| |
| |||||||
Log-Analyse und Auswertung: Firefox und IE starten selbständig/automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.03.2016, 15:27
| #1 |
| |  Firefox und IE starten selbständig/automatisch Hallo, seit einigen Tagen öffnen sich sowohl Firefox als auch IE selbständig mit folgenden Seiten: techbrowsing.com/?from=land (FF) serengetiwatch.com (IE) lookmagazine.us (IE) Beide Browser habe ich inzwischen jeweils 2-mal bereinigt/restauriert. Danach dauert der automatische Aufruf zwar länger, aber ist immer noch vorhanden. FRST liess ich in der Mittagspause durchlaufen, hier die logfiles. (McAfee Total Protection lädt leider nicht das Protokoll-Auswahlmenü. Malwarebytes Anti-Malware ergab gestern abend keine Funde.) FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von MCS (Administrator) auf PC (24-03-2016 11:42:16) Gestartet von C:\Users\LM2\Desktop Geladene Profile: MCS & LM2 (Verfügbare Profile: MCS & LM2 & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe () C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBWMgr.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ACHTUNG HKU\S-1-5-21-824321664-1275631822-800070043-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-824321664-1275631822-800070043-1000\$54f8f72ba65529b5ed394e17c104c399\n. ACHTUNG HKU\S-1-5-21-824321664-1275631822-800070043-1002\...\MountPoints2: {02034be8-51e2-11e3-a7e7-404e57434402} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083 ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-20] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2016-03-20] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyEnable: [S-1-5-21-824321664-1275631822-800070043-1000] => Proxy ist aktiviert. ProxyServer: [S-1-5-21-824321664-1275631822-800070043-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555 ProxyEnable: [S-1-5-21-824321664-1275631822-800070043-1002] => Proxy ist aktiviert. ProxyServer: [S-1-5-21-824321664-1275631822-800070043-1002] => http=127.0.0.1:8555;https=127.0.0.1:8555 Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: [DhcpNameServer] 192.168.178.20 Tcpip\..\Interfaces\{B8318698-19AD-41CA-A0B6-3601D211BC45}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{D0016FAC-39B6-489E-8450-F19811AFBB3B}: [DhcpNameServer] 192.168.1.250 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/?guid={B9D4FB9C-78E2-4FB7-9FDC-67E665BE2937}&serpv=17 HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={B9D4FB9C-78E2-4FB7-9FDC-67E665BE2937}&serpv=17 URLSearchHook: HKLM-x32 - (Kein Name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Keine Datei URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - (Kein Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - Keine Datei URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - (Kein Name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Keine Datei URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1002 -> DefaultScope {3835E609-A8CF-4825-B229-926AA9A4A2BB} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1002 -> {3835E609-A8CF-4825-B229-926AA9A4A2BB} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => Keine Datei BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-01-17] (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation) BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] () BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-01-17] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation) BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Toolbar: HKU\S-1-5-21-824321664-1275631822-800070043-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-01-17] (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//home?affID=121562 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc.) FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2012-01-17] (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-824321664-1275631822-800070043-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LM2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-23] (Unity Technologies ApS) FF user.js: detected! => C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js [2016-03-21] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.) FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{7E5616B6-81F9-4339-ADD2-E2F3741ACB85}.xml [2012-12-19] FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{9617F2CC-FCFD-44CB-9546-B139B9FD1073}.xml [2012-12-19] FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{E48AE8DD-B500-4218-BF0C-415C948569E4}.xml [2012-12-19] FF Extension: Block LinkBucks - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\dgs229@nyu.edu.xpi [2013-01-15] [ist nicht signiert] FF Extension: Ghostery - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\firefox@ghostery.com [2013-05-02] [ist nicht signiert] FF Extension: JavaScript Deobfuscator - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2012-12-19] [ist nicht signiert] FF Extension: Proxilla Glype Proxy Client - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\proxilla@kevin.godell.xpi [2012-12-19] [ist nicht signiert] FF Extension: BetterPrivacy - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-19] [ist nicht signiert] FF Extension: Bitdefender QuickScan - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-05-02] [ist nicht signiert] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2016-03-20] [ist nicht signiert] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [ist nicht signiert] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-02] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-28] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-28] [ist nicht signiert] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-21] [ist nicht signiert] FF HKU\S-1-5-21-824321664-1275631822-800070043-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.de/" CHR DefaultSearchKeyword: Default -> google.com_ CHR Profile: C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Freemake Video Downloader) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-10-12] CHR Extension: (Freemake Youtube Download Button) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-10-12] CHR Extension: (Skype) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-20] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-28] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-28] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-01-30] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0170861458800587mcinstcleanup; C:\Windows\TEMP\017086~1.EXE [836168 2014-03-13] (McAfee, Inc.) S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [Datei ist nicht signiert] S4 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [Datei ist nicht signiert] S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-10-08] (Freemake) [Datei ist nicht signiert] R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [Datei ist nicht signiert] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] () S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [Datei ist nicht signiert] R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-03-11] (Nalpeiron Ltd.) [Datei ist nicht signiert] R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [694272 2009-06-10] (AVM Berlin) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2008-09-26] (Paragon Software Group) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.) S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45320 2008-09-26] (Windows (R) 2000 DDK provider) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-24 11:42 - 2016-03-24 11:45 - 00033224 _____ C:\Users\LM2\Desktop\FRST.txt 2016-03-24 11:40 - 2016-03-24 11:42 - 00000000 ____D C:\FRST 2016-03-24 11:37 - 2016-03-24 11:38 - 02374144 _____ (Farbar) C:\Users\LM2\Desktop\FRST64.exe 2016-03-24 07:23 - 2016-03-24 07:23 - 00000000 ____D C:\Program Files\Common Files\AV 2016-03-24 07:21 - 2016-03-24 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-03-22 08:45 - 2016-03-22 08:48 - 00000000 ____D C:\home2 2016-03-22 08:27 - 2016-03-22 08:27 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\MCS\Downloads\flashplayer21_d_install.exe 2016-03-22 08:26 - 2016-03-22 08:26 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 08:26 - 2016-03-22 08:26 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 08:22 - 2016-03-22 08:23 - 43359192 _____ C:\Users\LM2\Downloads\FirefoxSetup45.0.1.exe 2016-03-21 19:02 - 2016-03-21 19:02 - 00287976 _____ C:\Windows\Minidump\032116-18189-01.dmp 2016-03-21 18:25 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2016-03-21 14:41 - 2016-03-21 17:13 - 00000000 ____D C:\AdwCleaner 2016-03-21 14:39 - 2016-03-21 14:39 - 01529344 _____ C:\Users\LM2\Downloads\adwcleaner_5.103.exe 2016-03-21 09:28 - 2016-03-21 09:31 - 00000000 ____D C:\Users\MCS\Documents\Neuer Ordner (3) 2016-03-21 09:08 - 2016-03-21 09:08 - 00000000 ____D C:\Users\LM2\Documents\PDF Files 2016-03-21 08:09 - 2016-03-21 08:09 - 00000000 ____D C:\Users\MCS\AppData\Local\CEF 2016-03-21 07:39 - 2016-03-21 07:39 - 00000000 ____D C:\Users\MCS\Documents\PDF Files 2016-03-21 07:15 - 2016-03-21 07:15 - 00000000 ____D C:\ProgramData\eXPert PDF 5 2016-03-20 22:14 - 2016-03-20 22:14 - 00001028 _____ C:\Users\Public\Desktop\eXPert PDF Creator.lnk 2016-03-20 22:14 - 2016-03-20 22:14 - 00001023 _____ C:\Users\Public\Desktop\eXPert PDF Editor.lnk 2016-03-20 22:14 - 2016-03-20 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF eXPerte 5 2016-03-20 22:14 - 2005-06-02 12:40 - 00014336 _____ C:\Windows\SysWOW64\vsmon1.dll 2016-03-20 22:13 - 2016-03-20 22:13 - 00000000 ____D C:\Windows\My Documents 2016-03-20 22:13 - 2016-03-20 22:13 - 00000000 ____D C:\ProgramData\eXPert PDF Jobs 2016-03-20 22:13 - 2016-03-20 22:13 - 00000000 ____D C:\ProgramData\eXPert PDF 2016-03-20 22:13 - 2016-03-20 22:13 - 00000000 ____D C:\Program Files (x86)\Visagesoft 2016-03-20 22:12 - 2016-03-20 22:12 - 00000000 ____D C:\Program Files (x86)\BVRP Software 2016-03-20 22:11 - 2016-03-20 22:11 - 00000000 ____D C:\ProgramData\BVRP Software 2016-03-20 22:09 - 2016-03-20 22:09 - 00002368 _____ C:\Users\Public\Desktop\Paragon Festplatten Manager 8.5 .lnk 2016-03-20 22:09 - 2016-03-20 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Festplatten Manager 8.5 2016-03-20 22:09 - 2008-09-26 18:06 - 00037392 _____ (Paragon Software Group) C:\Windows\system32\Drivers\hotcore3.sys 2016-03-20 22:07 - 2016-03-20 22:07 - 00000000 ____D C:\Program Files (x86)\Paragon Software 2016-03-20 21:57 - 2016-03-20 21:57 - 00000978 _____ C:\Users\Public\Desktop\WinSysClean 2009.lnk 2016-03-20 21:57 - 2016-03-20 21:57 - 00000000 __HDC C:\ProgramData\{8C2CFCEE-B9B7-4A60-B6C4-37DA5AA7BAD4} 2016-03-20 21:57 - 2016-03-20 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSysClean 2016-03-20 21:57 - 2016-03-20 21:57 - 00000000 ____D C:\Program Files (x86)\WinSysClean 2009 2016-03-20 19:56 - 2016-03-22 08:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-20 16:44 - 2016-03-20 16:44 - 00001063 _____ C:\Windows\explorer - Verknüpfung.lnk 2016-03-20 15:44 - 2016-03-20 15:44 - 00000000 ____D C:\Users\MCS\AppData\Local\CrashRpt 2016-03-20 15:39 - 2016-03-20 15:39 - 00000000 ___HD C:\MyWinLockerData 2016-03-20 15:08 - 2016-03-20 15:08 - 00000000 ____D C:\Users\LM2\Desktop\McAfee 2016-03-20 15:02 - 2016-03-22 08:57 - 00000000 ____D C:\Users\LM2\Desktop\Desktop2 2016-03-20 13:53 - 2016-03-20 13:53 - 00000000 ____D C:\Users\LM2\AppData\Local\CEF 2016-03-20 13:50 - 2016-03-20 15:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-20 13:50 - 2016-03-20 15:44 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-03-20 13:43 - 2016-03-20 13:43 - 00000000 ____D C:\Users\LM2\AppData\Local\CrashRpt 2016-03-19 23:50 - 2016-03-24 07:16 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-03-19 23:06 - 2016-03-21 17:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-19 23:06 - 2016-03-20 15:44 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-03-19 23:06 - 2016-03-19 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-19 23:05 - 2016-03-19 23:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-19 23:05 - 2016-03-19 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-19 23:05 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-19 23:05 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-19 23:05 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-19 23:01 - 2016-03-19 23:01 - 22851472 _____ (Malwarebytes ) C:\Users\LM2\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-19 