwifibus - ok 21:45:17.0493 0x06e4 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:45:17.0511 0x06e4 vwififlt - ok 21:45:17.0547 0x06e4 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:45:17.0565 0x06e4 vwifimp - ok 21:45:17.0700 0x06e4 [ E26744E5DD71A16E80D4DD5A286B8423, 877F06ADDDF60D3524055C7FF0D9D04BE7A6477F64CF8030576025E72598EB25 ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys 21:45:17.0809 0x06e4 VX3000 - ok 21:45:17.0860 0x06e4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll 21:45:17.0934 0x06e4 W32Time - ok 21:45:17.0970 0x06e4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:45:17.0985 0x06e4 WacomPen - ok 21:45:18.0027 0x06e4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:45:18.0059 0x06e4 WANARP - ok 21:45:18.0065 0x06e4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:45:18.0092 0x06e4 Wanarpv6 - ok 21:45:18.0224 0x06e4 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 21:45:18.0312 0x06e4 WatAdminSvc - ok 21:45:18.0401 0x06e4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe 21:45:18.0510 0x06e4 wbengine - ok 21:45:18.0563 0x06e4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:45:18.0587 0x06e4 WbioSrvc - ok 21:45:18.0630 0x06e4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:45:18.0667 0x06e4 wcncsvc - ok 21:45:18.0687 0x06e4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:45:18.0743 0x06e4 WcsPlugInService - ok 21:45:18.0764 0x06e4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:45:18.0777 0x06e4 Wd - ok 21:45:18.0820 0x06e4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:45:18.0866 0x06e4 Wdf01000 - ok 21:45:18.0904 0x06e4 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:45:18.0926 0x06e4 WdiServiceHost - ok 21:45:18.0932 0x06e4 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:45:18.0948 0x06e4 WdiSystemHost - ok 21:45:18.0984 0x06e4 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll 21:45:19.0020 0x06e4 WebClient - ok 21:45:19.0046 0x06e4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:45:19.0103 0x06e4 Wecsvc - ok 21:45:19.0126 0x06e4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:45:19.0155 0x06e4 wercplsupport - ok 21:45:19.0206 0x06e4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll 21:45:19.0258 0x06e4 WerSvc - ok 21:45:19.0313 0x06e4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:45:19.0345 0x06e4 WfpLwf - ok 21:45:19.0360 0x06e4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:45:19.0375 0x06e4 WIMMount - ok 21:45:19.0478 0x06e4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 21:45:19.0601 0x06e4 WinDefend - ok 21:45:19.0631 0x06e4 WinHttpAutoProxySvc - ok 21:45:19.0712 0x06e4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:45:19.0744 0x06e4 Winmgmt - ok 21:45:19.0828 0x06e4 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll 21:45:19.0923 0x06e4 WinRM - ok 21:45:19.0982 0x06e4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:45:20.0020 0x06e4 WinUsb - ok 21:45:20.0087 0x06e4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:45:20.0168 0x06e4 Wlansvc - ok 21:45:20.0213 0x06e4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:45:20.0240 0x06e4 WmiAcpi - ok 21:45:20.0294 0x06e4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:45:20.0322 0x06e4 wmiApSrv - ok 21:45:20.0435 0x06e4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 21:45:20.0534 0x06e4 WMPNetworkSvc - ok 21:45:20.0567 0x06e4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:45:20.0603 0x06e4 WPCSvc - ok 21:45:20.0642 0x06e4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:45:20.0684 0x06e4 WPDBusEnum - ok 21:45:20.0729 0x06e4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:45:20.0758 0x06e4 ws2ifsl - ok 21:45:20.0782 0x06e4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll 21:45:20.0802 0x06e4 wscsvc - ok 21:45:20.0808 0x06e4 WSearch - ok 21:45:20.0923 0x06e4 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll 21:45:21.0045 0x06e4 wuauserv - ok 21:45:21.0081 0x06e4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:45:21.0111 0x06e4 WudfPf - ok 21:45:21.0165 0x06e4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:45:21.0197 0x06e4 WUDFRd - ok 21:45:21.0222 0x06e4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:45:21.0239 0x06e4 wudfsvc - ok 21:45:21.0269 0x06e4 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll 21:45:21.0330 0x06e4 WwanSvc - ok 21:45:21.0370 0x06e4 ================ Scan global =============================== 21:45:21.0398 0x06e4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll 21:45:21.0424 0x06e4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 21:45:21.0440 0x06e4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 21:45:21.0468 0x06e4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll 21:45:21.0511 