22:53 - 2016-03-19 22:53 - 00985600 _____ C:\Users\LM2\Downloads\MicrosoftFixit50123.msi 2016-03-19 22:49 - 2016-03-19 22:49 - 00302011 _____ C:\Users\LM2\Downloads\WindowsUpdateDiagnostic.diagcab 2016-03-19 22:23 - 2016-03-19 22:23 - 00005618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-03-19 22:21 - 2016-03-19 23:48 - 00000000 ____D C:\inetpub 2016-03-19 21:30 - 2016-03-19 21:30 - 00000000 ____D C:\ProgramData\OO Software 2016-03-19 21:18 - 2016-03-20 21:51 - 00000000 ____D C:\Anwendungen 2016-03-19 21:11 - 2016-03-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-24 11:19 - 2010-05-14 02:31 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-24 11:09 - 2012-04-05 11:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-24 10:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-03-24 09:29 - 2010-04-22 15:16 - 00000000 ____D C:\ProgramData\TEMP 2016-03-24 07:23 - 2010-09-16 15:08 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-03-24 07:23 - 2009-10-17 03:24 - 00000000 ____D C:\ProgramData\McAfee 2016-03-24 07:23 - 2009-10-17 03:24 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-03-24 07:23 - 2009-07-14 06:13 - 00005844 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-24 07:23 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-24 07:23 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-24 07:23 - 2006-10-10 09:57 - 08372490 _____ C:\Windows\system32\perfh007.dat 2016-03-24 07:23 - 2006-10-10 09:57 - 02534062 _____ C:\Windows\system32\perfc007.dat 2016-03-24 07:17 - 2010-05-14 02:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-24 07:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-24 07:16 - 2006-10-10 00:12 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-23 17:41 - 2010-05-20 18:22 - 00000494 ____H C:\Windows\Tasks\Norton Security Scan for MCS.job 2016-03-23 08:09 - 2012-04-14 12:09 - 19910848 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-03-22 19:00 - 2011-03-15 23:30 - 00000262 _____ C:\Windows\Tasks\RMSchedule.job 2016-03-22 08:28 - 2010-04-19 13:05 - 00000000 ____D C:\Users\MCS\AppData\Local\Mozilla 2016-03-22 08:25 - 2012-05-03 18:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-21 19:02 - 2013-12-17 17:35 - 449743870 _____ C:\Windows\MEMORY.DMP 2016-03-21 19:02 - 2010-11-12 20:29 - 00000000 ____D C:\Windows\MiniDump 2016-03-21 14:39 - 2015-01-17 22:17 - 00000000 ____D C:\Users\LM2\dwhelper 2016-03-21 14:17 - 2010-12-22 15:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-03-21 11:32 - 2015-06-12 08:29 - 00000691 _____ C:\Windows\wininit.ini 2016-03-21 11:14 - 2010-10-21 16:49 - 00007621 _____ C:\Users\MCS\AppData\Local\Resmon.ResmonCfg 2016-03-21 09:55 - 2015-03-30 14:55 - 00000000 ____D C:\Users\MCS\Documents\Neuer Ordner (2) 2016-03-21 09:39 - 2010-06-25 21:12 - 00000000 ___RD C:\Users\MCS\Documents\Scanned Documents 2016-03-21 09:38 - 2010-08-23 15:03 - 00000000 ___RD C:\Users\MCS\Desktop\Desk 2016-03-21 09:08 - 2013-05-02 13:26 - 00000000 ____D C:\Users\LM2 2016-03-21 08:50 - 2010-11-29 01:28 - 00000000 ____D C:\TEMP 2016-03-21 08:48 - 2011-12-11 20:23 - 00000000 ____D C:\Users\Gast 2016-03-21 08:39 - 2014-12-29 04:53 - 00000000 ____D C:\Users\LM2\Downloads\Neuer Ordner (7) 2016-03-21 08:38 - 2014-12-29 04:53 - 00000000 ____D C:\Users\LM2\Downloads\Neuer Ordner (5) 2016-03-21 08:09 - 2014-11-05 17:07 - 00000000 ____D C:\Users\MCS\AppData\Local\Adobe 2016-03-20 22:12 - 2009-10-17 02:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-20 22:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-03-20 21:55 - 2010-11-12 20:07 - 00000000 ____D C:\Program Files (x86)\WinSysClean X 2016-03-20 15:45 - 2015-06-12 08:41 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-03-20 15:45 - 2013-11-16 15:23 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-20 15:45 - 2012-10-09 02:01 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk 2016-03-20 15:45 - 2010-11-19 15:47 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2016-03-20 15:45 - 2010-09-26 15:47 - 00000849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-03-20 15:45 - 2009-10-17 02:46 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-03-20 15:45 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-20 15:45 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-03-20 15:45 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-03-20 15:45 - 2006-10-10 00:26 - 00002569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk 2016-03-20 15:45 - 2006-10-10 00:26 - 00001193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk 2016-03-20 15:44 - 2014-10-12 18:48 - 00001203 _____ C:\Users\MCS\Desktop\Any Video Converter.lnk 2016-03-20 15:44 - 2013-11-16 15:23 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-20 15:44 - 2013-11-02 20:41 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2016-03-20 15:44 - 2010-11-12 01:15 - 00001243 _____ C:\Users\MCS\Desktop\DVDVideoSoft Free Studio.lnk 2016-03-20 15:44 - 2010-04-19 12:47 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk 2016-03-20 15:44 - 2010-04-19 08:44 - 00001443 _____ C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-20 15:44 - 2010-04-19 08:44 - 00001409 _____ C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-03-20 15:44 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-03-20 15:44 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-03-20 15:07 - 2015-03-19 16:45 - 00000000 ____D C:\Users\MCS\Documents\onlineTV 8 2016-03-20 15:07 - 2015-03-19 16:32 - 00000000 ____D C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design 2016-03-20 15:07 - 2015-03-19 16:32 - 00000000 ____D C:\Users\MCS\AppData\Roaming\concept design 2016-03-20 15:07 - 2015-03-19 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design 2016-03-20 15:07 - 2015-03-19 16:32 - 00000000 ____D C:\Program Files (x86)\concept design 2016-03-20 14:23 - 2010-04-24 04:15 - 00000000 ____D C:\Program Files (x86)\Winamp 2016-03-20 13:53 - 2013-06-10 20:02 - 00000000 ____D C:\Users\LM2\AppData\Local\Adobe 2016-03-20 13:52 - 2015-07-15 12:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-03-20 13:50 - 2009-10-17 03:36 - 00000000 ____D C:\ProgramData\Adobe 2016-03-20 13:50 - 2009-10-17 03:35 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-03-19 23:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Branding 2016-03-19 23:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2016-03-19 23:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv 2016-03-19 23:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-19 23:40 - 2013-06-28 16:35 - 00000000 ____D C:\Program Files (x86)\Delta 2016-03-19 23:40 - 2011-08-08 12:37 - 00000000 _RSHD C:\Win 2016-03-19 23:40 - 2010-04-19 23:22 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2016-03-19 22:11 - 2013-11-02 20:39 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2016-03-19 22:11 - 2012-04-05 11:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-19 22:11 - 2012-04-05 11:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-19 22:11 - 2011-10-21 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-19 22:10 - 2013-11-02 20:40 - 00000000 ____D C:\ProgramData\Hotspot Shield 2016-03-19 21:14 - 2010-05-14 02:31 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-03-19 21:14 - 2010-05-14 02:31 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-03-19 21:11 - 2015-10-05 13:52 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-03-19 21:11 - 2014-03-18 14:40 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-03-19 21:07 - 2010-04-19 08:42 - 00000342 _____ C:\Windows\Tasks\McDefragTask.job ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2009-10-17 03:04 - 2009-02-10 20:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico 2013-11-09 12:54 - 2013-11-09 12:54 - 0001847 _____ () C:\Users\MCS\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2010-04-23 15:38 - 2010-05-03 13:45 - 0000362 _____ () C:\Users\MCS\AppData\Roaming\wklnhst.dat 2010-11-30 01:53 - 2012-12-04 15:52 - 0083968 _____ () C:\Users\MCS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-10-21 16:49 - 2016-03-21 11:14 - 0007621 _____ () C:\Users\MCS\AppData\Local\Resmon.ResmonCfg 2009-10-17 03:04 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\MCS\OOo_3.2.1_Win_x86_install-wJRE_de.exe Einige Dateien in TEMP: ==================== C:\Users\LM2\AppData\Local\Temp\DivXSetup.exe C:\Users\LM2\AppData\Local\Temp\MSETUP4.EXE C:\Users\LM2\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\LM2\AppData\Local\Temp\SkypeSetup.exe C:\Users\MCS\AppData\Local\Temp\contentDATs.exe C:\Users\MCS\AppData\Local\Temp\dotNetFx40_Full_x86_x64.exe C:\Users\MCS\AppData\Local\Temp\eXPertPDF_V5_DEU.exe C:\Users\MCS\AppData\Local\Temp\FreemakeMusicBox_0.9.6.1.exe C:\Users\MCS\AppData\Local\Temp\FreemakeVideoConverter_3.1.1.4.exe C:\Users\MCS\AppData\Local\Temp\FreemakeVideoDownloader_3.0.0.4.exe C:\Users\MCS\AppData\Local\Temp\FreemakeVideoDownloader_3.1.0.2.exe C:\Users\MCS\AppData\Local\Temp\FreemakeVideoDownloader_3.5.4.0.exe C:\Users\MCS\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.2.4.exe C:\Users\MCS\AppData\Local\Temp\GUninstaller.exe C:\Users\MCS\AppData\Local\Temp\HssInstaller64.exe C:\Users\MCS\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih_1.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer12x32au_ltr5x64d_awc_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih_1.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer15x32au_mssd_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer16x32au_mssa_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer17x32au_mssa_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_flashplayer17x32_mssd_aaa_aih.exe C:\Users\MCS\AppData\Local\Temp\install_reader10_de_mssa_aih.exe C:\Users\MCS\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\MCS\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\MCS\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\MCS\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\MCS\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\MCS\AppData\Local\Temp\mgxoschk.dll C:\Users\MCS\AppData\Local\Temp\MgxVistaTools.dll C:\Users\MCS\AppData\Local\Temp\MSETUP4.EXE C:\Users\MCS\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\MCS\AppData\Local\Temp\sqlite3.dll C:\Users\MCS\AppData\Local\Temp\uninstall.exe C:\Users\MCS\AppData\Local\Temp\vcredist_x64.exe C:\Users\MCS\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2010-10-23 18:26 ==================== Ende von FRST.txt ============================ Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von MCS (2016-03-24 11:46:12)
Gestartet von C:\Users\LM2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-04-19 07:42:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-824321664-1275631822-800070043-500 - Administrator - Disabled)
Gast (S-1-5-21-824321664-1275631822-800070043-501 - Limited - Enabled) => C:\Users\Gast
Konto2 (S-1-5-21-824321664-1275631822-800070043-1005 - Limited - Enabled)
LM2 (S-1-5-21-824321664-1275631822-800070043-1002 - Limited - Enabled) => C:\Users\LM2
MCS (S-1-5-21-824321664-1275631822-800070043-1000 - Administrator - Enabled) => C:\Users\MCS
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 2.2.1.9986 - Harman Becker Automotive Systems)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVDVideoSoft Toolbar (HKLM-x32\...\DVDVideoSoft Toolbar) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{94FA9FA6-5294-494D-A8F1-1E654CBB5736}) (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
eXPert PDF 5 (HKLM-x32\...\{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}) (Version: 5.1.170.0 - Visage Software)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
Free Audio CD Burner version 1.2 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 4.9.13 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.2 - Ellora Assets Corporation)
funkwerk Eumex 401 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}) (Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH)
funkwerk Eumex 401 WIN-Tools V1.00 (x32 Version: 1.00.0000 - Funkwerk Enterprise Communications GmbH) Hidden
G-Force (HKLM-x32\...\G-Force) (Version: 5.0 - SoundSpectrum)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Goin Downtown (HKLM-x32\...\{46F45BBF-0516-495E-8230-0C301FA54D2B}) (Version: 1.00.0000 - The Games Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Hotspot Shield 5.2.1 (HKLM-x32\...\HotspotShield) (Version: 5.2.1 - AnchorFree Inc.)
Hotspot Shield 5.2.1 Embedded (x32 Version: 5.2.1.0 - Buildbot) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jigsaw Puzzle Lite (HKLM-x32\...\Jigsaw Puzzle Lite) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
MAGIX music maker 2005 e-version (HKLM-x32\...\MAGIX music maker 2005 e-version) (Version: 10.0.0.10 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
MediaCoder 0.7.5.4762 (HKLM-x32\...\MediaCoder) (Version: 0.7.5.4762 - Broad Intelligence)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Morphyre (HKLM-x32\...\MorphyrePro) (Version: - )
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
Nero 9 Essentials (HKLM-x32\...\{e30fce96-c91b-4f1f-af7b-1bf58fdbbf24}) (Version: - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.84.0.0 - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Opera 10.62 (HKLM-x32\...\{18E65799-76BD-46EF-9E53-972FE5A40736}) (Version: 10.62 - Opera Software ASA)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
Paragon Festplatten Manager 8.5 (HKLM\...\{F2981339-823E-4C62-9C6F-6733BAEE9EF5}) (Version: 90.00.0003 - Paragon Software)
PDF2Word Converter Version 1.0.8 (Build 164, 7-PDF) (HKLM-x32\...\PDF2Word Converter (7-PDF)_is1) (Version: PDF2Word Converter - Version 1.0.8 (Build 164) - 7-PDF, Germany - Thorsten Hodes)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.7.30.302599 - Linden Research, Inc.)
SecondLifeViewer2 (remove only) (HKLM-x32\...\SecondLifeViewer2) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
T-Eumex 2000PC Konfigurationsprogramm (HKLM-x32\...\EumexKonf) (Version: - )
The Void (HKLM-x32\...\The Void_is1) (Version: - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-824321664-1275631822-800070043-1002\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vertus Play With Pictures 1.1.4 (HKLM-x32\...\VertusPlayWithPictures) (Version: 1.1.4 - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.7.1 - SoundSpectrum)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-824321664-1275631822-800070043-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - T-Home Net (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSysClean 2009 (HKLM-x32\...\WinSysClean 2009) (Version: - Ultimate Systems, Inc.)
WinSysClean 2009 (x32 Version: 9.00 - Ultimate Systems, Inc.) Hidden
WinSysClean X (HKLM-x32\...\WinSysClean X) (Version: - Ultimate Systems, Inc.)
XMedia Recode 2.2.8.4 (HKLM-x32\...\XMedia Recode) (Version: 2.2.8.4 - Sebastian Dörfler)
YOU DON'T KNOW JACK® 3 - Abwärts! (HKLM-x32\...\YDKJG3) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-824321664-1275631822-800070043-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3EFDAC1A-B2AB-49DA-9AE5-D46B68FE5E29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated)
Task: {3F544950-AE55-4083-A42F-2AE4C79AB10A} - System32\Tasks\{65025408-A96C-4B07-B119-CED50BA20F1A} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
Task: {4134E09E-3D71-47EB-8497-87A6A55672B2} - System32\Tasks\{EDB6448C-4649-4674-8AC7-2E9CC77A4A01} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
Task: {6F4F7AE5-DB01-4F3B-B94E-D2E936F73A91} - System32\Tasks\{469776B6-8343-4F8A-8C0F-80735710135E} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
Task: {7C7E3A57-041E-472F-B307-39B42793AC6F} - System32\Tasks\{8AF82F5E-49C4-4D0B-92F3-EBA4CC180F45} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
Task: {85EE0414-296D-4AB6-8972-B070AAFCF406} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-19] (Adobe Systems Incorporated)
Task: {99606C53-16C8-4777-B5CC-B13BC1278CE3} - System32\Tasks\{C4048ED2-8F60-4E32-B041-5636BE403C99} => pcalua.exe -a E:\T-Online_6.0.exe -d E:\
Task: {A1CC79DA-46F7-4D56-952D-0EEC6695B117} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe [2010-08-05] (PC Tools)
Task: {A7790605-8EBD-47FE-9ACA-CAEA9BBC8113} - \Scheduled Update for Ask Toolbar -> Keine Datei <==== ACHTUNG
Task: {A934C173-4E9A-493B-A76A-E22B131191B8} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-08-05] (PC Tools)
Task: {B9D34789-2C7B-4F58-BCAD-394B3E3B6656} - System32\Tasks\McDefragTask => c:\Program Files (x86)\McAfee\MQC\QcConsol.exe [2009-09-25] (McAfee, Inc.)
Task: {DE4066D5-B14D-44F6-AEDA-05EB51B885DB} - System32\Tasks\Norton Security Scan for MCS => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {E1804CBA-CD6F-43D8-A030-DE925109C73B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {E4CBBF19-B8E8-4488-ABEF-2B3EE072D616} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {ED30755E-6171-457D-A7FA-57B4A199D164} - System32\Tasks\{5C557541-EF09-4F64-941D-0535279E059E} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
Task: {F8DA04B2-7750-4245-B01F-E1470F3C2B76} - System32\Tasks\{5A4E3397-CF8C-4CBC-A41A-1B00B2A42E23} => C:\Users\Public\Documents\Zeitpunkt\setup.EXE [1998-06-13] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => c:\PROGRA~2\mcafee\mqc\QcConsol.exe C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\Norton Security Scan for MCS.job => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder\MediaCoder CLI Version.lnk -> C:\Program Files (x86)\MediaCoder\opencli.bat ()
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-11-21 18:45 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-04-19 16:34 - 2009-04-19 16:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-04-19 16:34 - 2009-04-19 16:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 16:34 - 2009-04-19 16:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-04-19 16:34 - 2009-04-19 16:34 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-02-26 16:47 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2016-02-17 20:24 - 2016-02-17 20:24 - 00694416 _____ () C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
2016-02-17 20:43 - 2016-02-17 20:43 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2016-02-04 02:52 - 2016-02-04 02:52 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcqmbzxjuiqjduvsftifh [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [256]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [118]
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838 [133]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [294]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [246]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [206]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKLM\...\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2016-03-19 21:11 - 00000858 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-824321664-1275631822-800070043-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-824321664-1275631822-800070043-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\LM2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Control Center.lnk => C:\Windows\pss\Control Center.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: EPSON Stylus SX200 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Users\MCS\AppData\Local\Temp\E_SE32D.tmp" /EF "HKCU"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files (x86)\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{385130F7-DEA5-4710-B0FB-756A9774849D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
11-10-2015 18:00:46 Windows-Sicherung
19-03-2016 21:18:34 Windows-Sicherung
19-03-2016 22:20:51 Windows Modules Installer
19-03-2016 23:04:03 Installed Microsoft Fix it 50123
20-03-2016 19:02:35 Windows-Sicherung
20-03-2016 22:06:53 Installed Paragon Festplatten Manager 8.5 .
20-03-2016 22:13:41 Installed eXPert PDF 5
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/24/2016 11:26:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/24/2016 07:29:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/24/2016 07:23:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/24/2016 07:23:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/24/2016 07:23:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/23/2016 04:46:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/23/2016 04:40:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/23/2016 04:40:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/23/2016 04:40:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/23/2016 03:01:31 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Systemfehler:
=============
Error: (03/22/2016 06:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/22/2016 06:38:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht.
Error: (03/22/2016 06:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/22/2016 06:38:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht.
Error: (03/22/2016 06:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/22/2016 06:38:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht.
Error: (03/22/2016 06:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Home Network" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/22/2016 06:38:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Home Network erreicht.