0x06e4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe 21:45:21.0532 0x06e4 [ Global ] - ok 21:45:21.0532 0x06e4 ================ Scan MBR ================================== 21:45:21.0548 0x06e4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:45:21.0942 0x06e4 \Device\Harddisk0\DR0 - ok 21:45:22.0192 0x06e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 21:45:22.0394 0x06e4 \Device\Harddisk1\DR1 - ok 21:45:22.0394 0x06e4 ================ Scan VBR ================================== 21:45:22.0399 0x06e4 [ 0E505144060518FD78667C91B4FC3F4C ] \Device\Harddisk0\DR0\Partition1 21:45:22.0447 0x06e4 \Device\Harddisk0\DR0\Partition1 - ok 21:45:22.0456 0x06e4 [ 5355EF96BD341A0C3D67E4C50F387192 ] \Device\Harddisk0\DR0\Partition2 21:45:22.0506 0x06e4 \Device\Harddisk0\DR0\Partition2 - ok 21:45:22.0529 0x06e4 [ C6D781860B39462D325FDAA419B6605C ] \Device\Harddisk0\DR0\Partition3 21:45:22.0531 0x06e4 \Device\Harddisk0\DR0\Partition3 - ok 21:45:22.0539 0x06e4 [ 0574A452B78073454F140F73BBA1BA25 ] \Device\Harddisk1\DR1\Partition1 21:45:22.0543 0x06e4 \Device\Harddisk1\DR1\Partition1 - ok 21:45:22.0547 0x06e4 ================ Scan generic autorun ====================== 21:45:22.0610 0x06e4 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 21:45:22.0631 0x06e4 IAAnotif - ok 21:45:22.0690 0x06e4 [ E1B256B757927A1A11FB000B8367BC97, EBAEF95D1297F267D540F45879E20FAC7A2FBCE5B09881BA2F93DE33819E6A3F ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe 21:45:22.0735 0x06e4 cAudioFilterAgent - ok 21:45:22.0789 0x06e4 [ DBA9AA300B71FA6D28D72D65D25CCF13, FC749201863D9142B2D93378D8C42CB807FD284719973A766FF61DEDFDD96D21 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe 21:45:22.0819 0x06e4 Acer ePower Management - ok 21:45:22.0870 0x06e4 [ 5D6DDC47D96FB9E26FB457E8FCDEC031, D10AADBFCA0848A00C11E9133D823DEED7FDBDE678E13174EFC5B9350AEC01B5 ] C:\Program Files\Launch Manager\LManager.exe 21:45:22.0907 0x06e4 LManager - ok 21:45:22.0996 0x06e4 [ 9ED471B3802FD5611F98043EDD05FB83, ECC45519880A3A604BEDD2AC57F05A5E7D20C53EA0D5C2EEB033D8BEBED299B0 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 21:45:23.0105 0x06e4 SynTPEnh - ok 21:45:23.0227 0x06e4 [ 89C3452463F18E74B578130FEE03F45C, 11DA28EFE26DBE6D5FCC6770F6F963A7D6D283C54E434EB639647539712528D6 ] C:\PROGRA~1\AVG\AVG9\avgtray.exe 21:45:23.0312 0x06e4 AVG9_TRAY - ok 21:45:23.0381 0x06e4 [ A591CADA7FAEA205F5A4FA1D156AE6A8, 6B242D58CE2A4D4E490F01945CF86E4F968F773112C80EBC341624C9740E377B ] C:\Windows\vVX3000.exe 21:45:23.0455 0x06e4 VX3000 - ok 21:45:23.0491 0x06e4 [ 19BE5BF2FF9283894BC0F22322FDF56B, DB1B35B4D65C7BF8BC24C730899E93F10C45FC615C45129B01B76BCEAD9928E0 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe 21:45:23.0505 0x06e4 LifeCam - ok 21:45:23.0524 0x06e4 [ FA75594EED65C420D75F01D54788F9E4, 471FDE66F62FA5F1A45818180E8AABD0AFD802A3DFB55D1FBFD2B3090A3AED44 ] C:\Windows\system32\igfxtray.exe 21:45:23.0541 0x06e4 IgfxTray - ok 21:45:23.0571 0x06e4 [ D282AF9E91C1F1E66FC3858DCCE33303, B0E423DB6A6F8F744CC749AA3835344B25FFAFCEB27EF574E1BFF3780B332CDC ] C:\Windows\system32\hkcmd.exe 21:45:23.0588 0x06e4 HotKeysCmds - ok 21:45:23.0611 0x06e4 [ 401274DE05B52704B006F913D43BE1DD, B26C0C6932A020525A750E9565F3C74ACDDC7CDDAD388D5853904697938CD5E1 ] C:\Windows\system32\igfxpers.exe 21:45:23.0648 0x06e4 Persistence - ok 21:45:23.0725 0x06e4 [ DE18C59221DC6F85A37C80B919389CDE, AEBDF3D1C861E1483B24F58761D1EFB6F8DCB1296368C1B0823F5722357B4372 ] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe 21:45:23.0794 0x06e4 IntelliType Pro - ok 21:45:23.0876 0x06e4 [ 5D4C94D357E8A0E087C12CD52DE4E4B6, D7B89DC9B6970FC54C766631E87A2D4BB58623C0A616DEECEF9F029EE7BC746F ] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe 21:45:23.0983 0x06e4 IntelliPoint - ok 21:45:24.0138 0x06e4 [ 5FBA0223D339D0C5E20216B645B5EF95, 8F025BD7C5573525F67EB55AF76FB0D3C7411A8ADC19D1E29D9E855D78B760B6 ] C:\Program Files\OO Software\Defrag\oodtray.exe 21:45:24.0272 0x06e4 OODefragTray - ok 21:45:24.0328 0x06e4 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 21:45:24.0339 0x06e4 GrooveMonitor - ok 21:45:24.0421 0x06e4 [ B895A1A6E0B59DD9A7416C176FB56893, 10BD17147FB13A31794C129220449A087FF49115C30906596E76E1B44CCD180F ] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 21:45:24.0462 0x06e4 KiesTrayAgent - ok 21:45:24.0623 0x06e4 [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 21:45:24.0748 0x06e4 LogitechQuickCamRibbon - ok 21:45:24.0814 0x06e4 A1Diagnose - ok 21:45:24.0861 0x06e4 [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files\PDF24\pdf24.exe 21:45:24.0877 0x06e4 PDFPrint - ok 21:45:24.0975 0x06e4 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 21:45:25.0045 0x06e4 Adobe ARM - ok 21:45:25.0134 0x06e4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 21:45:25.0242 0x06e4 Sidebar - ok 21:45:25.0277 0x06e4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 21:45:25.0299 0x06e4 mctadmin - ok 21:45:25.0349 0x06e4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 21:45:25.0391 0x06e4 Sidebar - ok 21:45:25.0401 0x06e4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 21:45:25.0420 0x06e4 mctadmin - ok 21:45:25.0532 0x06e4 [ E4B1E6B06E2479FCDA44BC27D8D7E5A2, 9E29C1CCA08C94DB3232CA70A28651C6E0430FD5AB044D3CB16963F602A27004 ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe 21:45:25.0579 0x06e4 GarminExpressTrayApp - ok 21:45:25.0611 0x06e4 swg - ok 21:45:25.