Error: (03/22/2016 06:37:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (03/22/2016 06:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II X2 240 Processor
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 4094.55 MB
Verfügbarer physikalischer RAM: 1751.71 MB
Summe virtueller Speicher: 8187.29 MB
Verfügbarer virtueller Speicher: 5892.05 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:241.73 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.87 GB) (Free:0.02 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8406D83F)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Vielen Dank im voraus, Marco |
|
25.03.2016, 08:00
| #2 |
| /// Selecta Jahrusso   | Firefox und IE starten selbständig/automatisch Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.03.2016, 10:37
| #3 |
| | Firefox und IE starten selbständig/automatisch Guten Morgen Larusso,
__________________danke für die schnelle Antwort. TDSSKiller-Log: Code:
ATTFilter 09:12:38.0641 0x057c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:12:46.0972 0x057c ============================================================
09:12:46.0972 0x057c Current date / time: 2016/03/25 09:12:46.0972
09:12:46.0972 0x057c SystemInfo:
09:12:46.0972 0x057c
09:12:46.0972 0x057c OS Version: 6.1.7601 ServicePack: 1.0
09:12:46.0972 0x057c Product type: Workstation
09:12:46.0972 0x057c ComputerName: PC
09:12:46.0972 0x057c UserName: MCS
09:12:46.0972 0x057c Windows directory: C:\Windows
09:12:46.0972 0x057c System windows directory: C:\Windows
09:12:46.0972 0x057c Running under WOW64
09:12:46.0972 0x057c Processor architecture: Intel x64
09:12:46.0972 0x057c Number of processors: 2
09:12:46.0972 0x057c Page size: 0x1000
09:12:46.0972 0x057c Boot type: Normal boot
09:12:46.0972 0x057c ============================================================
09:12:50.0872 0x057c KLMD registered as C:\Windows\system32\drivers\57481262.sys
09:12:51.0418 0x057c System UUID: {785ABEAE-E12F-9027-ACC2-5435D4F5B128}
09:12:52.0385 0x057c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:12:52.0400 0x057c ============================================================
09:12:52.0400 0x057c \Device\Harddisk0\DR0:
09:12:52.0400 0x057c MBR partitions:
09:12:52.0400 0x057c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
09:12:52.0400 0x057c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x395BD800
09:12:52.0400 0x057c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B148000, BlocksNum 0x395BE5B0
09:12:52.0400 0x057c ============================================================
09:12:52.0432 0x057c C: <-> \Device\Harddisk0\DR0\Partition2
09:12:52.0478 0x057c D: <-> \Device\Harddisk0\DR0\Partition3
09:12:52.0478 0x057c ============================================================
09:12:52.0478 0x057c Initialize success
09:12:52.0478 0x057c ============================================================
09:13:25.0940 0x12a4 ============================================================
09:13:25.0940 0x12a4 Scan started
09:13:25.0940 0x12a4 Mode: Manual; SigCheck; TDLFS;
09:13:25.0940 0x12a4 ============================================================
09:13:25.0940 0x12a4 KSN ping started
09:13:37.0484 0x12a4 KSN ping finished: true
09:13:38.0935 0x12a4 ================ Scan system memory ========================
09:13:38.0935 0x12a4 System memory - ok
09:13:38.0935 0x12a4 ================ Scan services =============================
09:13:39.0091 0x12a4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:13:39.0372 0x12a4 1394ohci - ok
09:13:39.0481 0x12a4 [ CF43E9BAEBD41844856D14DBE9C07CD7, C8DE2166B91F74B50EB20D7B588CC7CAAC29F0427D3012140BB7D56A3F4B3450 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
09:13:39.0544 0x12a4 acedrv11 - ok
09:13:39.0575 0x12a4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:13:39.0606 0x12a4 ACPI - ok
09:13:39.0668 0x12a4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:13:39.0746 0x12a4 AcpiPmi - ok
09:13:39.0840 0x12a4 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:13:39.0887 0x12a4 AdobeARMservice - ok
09:13:40.0012 0x12a4 [ 99B993BD0F4C033D832B50D5E83BEBEC, A091635B2B428A51400468353F52D3FF35095460D3FA8CB29E2C4A804D87B845 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:13:40.0043 0x12a4 AdobeFlashPlayerUpdateSvc - ok
09:13:40.0090 0x12a4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:13:40.0152 0x12a4 adp94xx - ok
09:13:40.0199 0x12a4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:13:40.0246 0x12a4 adpahci - ok
09:13:40.0246 0x12a4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:13:40.0261 0x12a4 adpu320 - ok
09:13:40.0292 0x12a4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:13:40.0339 0x12a4 AeLookupSvc - ok
09:13:40.0370 0x12a4 [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
09:13:40.0433 0x12a4 AFD - ok
09:13:40.0495 0x12a4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:13:40.0526 0x12a4 agp440 - ok
09:13:40.0589 0x12a4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:13:40.0823 0x12a4 ALG - ok
09:13:40.0870 0x12a4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:13:40.0885 0x12a4 aliide - ok
09:13:40.0901 0x12a4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:13:40.0901 0x12a4 amdide - ok
09:13:40.0916 0x12a4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:13:40.0979 0x12a4 AmdK8 - ok
09:13:41.0010 0x12a4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:13:41.0026 0x12a4 AmdPPM - ok
09:13:41.0057 0x12a4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:13:41.0104 0x12a4 amdsata - ok
09:13:41.0119 0x12a4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:13:41.0135 0x12a4 amdsbs - ok
09:13:41.0150 0x12a4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:13:41.0166 0x12a4 amdxata - ok
09:13:41.0197 0x12a4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
09:13:41.0291 0x12a4 AppID - ok
09:13:41.0322 0x12a4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:13:41.0384 0x12a4 AppIDSvc - ok
09:13:41.0431 0x12a4 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
09:13:41.0525 0x12a4 Appinfo - ok
09:13:41.0556 0x12a4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:13:41.0572 0x12a4 arc - ok
09:13:41.0618 0x12a4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:13:41.0650 0x12a4 arcsas - ok
09:13:41.0696 0x12a4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:41.0774 0x12a4 AsyncMac - ok
09:13:41.0821 0x12a4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:13:41.0852 0x12a4 atapi - ok
09:13:41.0946 0x12a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:13:42.0008 0x12a4 AudioEndpointBuilder - ok
09:13:42.0055 0x12a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:13:42.0133 0x12a4 AudioSrv - ok
09:13:42.0196 0x12a4 [ 43744F1D3CDE20F3925F10927C9036C2, 47374A71D1A38572B8C247E924C0F3F063A6281743C9B7D818D63CA576B5D289 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
09:13:42.0258 0x12a4 AVMCOWAN - ok
09:13:42.0305 0x15e4 Object required for P2P: [ 99B993BD0F4C033D832B50D5E83BEBEC ] AdobeFlashPlayerUpdateSvc
09:13:42.0320 0x12a4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:13:42.0383 0x12a4 AxInstSV - ok
09:13:42.0414 0x12a4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:13:42.0461 0x12a4 b06bdrv - ok
09:13:42.0492 0x12a4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:13:42.0554 0x12a4 b57nd60a - ok
09:13:42.0570 0x15e4 Object send P2P result: true
09:13:42.0601 0x12a4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:13:42.0617 0x12a4 BDESVC - ok
09:13:42.0679 0x12a4 [ CB7CE2E47139B620D2B87078165F1AD0, 2859F85C463FD34D659EAFDDFE4DE472D04D3D2D639BE4876E19F5DC775D0BA1 ] becldr3Service C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
09:13:42.0773 0x12a4 becldr3Service - detected UnsignedFile.Multi.Generic ( 1 )
09:13:43.0054 0x12a4 Detect skipped due to KSN trusted
09:13:43.0054 0x12a4 becldr3Service - ok
09:13:43.0147 0x12a4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:13:43.0225 0x12a4 Beep - ok
09:13:43.0334 0x12a4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:13:43.0412 0x12a4 BFE - ok
09:13:43.0459 0x12a4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:13:43.0537 0x12a4 BITS - ok
09:13:43.0709 0x12a4 [ 6E984D17526995C8FA9B65FFCE324A63, AFAB5004C333F90AC13769701D253F65EAE23D5B277DAD9C6EA8AF658374B48D ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
09:13:43.0771 0x12a4 BlackBerry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
09:13:44.0052 0x12a4 Detect skipped due to KSN trusted
09:13:44.0052 0x12a4 BlackBerry Device Manager - ok
09:13:44.0099 0x12a4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:13:44.0146 0x12a4 blbdrive - ok
09:13:44.0161 0x12a4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:13:44.0192 0x12a4 bowser - ok
09:13:44.0224 0x12a4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:13:44.0255 0x12a4 BrFiltLo - ok
09:13:44.0286 0x12a4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:13:44.0302 0x12a4 BrFiltUp - ok
09:13:44.0333 0x12a4 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
09:13:44.0395 0x12a4 Browser - ok
09:13:44.0426 0x12a4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:13:44.0458 0x12a4 Brserid - ok
09:13:44.0473 0x12a4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:13:44.0489 0x12a4 BrSerWdm - ok
09:13:44.0520 0x12a4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:13:44.0551 0x12a4 BrUsbMdm - ok
09:13:44.0598 0x12a4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:13:44.0629 0x12a4 BrUsbSer - ok
09:13:44.0645 0x12a4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:13:44.0692 0x12a4 BTHMODEM - ok
09:13:44.0754 0x12a4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:13:44.0801 0x12a4 bthserv - ok
09:13:44.0988 0x12a4 [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
09:13:45.0128 0x12a4 c2cautoupdatesvc - ok
09:13:45.0284 0x12a4 [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
09:13:45.0425 0x12a4 c2cpnrsvc - ok
09:13:45.0440 0x12a4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:13:45.0487 0x12a4 cdfs - ok
09:13:45.0534 0x12a4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:13:45.0550 0x12a4 cdrom - ok
09:13:45.0690 0x12a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:13:45.0784 0x12a4 CertPropSvc - ok
09:13:45.0830 0x12a4 [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids C:\Windows\system32\drivers\cfwids.sys
09:13:45.0862 0x12a4 cfwids - ok
09:13:45.0893 0x12a4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:13:45.0940 0x12a4 circlass - ok
09:13:45.0986 0x12a4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
09:13:46.0002 0x12a4 CLFS - ok
09:13:46.0080 0x12a4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:46.0127 0x12a4 clr_optimization_v2.0.50727_32 - ok
09:13:46.0142 0x12a4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:13:46.0158 0x12a4 clr_optimization_v2.0.50727_64 - ok
09:13:46.0252 0x12a4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:46.0298 0x12a4 clr_optimization_v4.0.30319_32 - ok
09:13:46.0361 0x12a4 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:13:46.0392 0x12a4 clr_optimization_v4.0.30319_64 - ok
09:13:46.0408 0x12a4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:46.0439 0x12a4 CmBatt - ok
09:13:46.0470 0x12a4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:13:46.0486 0x12a4 cmdide - ok
09:13:46.0548 0x12a4 [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
09:13:46.0626 0x12a4 CNG - ok
09:13:46.0673 0x12a4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:13:46.0704 0x12a4 Compbatt - ok
09:13:46.0735 0x12a4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:13:46.0782 0x12a4 CompositeBus - ok
09:13:46.0813 0x12a4 COMSysApp - ok