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:26.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:27.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:28.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:29.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:30.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:31.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:32.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:33.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:34.0612 0x06e4 Waiting for KSN requests completion. In queue: 93 21:45:35.0670 0x06e4 AV detected via SS2: AVG Anti-Virus Free, C:\Program Files\AVG\AVG9\avgwsc.exe ( 9.0.0.832 ), 0x41000 ( enabled : updated ) 21:45:35.0678 0x06e4 Win FW state via NFP2: enabled 21:45:45.0383 0x06e4 ============================================================ 21:45:45.0383 0x06e4 Scan finished 21:45:45.0383 0x06e4 ============================================================ 21:45:45.0402 0x12f8 Detected object count: 2 21:45:45.0403 0x12f8 Actual detected object count: 2 21:46:32.0002 0x12f8 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:46:32.0003 0x12f8 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:46:32.0005 0x12f8 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:46:32.0005 0x12f8 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
16.05.2015, 20:53 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Schritt 1 Scan mit Combofix
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
16.05.2015, 21:03 | #9 |
| Online Banking vermutlich Phishing vor Login Hi Jürgen, vielen Dank für deine Hilfe: mal eine kurze Zwischenfrage: Wenn ich die Antiviren Software deaktiviere, würde ich gefühlsmäßig die Internetverbindung vorher kappen, was sagst du dazu? Kann man schon irgendwas sagen über den "Befall"? Ich komme mir ein wenig ferngesteuert vor... nina |
16.05.2015, 21:07 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Ferngesteuert? Wie hast Du Dir denn die Hilfe über ein Forum vorgestellt? Schon mal andere Threads gelesen? Nö, PC brauchst nicht vom Internet trennen.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
16.05.2015, 22:31 | #11 |
| Online Banking vermutlich Phishing vor Login Ja, schon klar, dass es so laufen muss. Sollte auch keine Kritik sein. Bin sehr dankbar über die Hilfe! Leider habe ich es nicht geschafft meinen AVG free 9 zu deaktivieren, deswegen kamen auch einige Warnmeldungen... Im Vorfeld hätte ich versucht den zu deinstallieren und durch AVIRA zu ersetzen- bei der Deinstallation hatte ich auch schon meine Probleme, deswegen ist der überhaupt noch da... a Hier das logfile: Code:
ATTFilter ComboFix 15-05-13.01 - nina 16.05.2015 22:49:08.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.1977.1166 [GMT 2:00] ausgeführt von:: c:\users\nina\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\Acer GameZone online.ico c:\users\nina\AppData\Roaming\.# c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\unin0407.exe G:\Autorun.inf G:\Setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2015-04-16 bis 2015-05-16 )))))))))))))))))))))))))))))) . . 2015-05-16 20:59 . 2015-05-16 21:11 -------- d-----w- c:\users\nina\AppData\Local\temp 2015-05-16 20:59 . 2015-05-16 20:59 -------- d-----w- c:\users\Gast\AppData\Local\temp 2015-05-16 10:01 . 2015-05-16 10:01 -------- d-----w- c:\program files\ESET 2015-05-16 08:35 . 2015-05-16 08:36 -------- d-----w- c:\program files\FireFox 2015-05-15 18:14 . 2015-05-15 18:14 -------- d-----w- c:\programdata\AVG Security Toolbar 2015-05-15 13:47 . 2015-05-15 13:50 -------- d-----w- C:\FRST 2015-05-14 09:00 . 2015-05-14 09:00 -------- d-----w- c:\programdata\HappyFoto-Designer 2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2015-04-19 17:01 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll 2015-04-19 17:01 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-15 07:56 . 2012-04-25 11:43 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-04-15 07:56 . 2011-12-09 16:51 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-02-26 03:11 . 2015-03-28 09:41 2381312 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:13 . 2015-03-28 09:38 26624 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:13 . 