09:13:46.0844 0x12a4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:13:46.0876 0x12a4 crcdisk - ok
09:13:46.0907 0x12a4 [ 4F5414602E2544A4554D95517948B705, 50121AD32ACF73F541DF3B655020F7B610B3E7B5E8C7B39D37D5958F28CB376E ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:13:46.0954 0x12a4 CryptSvc - ok
09:13:47.0047 0x12a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:13:47.0156 0x12a4 DcomLaunch - ok
09:13:47.0219 0x12a4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:13:47.0312 0x12a4 defragsvc - ok
09:13:47.0344 0x12a4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:13:47.0453 0x12a4 DfsC - ok
09:13:47.0500 0x12a4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:13:47.0593 0x12a4 Dhcp - ok
09:13:47.0624 0x12a4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:13:47.0718 0x12a4 discache - ok
09:13:47.0796 0x12a4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:13:47.0827 0x12a4 Disk - ok
09:13:47.0858 0x12a4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:13:47.0905 0x12a4 Dnscache - ok
09:13:47.0952 0x12a4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:13:48.0014 0x12a4 dot3svc - ok
09:13:48.0046 0x12a4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:13:48.0092 0x12a4 DPS - ok
09:13:48.0124 0x12a4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:13:48.0139 0x12a4 drmkaud - ok
09:13:48.0202 0x12a4 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:13:48.0248 0x12a4 DXGKrnl - ok
09:13:48.0280 0x12a4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:13:48.0326 0x12a4 EapHost - ok
09:13:48.0482 0x12a4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:13:48.0732 0x12a4 ebdrv - ok
09:13:48.0794 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
09:13:48.0841 0x12a4 EFS - ok
09:13:48.0935 0x12a4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:13:49.0044 0x12a4 ehRecvr - ok
09:13:49.0091 0x12a4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:13:49.0138 0x12a4 ehSched - ok
09:13:49.0169 0x12a4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:13:49.0200 0x12a4 elxstor - ok
09:13:49.0231 0x12a4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:13:49.0278 0x12a4 ErrDev - ok
09:13:49.0325 0x12a4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:13:49.0418 0x12a4 EventSystem - ok
09:13:49.0450 0x12a4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:13:49.0528 0x12a4 exfat - ok
09:13:49.0543 0x12a4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:13:49.0606 0x12a4 fastfat - ok
09:13:49.0652 0x12a4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:13:49.0730 0x12a4 Fax - ok
09:13:49.0746 0x12a4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:13:49.0762 0x12a4 fdc - ok
09:13:49.0777 0x12a4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:13:49.0840 0x12a4 fdPHost - ok
09:13:49.0871 0x12a4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:13:49.0918 0x12a4 FDResPub - ok
09:13:49.0949 0x12a4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:13:49.0980 0x12a4 FileInfo - ok
09:13:49.0996 0x12a4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:13:50.0042 0x12a4 Filetrace - ok
09:13:50.0042 0x12a4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:50.0058 0x12a4 flpydisk - ok
09:13:50.0089 0x12a4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:13:50.0105 0x12a4 FltMgr - ok
09:13:50.0152 0x12a4 [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\Windows\system32\FntCache.dll
09:13:50.0214 0x12a4 FontCache - ok
09:13:50.0276 0x12a4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:13:50.0308 0x12a4 FontCache3.0.0.0 - ok
09:13:50.0432 0x12a4 [ A9FF65EA14E4CABFCC1BB8ECE111A249, D5FCAE29E75AE2DF1BC748FEAEE732A3163DF22DBD2766732E86D330A107E861 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
09:13:50.0542 0x12a4 ForceWare Intelligent Application Manager (IAM) - ok
09:13:50.0838 0x12a4 [ CBCB6192173880B191E1BD9C9D1FA1DE, 1520657DD626975BFFDF8153C723F0EB7231EA11F2DBAA709B775A175F2C2832 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
09:13:50.0854 0x12a4 Freemake Improver - detected UnsignedFile.Multi.Generic ( 1 )
09:13:51.0275 0x12a4 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
09:13:51.0446 0x12a4 [ 65C2D3C4BAE4C0EF1CD92BBC8BB57F2B, F5A95289AA93B3FCB5FA75F488330CA7DE07F4E99876F94321C7D8E02B87336C ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
09:13:51.0462 0x12a4 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic ( 1 )
09:13:51.0743 0x12a4 Detect skipped due to KSN trusted
09:13:51.0743 0x12a4 FreemakeVideoCapture - ok
09:13:51.0868 0x12a4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:13:51.0899 0x12a4 FsDepends - ok
09:13:51.0930 0x12a4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:13:51.0946 0x12a4 Fs_Rec - ok
09:13:52.0008 0x12a4 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:13:52.0039 0x12a4 fvevol - ok
09:13:52.0117 0x12a4 [ 39B6FD2F3185EC07B827CDC9D97BF397, B3D5A6DB4B8C1F70CB28CD48232C1E3EA54449F5CC602A0DCDA356A9630D6266 ] FXUSBASE C:\Windows\system32\DRIVERS\fxusbase.sys
09:13:52.0273 0x12a4 FXUSBASE - ok
09:13:52.0304 0x12a4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:13:52.0336 0x12a4 gagp30kx - ok
09:13:52.0382 0x12a4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:13:52.0492 0x12a4 gpsvc - ok
09:13:52.0616 0x12a4 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
09:13:52.0648 0x12a4 Greg_Service - ok
09:13:52.0788 0x12a4 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:13:52.0804 0x12a4 gupdate - ok
09:13:52.0866 0x12a4 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:13:52.0882 0x12a4 gupdatem - ok
09:13:52.0897 0x12a4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:13:52.0928 0x12a4 hcw85cir - ok
09:13:52.0991 0x12a4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:13:53.0053 0x12a4 HdAudAddService - ok
09:13:53.0147 0x12a4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:13:53.0225 0x12a4 HDAudBus - ok
09:13:53.0240 0x12a4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:13:53.0287 0x12a4 HidBatt - ok
09:13:53.0303 0x12a4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:13:53.0318 0x12a4 HidBth - ok
09:13:53.0334 0x12a4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:13:53.0381 0x12a4 HidIr - ok
09:13:53.0412 0x12a4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:13:53.0506 0x12a4 hidserv - ok
09:13:53.0537 0x12a4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:13:53.0552 0x12a4 HidUsb - ok
09:13:53.0630 0x12a4 [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
09:13:53.0677 0x12a4 HipShieldK - ok
09:13:53.0724 0x12a4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:13:53.0802 0x12a4 hkmsvc - ok
09:13:53.0849 0x12a4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:13:53.0896 0x12a4 HomeGroupListener - ok
09:13:53.0942 0x12a4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:13:53.0989 0x12a4 HomeGroupProvider - ok
09:13:54.0114 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:13:54.0161 0x12a4 HomeNetSvc - ok
09:13:54.0223 0x12a4 [ 8D7F72F3B1CDCFDD038E0C069DBBDD89, 20E01FD81FB3B5E9EF0885F28F3D5C59D31AF01D403E99A880723CFF06B865CF ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
09:13:54.0254 0x12a4 hotcore3 - ok
09:13:54.0317 0x12a4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:13:54.0348 0x12a4 HpSAMD - ok
09:13:54.0566 0x12a4 [ 8D18D6FCCBEA517524581A6F9E5AD675, C992FECF9FFB5AC7F2273781C33290E6F21AFA7F94055363E56EE883B3605AA4 ] hshld C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
09:13:54.0660 0x12a4 hshld - ok
09:13:54.0722 0x12a4 [ 0063ACEBB5BBE8C563A6ADB09155E644, BC7C9AFB83F5345065BB070A5D992DCE13CB35027D8FE402B338D775C896317B ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
09:13:54.0769 0x12a4 HssDRV6 - ok
09:13:54.0832 0x12a4 [ B64DC8EEB3D73D5FAF0857E4A25416EB, DD7F222C1663636E824A5497CD54B7109226E2A00A54660B7D1807B1EB1BA468 ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
09:13:54.0863 0x12a4 HssTrayService - ok
09:13:54.0956 0x12a4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:13:55.0050 0x12a4 HTTP - ok
09:13:55.0081 0x12a4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:13:55.0097 0x12a4 hwpolicy - ok
09:13:55.0128 0x12a4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:13:55.0144 0x12a4 i8042prt - ok
09:13:55.0175 0x12a4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:13:55.0206 0x12a4 iaStorV - ok
09:13:55.0300 0x12a4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:13:55.0378 0x12a4 idsvc - ok
09:13:55.0409 0x12a4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:13:55.0409 0x12a4 iirsp - ok
09:13:55.0518 0x12a4 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
09:13:55.0534 0x12a4 IJPLMSVC - ok
09:13:55.0705 0x12a4 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
09:13:55.0783 0x12a4 IKEEXT - ok
09:13:55.0986 0x12a4 [ BC64B75E8E0A0B8982AB773483164E72, BF7CB0DEAAF78E20EA56B50FC177E99538FC4F29DA018D98E4286D122789435D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:13:56.0126 0x12a4 IntcAzAudAddService - ok
09:13:56.0158 0x12a4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:13:56.0158 0x12a4 intelide - ok
09:13:56.0189 0x12a4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:13:56.0204 0x12a4 intelppm - ok
09:13:56.0236 0x12a4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:13:56.0298 0x12a4 IPBusEnum - ok
09:13:56.0329 0x12a4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:13:56.0376 0x12a4 IpFilterDriver - ok
09:13:56.0438 0x12a4 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:13:56.0548 0x12a4 iphlpsvc - ok
09:13:56.0594 0x12a4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:13:56.0641 0x12a4 IPMIDRV - ok
09:13:56.0672 0x12a4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:13:56.0750 0x12a4 IPNAT - ok
09:13:56.0782 0x12a4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:13:56.0813 0x12a4 IRENUM - ok
09:13:56.0828 0x12a4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:13:56.0844 0x12a4 isapnp - ok
09:13:56.0875 0x12a4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:13:56.0922 0x12a4 iScsiPrt - ok
09:13:56.0953 0x12a4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:13:56.0953 0x12a4 kbdclass - ok
09:13:57.0000 0x12a4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:13:57.0047 0x12a4 kbdhid - ok
09:13:57.0062 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
09:13:57.0078 0x12a4 KeyIso - ok
09:13:57.0094 0x12a4 [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:13:57.0109 0x12a4 KSecDD - ok
09:13:57.0140 0x12a4 [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:13:57.0156 0x12a4 KSecPkg - ok
09:13:57.0172 0x12a4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:13:57.0218 0x12a4 ksthunk - ok
09:13:57.0250 0x12a4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:13:57.0296 0x12a4 KtmRm - ok
09:13:57.0359 0x12a4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:13:57.0437 0x12a4 LanmanServer - ok
09:13:57.0468 0x12a4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:13:57.0562 0x12a4 LanmanWorkstation - ok
09:13:57.0608 0x12a4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:13:57.0655 0x12a4 lltdio - ok
09:13:57.0733 0x12a4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:13:57.0811 0x12a4 lltdsvc - ok
09:13:57.0827 0x12a4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:13:57.0858 0x12a4 lmhosts - ok
09:13:57.0889 0x12a4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:13:57.0905 0x12a4 LSI_FC - ok
09:13:57.0920 0x12a4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:13:57.0920 0x12a4 LSI_SAS - ok
09:13:57.0936 0x12a4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:13:57.0952 0x12a4 LSI_SAS2 - ok