2015-03-28 09:38 70656 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:13 . 2015-03-28 09:38 10240 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:13 . 2015-03-28 09:38 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 03:09 . 2015-03-28 09:38 299008 ----a-w- c:\windows\system32\atmfd.dll 2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 11:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-07 1564992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-09-24 825864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2014-12-10 2079792] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "A1Diagnose"="c:\program files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe" [2014-05-19 31581288] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-07-04 191528] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk backup=c:\windows\pss\Acer VCM.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-31 451416] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192] R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-01-22 184192] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2013-07-28 226016] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152] S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys [2014-05-19 20616] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 2336072] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032] S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368] S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - FSUSBEXDISK *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners . 2015-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 07:56] . 2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 10:22] . 2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-11-21 10:22] . 2015-05-02 c:\windows\Tasks\Paragon Archive name arc_121014163721442.job - c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40] . 2015-04-02 c:\windows\Tasks\Paragon Archive name arc_121014163857289.job - c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40] . 2015-04-03 c:\windows\Tasks\Paragon Archive name arc_121014164007286.job - c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40] . 2015-04-03 c:\windows\Tasks\Paragon Archive name arc_121014164056536.job - c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe [2014-05-19 12:40] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie IE: c:\users\nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloadernew.htm IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - prefs.js: keyword.URL - hxxps://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF - prefs.js: network.proxy.type - 2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM-Run-NPSStartup - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe AddRemove-LucasArts' Monkey4 - c:\windows\unin0407.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Google\Update\1.3.27.5\GoogleCrashHandler.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-05-16 23:15:00 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-05-16 21:14 . Vor Suchlauf: 14 Verzeichnis(se), 25.158.467.584 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 25.282.912.256 Bytes frei . - - End Of File - - 7124F89938172E7B50D00BA371470007 A36C5E4F47E84449FF07ED3517B43A31 |
17.05.2015, 07:22 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Was mich etwas wundert, dass weder ESET noch AVG die Infektion detektieren. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: HKLM\...\Run: [NPSStartup] => [X] HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X] Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] () AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294 URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F AlternateDataStreams: C:\ProgramData\TEMP:140AD176 AlternateDataStreams: C:\ProgramData\TEMP:260575F1 AlternateDataStreams: C:\ProgramData\TEMP:270A3983 AlternateDataStreams: C:\ProgramData\TEMP:2C678471 AlternateDataStreams: C:\ProgramData\TEMP:32A82570 AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 AlternateDataStreams: C:\ProgramData\TEMP:6017A808 AlternateDataStreams: C:\ProgramData\TEMP:6641B59F AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 AlternateDataStreams: C:\ProgramData\TEMP:7B52659E AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
Nach dem Reboot: Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs. Bitte teste jetzt mal ob die Meldungen noch kommen.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
17.05.2015, 10:56 | #13 |
| Online Banking vermutlich Phishing vor Login So, hier der Inhalt der Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02 Ran by nina at 2015-05-17 11:53:47 Run:1 Running from C:\Users\nina\Downloads Loaded Profiles: nina (Available profiles: nina & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [NPSStartup] => [X] HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [] => [X] Startup: C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif [2015-05-15] () AutoConfigURL: [S-1-5-21-3389578649-474333246-578579119-1006] => https://guardvpn.net/facebook.js HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=903578&fr=spigot-yhp-ie HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294 URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKU\S-1-5-21-3389578649-474333246-578579119-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F AlternateDataStreams: C:\ProgramData\TEMP:140AD176 AlternateDataStreams: C:\ProgramData\TEMP:260575F1 AlternateDataStreams: C:\ProgramData\TEMP:270A3983 AlternateDataStreams: C:\ProgramData\TEMP:2C678471 AlternateDataStreams: C:\ProgramData\TEMP:32A82570 AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 AlternateDataStreams: C:\ProgramData\TEMP:6017A808 AlternateDataStreams: C:\ProgramData\TEMP:6641B59F AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 AlternateDataStreams: C:\ProgramData\TEMP:7B52659E AlternateDataStreams: C:\ProgramData\TEMP:E51234A9 ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Value not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. C:\Users\nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Value not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully. HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully. HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully. HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. C:\ProgramData\TEMP => ":0B9176C0" ADS removed successfully. C:\ProgramData\TEMP => ":0ED4AC2F" ADS removed successfully. C:\ProgramData\TEMP => ":140AD176" ADS removed successfully. C:\ProgramData\TEMP => ":260575F1" ADS removed successfully. C:\ProgramData\TEMP => ":270A3983" ADS removed successfully. C:\ProgramData\TEMP => ":2C678471" ADS removed successfully. C:\ProgramData\TEMP => ":32A82570" ADS removed successfully. C:\ProgramData\TEMP => ":4673E9EA" ADS removed successfully. C:\ProgramData\TEMP => ":5BC73C48" ADS removed successfully. C:\ProgramData\TEMP => ":6017A808" ADS removed successfully. C:\ProgramData\TEMP => ":6641B59F" ADS removed successfully. C:\ProgramData\TEMP => ":6F1F66C0" ADS removed successfully. C:\ProgramData\TEMP => ":7B52659E" ADS removed successfully. C:\ProgramData\TEMP => ":E51234A9" ADS removed successfully. The system needed a reboot. ==== End of Fixlog 11:53:53 ==== |
17.05.2015, 11:14 | #14 | |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Nein. Was ist mit... Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
17.05.2015, 11:15 | #15 |
| Online Banking vermutlich Phishing vor Login ...und hier noch der neuerliche Log vom FRST Scan. Kontrolle auf OB Homepage: Meldung kommt nach wie vor. Riecht für mich stark nach neu Aufsetzen... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02 Ran by nina (administrator) on ACERNOTEBOOK on 17-05-2015 12:08:34 Running from C:\Users\nina\Downloads Loaded Profiles: nina (Available profiles: nina & Gast) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\vVX3000.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\FireFox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated) HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4AD (the data entry has 226 more characters). HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung) HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation) AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360 SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Yahoo! FF Homepage: hxxp://www.google.at/ FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF NetworkProxy: "autoconfig_url", "https://guardvpn.net/facebook.js" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS) FF SearchPlugin: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\searchplugins\yahoo_ff.xml [2015-04-07] FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02] FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21] FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21] FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27] Chrome: ======= CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated) R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed] R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed] R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\Users\nina\AppData\Local\Temp\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Users\nina\Downloads\FRST-OlderVersion 2015-05-17 10:10 - 2015-05-17 10:10 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Avira 2015-05-17 10:06 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2015-05-17 09:57 - 2015-05-17 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\ProgramData\Avira 