09:13:57.0952 0x12a4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:13:57.0967 0x12a4 LSI_SCSI - ok
09:13:57.0983 0x12a4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:13:58.0045 0x12a4 luafv - ok
09:13:58.0108 0x12a4 [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:13:58.0139 0x12a4 MBAMProtector - ok
09:13:58.0279 0x12a4 [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
09:13:58.0373 0x12a4 MBAMScheduler - ok
09:13:58.0451 0x12a4 [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
09:13:58.0544 0x12a4 MBAMService - ok
09:13:58.0607 0x12a4 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:13:58.0622 0x12a4 MBAMSwissArmy - ok
09:13:58.0669 0x12a4 [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:13:58.0685 0x12a4 MBAMWebAccessControl - ok
09:13:58.0763 0x12a4 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:13:58.0794 0x12a4 McAfee SiteAdvisor Service - ok
09:13:58.0872 0x12a4 [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
09:13:58.0903 0x12a4 McAPExe - ok
09:13:58.0997 0x12a4 [ 9F09E022819AE3D5E06E3864B0C36821, DDE841E662FC2954FBBF1E3189E25D4C8F41001B3D9A6FBE35BC1999C629B7D2 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe
09:13:59.0059 0x12a4 McComponentHostService - ok
09:13:59.0137 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:13:59.0153 0x12a4 McMPFSvc - ok
09:13:59.0184 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:13:59.0200 0x12a4 McNaiAnn - ok
09:13:59.0309 0x12a4 [ C214CC5B78616B44918CE62C8A2AA773, 563D732C54221FCDD5625BFCEAEFBE10937C6C62823B4A6CECA5F7ED6C81D890 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
09:13:59.0340 0x12a4 McODS - ok
09:13:59.0356 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:13:59.0371 0x12a4 mcpltsvc - ok
09:13:59.0387 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:13:59.0402 0x12a4 McProxy - ok
09:13:59.0449 0x12a4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:13:59.0496 0x12a4 Mcx2Svc - ok
09:13:59.0527 0x12a4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:13:59.0543 0x12a4 megasas - ok
09:13:59.0574 0x12a4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:13:59.0590 0x12a4 MegaSR - ok
09:13:59.0636 0x12a4 [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
09:13:59.0652 0x12a4 mfeapfk - ok
09:13:59.0699 0x12a4 [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
09:13:59.0714 0x12a4 mfeavfk - ok
09:13:59.0839 0x12a4 [ C83EBEE66A2754CEE5B05699A42F728B, 1D739A505AEC1F40CC8CB86D01BDCEC0E29002A609FDA96CEF3531285E8261B9 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
09:13:59.0902 0x12a4 mfecore - ok
09:13:59.0980 0x12a4 [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:14:00.0011 0x12a4 mfefire - ok
09:14:00.0042 0x12a4 [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
09:14:00.0073 0x12a4 mfefirek - ok
09:14:00.0167 0x12a4 [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
09:14:00.0245 0x12a4 mfehidk - ok
09:14:00.0292 0x12a4 [ 93712907DEE6FFBD8A4016ECBB250DCD, FB3673BA495EF1301C4BA75B457493D9B1D5AE52642A04473575CABC1EC6EDFD ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys
09:14:00.0323 0x12a4 mfencbdc - ok
09:14:00.0354 0x12a4 [ E97EE1F31F7E5349A06CE089658DA8A1, 8136155C734457E422331B3CBE67927C45FAB10B9B34789A612B58CF0E0E3BEC ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys
09:14:00.0370 0x12a4 mfencrk - ok
09:14:00.0401 0x12a4 [ 624D717B11E5004F68442B5740F17F21, 0E31DEB933D0D8E9CC1416B506C0F202429334883F51E6EF31EED1787B99B2C1 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
09:14:00.0416 0x12a4 mferkdk - ok
09:14:00.0448 0x12a4 [ 0CD9DE7B96735F33F078C4EA044E8B34, 3E268825CB4DDBF1DF4E1CC97EECCD27646055CF2D7AF5FBE4783C5F0275076B ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
09:14:00.0463 0x12a4 mfesmfk - ok
09:14:00.0494 0x12a4 [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
09:14:00.0510 0x12a4 mfevtp - ok
09:14:00.0588 0x12a4 [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
09:14:00.0666 0x12a4 mfewfpk - ok
09:14:00.0728 0x12a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:14:00.0838 0x12a4 MMCSS - ok
09:14:00.0853 0x12a4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:14:00.0931 0x12a4 Modem - ok
09:14:00.0994 0x12a4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:14:01.0025 0x12a4 monitor - ok
09:14:01.0056 0x12a4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:14:01.0072 0x12a4 mouclass - ok
09:14:01.0103 0x12a4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:14:01.0134 0x12a4 mouhid - ok
09:14:01.0150 0x12a4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:14:01.0181 0x12a4 mountmgr - ok
09:14:01.0274 0x12a4 [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:14:01.0321 0x12a4 MozillaMaintenance - ok
09:14:01.0368 0x12a4 [ AE2E68527013EB4F761ECCC630F7F1A3, 1BD4453FB2310306E296EB56AA31262260426EB7CB3F0793038B07DF175741AF ] MPFP C:\Windows\system32\Drivers\Mpfp.sys
09:14:01.0399 0x12a4 MPFP - ok
09:14:01.0446 0x12a4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:14:01.0493 0x12a4 mpio - ok
09:14:01.0524 0x12a4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:14:01.0571 0x12a4 mpsdrv - ok
09:14:01.0696 0x12a4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:14:01.0836 0x12a4 MpsSvc - ok
09:14:01.0883 0x12a4 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:14:01.0930 0x12a4 MRxDAV - ok
09:14:01.0961 0x12a4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:02.0008 0x12a4 mrxsmb - ok
09:14:02.0054 0x12a4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:02.0070 0x12a4 mrxsmb10 - ok
09:14:02.0101 0x12a4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:02.0117 0x12a4 mrxsmb20 - ok
09:14:02.0148 0x12a4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:14:02.0164 0x12a4 msahci - ok
09:14:02.0179 0x12a4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:14:02.0195 0x12a4 msdsm - ok
09:14:02.0226 0x12a4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:14:02.0273 0x12a4 MSDTC - ok
09:14:02.0304 0x12a4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:14:02.0351 0x12a4 Msfs - ok
09:14:02.0366 0x12a4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:14:02.0413 0x12a4 mshidkmdf - ok
09:14:02.0444 0x12a4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:14:02.0460 0x12a4 msisadrv - ok
09:14:02.0491 0x12a4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:14:02.0569 0x12a4 MSiSCSI - ok
09:14:02.0569 0x12a4 msiserver - ok
09:14:02.0663 0x12a4 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:14:02.0710 0x12a4 MSK80Service - ok
09:14:02.0725 0x12a4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:14:02.0850 0x12a4 MSKSSRV - ok
09:14:02.0850 0x12a4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:02.0897 0x12a4 MSPCLOCK - ok
09:14:02.0897 0x12a4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:14:02.0928 0x12a4 MSPQM - ok
09:14:02.0959 0x12a4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:14:02.0990 0x12a4 MsRPC - ok
09:14:03.0006 0x12a4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:14:03.0022 0x12a4 mssmbios - ok
09:14:03.0037 0x12a4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:14:03.0084 0x12a4 MSTEE - ok
09:14:03.0100 0x12a4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:03.0131 0x12a4 MTConfig - ok
09:14:03.0146 0x12a4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:14:03.0162 0x12a4 Mup - ok
09:14:03.0178 0x12a4 [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:14:03.0193 0x12a4 mwlPSDFilter - ok
09:14:03.0224 0x12a4 [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:14:03.0224 0x12a4 mwlPSDNServ - ok
09:14:03.0240 0x12a4 [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:14:03.0256 0x12a4 mwlPSDVDisk - ok
09:14:03.0302 0x12a4 [ 2F139207F618EC2933830227EEFFDDB4, 2942452EC631BF11CCCDA397C756CBBC0337F58B215A3F02DA263818CB3BE9A9 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
09:14:03.0318 0x12a4 MWLService - ok
09:14:03.0396 0x12a4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:14:03.0490 0x12a4 napagent - ok
09:14:03.0521 0x12a4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:14:03.0568 0x12a4 NativeWifiP - ok
09:14:03.0646 0x12a4 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:14:03.0817 0x12a4 NDIS - ok
09:14:03.0864 0x12a4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:03.0926 0x12a4 NdisCap - ok
09:14:03.0942 0x12a4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:04.0020 0x12a4 NdisTapi - ok
09:14:04.0036 0x12a4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:04.0114 0x12a4 Ndisuio - ok
09:14:04.0160 0x12a4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:04.0207 0x12a4 NdisWan - ok
09:14:04.0238 0x12a4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:14:04.0316 0x12a4 NDProxy - ok
09:14:04.0426 0x12a4 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:14:04.0472 0x12a4 Nero BackItUp Scheduler 4.0 - ok
09:14:04.0504 0x12a4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:14:04.0535 0x12a4 NetBIOS - ok
09:14:04.0582 0x12a4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:14:04.0628 0x12a4 NetBT - ok
09:14:04.0644 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
09:14:04.0675 0x12a4 Netlogon - ok
09:14:04.0722 0x12a4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:14:04.0769 0x12a4 Netman - ok
09:14:04.0831 0x12a4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:14:04.0940 0x12a4 netprofm - ok
09:14:04.0972 0x12a4 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:04.0987 0x12a4 NetTcpPortSharing - ok
09:14:05.0034 0x12a4 [ 450D0D2062C54DDA23583A78C0EB63D9, CEFB192B635222A2C5ADE8C0778E8228B3200DA94ECF870B9AC330557298E709 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
09:14:05.0050 0x12a4 Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 )
09:14:05.0330 0x12a4 Detect skipped due to KSN trusted
09:14:05.0330 0x12a4 Netzmanager Service - ok
09:14:05.0377 0x12a4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:05.0424 0x12a4 nfrd960 - ok
09:14:05.0440 0x12a4 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:14:05.0486 0x12a4 NlaSvc - ok
09:14:05.0518 0x12a4 nlsX86cc - ok
09:14:05.0549 0x12a4 [ 216BDF8B1017BB52692C9EE3C1E50597, 7D84CA4A176469B1C3423DE9E930F5CEED68F41F2BC727252B0A23B6CBC4C8EA ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
09:14:05.0596 0x12a4 nmwcdcx64 - ok
09:14:05.0689 0x12a4 [ AD8C3895155EE8D057F073856B2D5851, F074A9938309F5684C60BE634B3B6F615FE44FD981978D2059307E0EEBEC3D3F ] nmwcdx64 C:\Windows\system32\drivers\nmwcdx64.sys
09:14:05.0798 0x12a4 nmwcdx64 - ok
09:14:05.0923 0x12a4 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf C:\Windows\system32\drivers\npf.sys
09:14:05.0939 0x12a4 npf - ok
09:14:05.0986 0x12a4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:14:06.0017 0x12a4 Npfs - ok
09:14:06.0032 0x12a4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:14:06.0079 0x12a4 nsi - ok
09:14:06.0095 0x12a4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:14:06.0157 0x12a4 nsiproxy - ok
09:14:06.0204 0x12a4 [ C04F5DEF37E55F6A34428B050F44D3D6, 9B1BE8404831453AA89C2081DFA0EAD95696C0F63EAA2D0E8B5AED60A1B3876C ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
09:14:06.0235 0x12a4 nSvcIp - ok
09:14:06.0298 0x12a4 [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:14:06.0422 0x12a4 Ntfs - ok
09:14:06.0500 0x12a4 [ BD691091AC7D9713D8F0B07C6B099E6C, 4A69ED227CCBBCB76F78078CEE42506A875759FFB519CB9C40173EF8ACD6D6D2 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
09:14:06.0532 0x12a4 NTI IScheduleSvc - ok
09:14:06.0563 0x12a4 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
09:14:06.0578 0x12a4 NTIDrvr - ok
09:14:06.0594 0x12a4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:14:06.0625 0x12a4 Null - ok