2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\Program Files\Avira 2015-05-17 09:57 - 2015-05-17 09:57 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-16 23:15 - 2015-05-16 23:15 - 00016193 _____ () C:\ComboFix.txt 2015-05-16 22:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-16 22:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-16 22:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-16 22:36 - 2015-05-16 23:15 - 00000000 ____D () C:\Qoobox 2015-05-16 22:36 - 2015-05-16 23:13 - 00000000 ____D () C:\Windows\erdnt 2015-05-16 21:56 - 2015-05-16 21:56 - 05623645 ____R (Swearware) C:\Users\nina\Desktop\ComboFix.exe 2015-05-16 21:40 - 2015-05-16 21:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\nina\Desktop\tdsskiller.exe 2015-05-16 14:09 - 2015-05-16 14:09 - 00002142 _____ () C:\Users\nina\Desktop\eset.txt 2015-05-16 12:01 - 2015-05-16 12:01 - 00000000 ____D () C:\Program Files\ESET 2015-05-16 10:35 - 2015-05-16 10:36 - 00000000 ____D () C:\Program Files\FireFox 2015-05-15 15:49 - 2015-05-15 15:50 - 00044597 _____ () C:\Users\nina\Downloads\Addition.txt 2015-05-15 15:48 - 2015-05-17 12:08 - 00020240 _____ () C:\Users\nina\Downloads\FRST.txt 2015-05-15 15:47 - 2015-05-17 12:08 - 00000000 ____D () C:\FRST 2015-05-15 15:46 - 2015-05-17 11:53 - 01146368 _____ (Farbar) C:\Users\nina\Downloads\FRST.exe 2015-05-15 15:42 - 2015-05-15 15:42 - 00000470 _____ () C:\Users\nina\Downloads\defogger_disable.log 2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable 2015-05-15 15:41 - 2015-05-15 15:41 - 00050477 _____ () C:\Users\nina\Downloads\Defogger.exe 2015-05-15 15:31 - 2015-05-15 15:31 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\nina\Downloads\avira_de_av_5555f4ed49790__ws.exe 2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk 2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer 2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log 2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer 2015-05-14 10:54 - 2015-05-14 10:59 - 316562064 _____ ( ) C:\Users\nina\Downloads\HappyFoto-Designer.exe 2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe 2015-04-19 21:51 - 2015-04-19 21:51 - 00002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-17 12:03 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-17 12:03 - 2009-07-07 02:17 - 01523751 _____ () C:\Windows\WindowsUpdate.log 2015-05-17 11:59 - 2015-03-30 09:26 - 00007427 _____ () C:\Windows\setupact.log 2015-05-17 11:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-17 11:58 - 2015-04-03 10:21 - 00169732 _____ () C:\Windows\PFRO.log 2015-05-17 11:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-17 09:57 - 2013-07-28 12:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-17 09:15 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-17 09:06 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast 2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2015-05-16 23:11 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2015-05-16 20:45 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-16 10:07 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina 2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db 2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer 2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer 2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job 2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc 2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird 2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype 2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype 2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype 2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna 2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne 2015-04-19 21:51 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0 2015-04-19 21:51 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8 2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help ==================== Files in the root of some directories ======= 2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin 2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm 2015-04-19 21:51 - 2015-04-19 21:51 - 0002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg 2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log 2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some content of TEMP: ==================== C:\Users\nina\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 00:23 ==================== End Of Log ============================ |
Themen zu Online Banking vermutlich Phishing vor Login |
anhang, aufforderung, banking, eingabe, erscheint, formation, funktioniert, gestern, handy, handynummer, information, installation, login, online, online banking, phishing, phone, scan, seite, seltsame, software, tans, troja, vermutlich, vorerst |