09:14:06.0656 0x12a4 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
09:14:06.0688 0x12a4 NVENETFD - ok
09:14:06.0750 0x12a4 [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:14:06.0766 0x12a4 NVHDA - ok
09:14:07.0218 0x12a4 [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:14:07.0717 0x12a4 nvlddmkm - ok
09:14:07.0826 0x12a4 [ 0AD267A4674805B61A5D7B911D2A978A, FD4A80BD4BBBC0D820E363EB1566FF878DE4097F2CCA2AC1BEDF75DE343F60E7 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
09:14:07.0873 0x12a4 NVNET - ok
09:14:08.0029 0x12a4 [ D6310F79E51D1F997E964E81DD368AEA, 27D0159F45C712C6165FDB9F40823438225555E71BB01E3B55F5B5D7BE15D389 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
09:14:08.0107 0x12a4 NvNetworkService - ok
09:14:08.0170 0x12a4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:14:08.0216 0x12a4 nvraid - ok
09:14:08.0248 0x12a4 [ AFDE3015BB8D76E26BEC3B287C5443A0, 6D4804392149EA9B8BC555D4BEBB84A39DE14E62ACCD7EEBBE21D2D8E37E32B0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
09:14:08.0248 0x12a4 nvsmu - ok
09:14:08.0263 0x12a4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:14:08.0294 0x12a4 nvstor - ok
09:14:08.0310 0x12a4 [ 7C7EEF51979658CE15BBC04F96A77D56, 3363DA5B1C4E22D1B3AC368CB66B22221C435B98FACFA7BAD675B7D46D35F662 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
09:14:08.0326 0x12a4 nvstor64 - ok
09:14:08.0388 0x12a4 [ 0FB368E71D9F178BCFC7F0BBA317FECA, 97FA87219E95ED53B5E0B0D3305326DD950EE5CEECDC051E7DC7E9BA05CEB214 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
09:14:08.0404 0x12a4 NvStreamKms - ok
09:14:09.0059 0x12a4 [ AEC2796DF28AB7494A0C688E40D7B38C, B5B495259489B7A49EA4243EEF13BF598EC5791E0FD59FAB4227C906D635D09E ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
09:14:09.0667 0x12a4 NvStreamSvc - ok
09:14:09.0776 0x12a4 [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:14:09.0854 0x12a4 nvsvc - ok
09:14:09.0870 0x12a4 [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
09:14:09.0901 0x12a4 nvvad_WaveExtensible - ok
09:14:09.0948 0x12a4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:14:09.0964 0x12a4 nv_agp - ok
09:14:10.0026 0x12a4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:10.0057 0x12a4 odserv - ok
09:14:10.0088 0x12a4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:14:10.0120 0x12a4 ohci1394 - ok
09:14:10.0151 0x12a4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:10.0166 0x12a4 ose - ok
09:14:10.0182 0x12a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:14:10.0229 0x12a4 p2pimsvc - ok
09:14:10.0276 0x12a4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:14:10.0322 0x12a4 p2psvc - ok
09:14:10.0354 0x12a4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:14:10.0385 0x12a4 Parport - ok
09:14:10.0400 0x12a4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:14:10.0416 0x12a4 partmgr - ok
09:14:10.0447 0x12a4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
09:14:10.0463 0x12a4 PcaSvc - ok
09:14:10.0494 0x12a4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:14:10.0510 0x12a4 pci - ok
09:14:10.0510 0x12a4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:14:10.0525 0x12a4 pciide - ok
09:14:10.0541 0x12a4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:10.0556 0x12a4 pcmcia - ok
09:14:10.0728 0x12a4 [ E6E503845208A148A9E3E7FAA63B97A4, A58A125ED70FCE1A9B8B89EA6FF63A600390DEBD937BE9934D8270386A5A8061 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
09:14:10.0790 0x12a4 PCToolsSSDMonitorSvc - ok
09:14:10.0790 0x12a4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:14:10.0822 0x12a4 pcw - ok
09:14:10.0900 0x12a4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:14:10.0978 0x12a4 PEAUTH - ok
09:14:11.0056 0x12a4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:14:11.0118 0x12a4 PerfHost - ok
09:14:11.0212 0x12a4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:14:11.0336 0x12a4 pla - ok
09:14:11.0383 0x12a4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:14:11.0414 0x12a4 PlugPlay - ok
09:14:11.0446 0x12a4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:14:11.0492 0x12a4 PNRPAutoReg - ok
09:14:11.0524 0x12a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:14:11.0555 0x12a4 PNRPsvc - ok
09:14:11.0586 0x12a4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:14:11.0664 0x12a4 PolicyAgent - ok
09:14:11.0711 0x12a4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:14:11.0789 0x12a4 Power - ok
09:14:11.0804 0x12a4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:14:11.0851 0x12a4 PptpMiniport - ok
09:14:11.0867 0x12a4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:14:11.0882 0x12a4 Processor - ok
09:14:11.0929 0x12a4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
09:14:11.0976 0x12a4 ProfSvc - ok
09:14:11.0992 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
09:14:12.0007 0x12a4 ProtectedStorage - ok
09:14:12.0023 0x12a4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:14:12.0085 0x12a4 Psched - ok
09:14:12.0148 0x12a4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:14:12.0272 0x12a4 ql2300 - ok
09:14:12.0304 0x12a4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:12.0319 0x12a4 ql40xx - ok
09:14:12.0366 0x12a4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:14:12.0382 0x12a4 QWAVE - ok
09:14:12.0397 0x12a4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:14:12.0428 0x12a4 QWAVEdrv - ok
09:14:12.0444 0x12a4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:14:12.0506 0x12a4 RasAcd - ok
09:14:12.0538 0x12a4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:12.0600 0x12a4 RasAgileVpn - ok
09:14:12.0600 0x12a4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:14:12.0647 0x12a4 RasAuto - ok
09:14:12.0678 0x12a4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:12.0740 0x12a4 Rasl2tp - ok
09:14:12.0818 0x12a4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:14:12.0896 0x12a4 RasMan - ok
09:14:12.0928 0x12a4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:12.0959 0x12a4 RasPppoe - ok
09:14:12.0974 0x12a4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:14:13.0068 0x12a4 RasSstp - ok
09:14:13.0099 0x12a4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:14:13.0193 0x12a4 rdbss - ok
09:14:13.0208 0x12a4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:13.0224 0x12a4 rdpbus - ok
09:14:13.0255 0x12a4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:13.0302 0x12a4 RDPCDD - ok
09:14:13.0318 0x12a4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:14:13.0349 0x12a4 RDPENCDD - ok
09:14:13.0364 0x12a4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:14:13.0396 0x12a4 RDPREFMP - ok
09:14:13.0427 0x12a4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:14:13.0458 0x12a4 RDPWD - ok
09:14:13.0489 0x12a4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:14:13.0505 0x12a4 rdyboost - ok
09:14:13.0552 0x12a4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:14:13.0614 0x12a4 RemoteAccess - ok
09:14:13.0676 0x12a4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:14:13.0770 0x12a4 RemoteRegistry - ok
09:14:13.0832 0x12a4 [ 010C9C26AF2464023D1F084975E69F80, 52404C1FA02CDBD5787C80F417E770D4C467FA70F58382FCFD17ABD4BDC076DC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:14:13.0864 0x12a4 RimUsb - ok
09:14:13.0910 0x12a4 [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:14:13.0973 0x12a4 RimVSerPort - ok
09:14:14.0004 0x12a4 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:14:14.0051 0x12a4 ROOTMODEM - ok
09:14:14.0066 0x12a4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:14:14.0129 0x12a4 RpcEptMapper - ok
09:14:14.0160 0x12a4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:14:14.0176 0x12a4 RpcLocator - ok
09:14:14.0238 0x12a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:14:14.0300 0x12a4 RpcSs - ok
09:14:14.0332 0x12a4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:14:14.0378 0x12a4 rspndr - ok
09:14:14.0378 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
09:14:14.0394 0x12a4 SamSs - ok
09:14:14.0425 0x12a4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:14:14.0441 0x12a4 sbp2port - ok
09:14:14.0472 0x12a4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:14:14.0534 0x12a4 SCardSvr - ok
09:14:14.0566 0x12a4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:14:14.0612 0x12a4 scfilter - ok
09:14:14.0706 0x12a4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:14:14.0862 0x12a4 Schedule - ok
09:14:14.0909 0x12a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:14:14.0971 0x12a4 SCPolicySvc - ok
09:14:15.0002 0x12a4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:14:15.0049 0x12a4 SDRSVC - ok
09:14:15.0112 0x12a4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:14:15.0174 0x12a4 secdrv - ok
09:14:15.0205 0x12a4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:14:15.0268 0x12a4 seclogon - ok
09:14:15.0299 0x12a4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:14:15.0346 0x12a4 SENS - ok
09:14:15.0377 0x12a4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:14:15.0424 0x12a4 SensrSvc - ok
09:14:15.0455 0x12a4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:14:15.0486 0x12a4 Serenum - ok
09:14:15.0517 0x12a4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:14:15.0533 0x12a4 Serial - ok
09:14:15.0580 0x12a4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:14:15.0626 0x12a4 sermouse - ok
09:14:15.0704 0x12a4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:14:15.0767 0x12a4 SessionEnv - ok
09:14:15.0814 0x12a4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:14:15.0892 0x12a4 sffdisk - ok
09:14:15.0923 0x12a4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:14:15.0938 0x12a4 sffp_mmc - ok
09:14:15.0938 0x12a4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:14:15.0970 0x12a4 sffp_sd - ok
09:14:15.0985 0x12a4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:16.0001 0x12a4 sfloppy - ok
09:14:16.0032 0x12a4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:14:16.0094 0x12a4 SharedAccess - ok
09:14:16.0126 0x12a4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:14:16.0188 0x12a4 ShellHWDetection - ok
09:14:16.0219 0x12a4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:16.0235 0x12a4 SiSRaid2 - ok
09:14:16.0235 0x12a4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:16.0250 0x12a4 SiSRaid4 - ok
09:14:16.0360 0x12a4 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:14:16.0391 0x12a4 SkypeUpdate - ok
09:14:16.0406 0x12a4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:14:16.0453 0x12a4 Smb - ok
09:14:16.0516 0x12a4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:14:16.0594 0x12a4 SNMPTRAP - ok
09:14:16.0672 0x12a4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:14:16.0718 0x12a4 spldr - ok
09:14:16.0781 0x12a4 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
09:14:16.0859 0x12a4 Spooler - ok
09:14:17.0015 0x12a4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:14:17.0171 0x12a4 sppsvc - ok
09:14:17.0202 0x12a4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:14:17.0264 0x12a4 sppuinotify - ok
09:14:17.0311 0x12a4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:14:17.0358 0x12a4 srv - ok
09:14:17.0374 0x12a4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:14:17.0420 0x12a4 srv2 - ok
09:14:17.0452 0x12a4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:14:17.0483 0x12a4 srvnet - ok
09:14:17.0514 0x12a4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:14:17.0561 0x12a4 SSDPSRV - ok
09:14:17.0592 0x12a4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:14:17.0623 0x12a4 SstpSvc - ok
09:14:17.0732 0x12a4 [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:14:17.0826 0x12a4 Stereo Service - ok
09:14:17.0857 0x12a4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:14:17.0873 0x12a4 stexstor - ok
09:14:17.0935 0x12a4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:14:17.0982 0x12a4 stisvc - ok
09:14:18.0013 0x12a4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
09:14:18.0029 0x12a4 swenum - ok
09:14:18.0060 0x12a4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:14:18.0138 0x12a4 swprv - ok
09:14:18.0216 0x12a4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:14:18.0325 0x12a4 SysMain - ok
09:14:18.0372 0x12a4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:14:18.0434 0x12a4 TabletInputService - ok
09:14:18.0481 0x12a4 [ DE7179BCF4F557C5CB9C07F90CB3337C, 8ED327C2BFE99AAD2803E1D3A77751890F8D71D830EB5CBBC6A69554C6F2FBAB ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
09:14:18.0497 0x12a4 taphss6 - ok
09:14:18.0528 0x12a4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:14:18.0590 0x12a4 TapiSrv - ok
09:14:18.0622 0x12a4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:14:18.0684 0x12a4 TBS - ok
09:14:18.0856 0x12a4 [ ACB82BDA8F46C84F465C1AFA517DC4B9, DE785AC33A0D63699E5E3E85E4C33694A15FBC9B93D432E8865C88E44CDF3E17 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:14:18.0996 0x12a4 Tcpip - ok
09:14:19.0074 0x12a4 [ ACB82BDA8F46C84F465C1AFA517DC4B9, DE785AC33A0D63699E5E3E85E4C33694A15FBC9B93D432E8865C88E44CDF3E17 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:14:19.0183 0x12a4 TCPIP6 - ok
09:14:19.0308 0x12a4 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:14:19.0417 0x12a4 tcpipreg - ok
09:14:19.0448 0x12a4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:14:19.0464 0x12a4 TDPIPE - ok
09:14:19.0495 0x12a4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:14:19.0542 0x12a4 TDTCP - ok
09:14:19.0589 0x12a4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:14:19.0651 0x12a4 tdx - ok
09:14:19.0698 0x12a4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
09:14:19.0714 0x12a4 TermDD - ok
09:14:19.0760 0x12a4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
09:14:19.0838 0x12a4 TermService - ok
09:14:19.0870 0x12a4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:14:19.0932 0x12a4 Themes - ok
09:14:19.0979 0x12a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:14:20.0057 0x12a4 THREADORDER - ok
09:14:20.0072 0x12a4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:14:20.0150 0x12a4 TrkWks - ok
09:14:20.0228 0x12a4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:14:20.0338 0x12a4 TrustedInstaller - ok
09:14:20.0384 0x12a4 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:20.0447 0x12a4 tssecsrv - ok
09:14:20.0478 0x12a4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:14:20.0525 0x12a4 TsUsbFlt - ok
09:14:20.0572 0x12a4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:14:20.0618 0x12a4 tunnel - ok
09:14:20.0696 0x12a4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:14:20.0728 0x12a4 uagp35 - ok
09:14:20.0790 0x12a4 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
09:14:20.0806 0x12a4 UBHelper - ok
09:14:20.0899 0x12a4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:14:20.0962 0x12a4 udfs - ok
09:14:20.0977 0x12a4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:14:20.0993 0x12a4 UI0Detect - ok
09:14:21.0024 0x12a4 [ 071EE31349BBE2C449B8DC48A7260631, 872B5F9AB0F35F150042379D64FA8C0C46CED7C453BFD66BB19E75BF84FD9F03 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
09:14:21.0040 0x12a4 UimBus - ok
09:14:21.0071 0x12a4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:14:21.0071 0x12a4 uliagpkx - ok
09:14:21.0118 0x12a4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
09:14:21.0133 0x12a4 umbus - ok
09:14:21.0164 0x12a4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:14:21.0196 0x12a4 UmPass - ok
09:14:21.0242 0x12a4 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:14:21.0274 0x12a4 Updater Service - ok
09:14:21.0320 0x12a4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:14:21.0383 0x12a4 upnphost - ok
09:14:21.0398 0x12a4 [ F49988FBF59413B974B1380D6F743EBC, 29571E42C056C6CB8D0743C6A6B80D2ACD163850137B5391D1EE076C927F0B4C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:14:21.0445 0x12a4 upperdev - ok
09:14:21.0461 0x12a4 [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:21.0508 0x12a4 usbccgp - ok
09:14:21.0554 0x12a4 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:14:21.0601 0x12a4 usbcir - ok
09:14:21.0632 0x12a4 [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:14:21.0648 0x12a4 usbehci - ok
09:14:21.0679 0x12a4 [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:14:21.0726 0x12a4 usbhub - ok
09:14:21.0742 0x12a4 [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:14:21.0773 0x12a4 usbohci - ok
09:14:21.0804 0x12a4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:14:21.0835 0x12a4 usbprint - ok
09:14:21.0866 0x12a4 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:14:21.0882 0x12a4 usbscan - ok
09:14:21.0898 0x12a4 [ 4ACEE387FA8FD39F83564FCD2FC234F2, 3D62DE27027B8C032D15EB74F97A14B4EC24E67052C1163862740D6312B2569B ] usbser C:\Windows\system32\drivers\usbser.sys
09:14:21.0929 0x12a4 usbser - ok
09:14:21.0960 0x12a4 [ 0FE9E048FC762DCAC087CB9EE1680079, CFF8526B712EDE212EF8C2E1F55F687302D75125FFEAA6DBFF48D5FA3188463C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
09:14:22.0007 0x12a4 UsbserFilt - ok
09:14:22.0038 0x12a4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:22.0085 0x12a4 USBSTOR - ok
09:14:22.0100 0x12a4 [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:14:22.0132 0x12a4 usbuhci - ok
09:14:22.0194 0x12a4 [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
09:14:22.0256 0x12a4 usb_rndisx - ok
09:14:22.0288 0x12a4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:14:22.0397 0x12a4 UxSms - ok
09:14:22.0412 0x12a4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
09:14:22.0444 0x12a4 VaultSvc - ok
09:14:22.0475 0x12a4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:14:22.0490 0x12a4 vdrvroot - ok
09:14:22.0522 0x12a4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:14:22.0568 0x12a4 vds - ok
09:14:22.0631 0x12a4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:22.0678 0x12a4 vga - ok
09:14:22.0693 0x12a4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:14:22.0740 0x12a4 VgaSave - ok
09:14:22.0849 0x12a4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:14:22.0896 0x12a4 vhdmp - ok
09:14:22.0927 0x12a4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:14:22.0943 0x12a4 viaide - ok
09:14:22.0958 0x12a4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:14:22.0958 0x12a4 volmgr - ok
09:14:22.0990 0x12a4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:14:23.0021 0x12a4 volmgrx - ok
09:14:23.0036 0x12a4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:14:23.0052 0x12a4 volsnap - ok
09:14:23.0083 0x12a4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:23.0099 0x12a4 vsmraid - ok
09:14:23.0192 0x12a4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:14:23.0380 0x12a4 VSS - ok
09:14:23.0395 0x12a4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:14:23.0442 0x12a4 vwifibus - ok
09:14:23.0473 0x12a4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:14:23.0520 0x12a4 W32Time - ok
09:14:23.0536 0x12a4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:14:23.0551 0x12a4 WacomPen - ok
09:14:23.0614 0x12a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:14:23.0692 0x12a4 WANARP - ok
09:14:23.0707 0x12a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:14:23.0754 0x12a4 Wanarpv6 - ok
09:14:23.0816 0x12a4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:14:23.0894 0x12a4 wbengine - ok
09:14:23.0926 0x12a4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:14:23.0957 0x12a4 WbioSrvc - ok
09:14:23.0988 0x12a4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:14:24.0019 0x12a4 wcncsvc - ok
09:14:24.0050 0x12a4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:14:24.0066 0x12a4 WcsPlugInService - ok
09:14:24.0066 0x12a4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:14:24.0082 0x12a4 Wd - ok
09:14:24.0113 0x12a4 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:14:24.0175 0x12a4 Wdf01000 - ok
09:14:24.0191 0x12a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:14:24.0238 0x12a4 WdiServiceHost - ok
09:14:24.0238 0x12a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:14:24.0253 0x12a4 WdiSystemHost - ok
09:14:24.0300 0x12a4 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
09:14:24.0347 0x12a4 WebClient - ok
09:14:24.0378 0x12a4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:14:24.0456 0x12a4 Wecsvc - ok
09:14:24.0487 0x12a4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:14:24.0518 0x12a4 wercplsupport - ok
09:14:24.0550 0x12a4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:14:24.0596 0x12a4 WerSvc - ok
09:14:24.0643 0x12a4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:24.0706 0x12a4 WfpLwf - ok
09:14:24.0721 0x12a4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:14:24.0737 0x12a4 WIMMount - ok
09:14:24.0768 0x12a4 WinDefend - ok
09:14:24.0768 0x12a4 WinHttpAutoProxySvc - ok
09:14:24.0830 0x12a4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:14:24.0924 0x12a4 Winmgmt - ok
09:14:25.0049 0x12a4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:14:25.0205 0x12a4 WinRM - ok
09:14:25.0283 0x12a4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:14:25.0330 0x12a4 WinUsb - ok
09:14:25.0392 0x12a4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:14:25.0501 0x12a4 Wlansvc - ok
09:14:25.0548 0x12a4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:14:25.0564 0x12a4 WmiAcpi - ok
09:14:25.0642 0x12a4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:14:25.0704 0x12a4 wmiApSrv - ok
09:14:25.0751 0x12a4 WMPNetworkSvc - ok
09:14:25.0798 0x12a4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:14:25.0844 0x12a4 WPCSvc - ok
09:14:25.0876 0x12a4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:14:25.0954 0x12a4 WPDBusEnum - ok
09:14:25.0985 0x12a4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:14:26.0047 0x12a4 ws2ifsl - ok
09:14:26.0078 0x12a4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:14:26.0125 0x12a4 wscsvc - ok
09:14:26.0125 0x12a4 WSearch - ok
09:14:26.0250 0x12a4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
09:14:26.0328 0x12a4 wuauserv - ok
09:14:26.0359 0x12a4 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:14:26.0406 0x12a4 WudfPf - ok
09:14:26.0437 0x12a4 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:26.0515 0x12a4 WUDFRd - ok
09:14:26.0546 0x12a4 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:14:26.0640 0x12a4 wudfsvc - ok
09:14:26.0671 0x12a4 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:14:26.0749 0x12a4 WwanSvc - ok
09:14:26.0812 0x12a4 ================ Scan global ===============================
09:14:26.0952 0x12a4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:14:27.0030 0x12a4 [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
09:14:27.0077 0x12a4 [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
09:14:27.0108 0x12a4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:14:27.0170 0x12a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:14:27.0186 0x12a4 [ Global ] - ok
09:14:27.0186 0x12a4 ================ Scan MBR ==================================
09:14:27.0202 0x12a4 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
09:14:29.0900 0x12a4 \Device\Harddisk0\DR0 - ok
09:14:29.0900 0x12a4 ================ Scan VBR ==================================
09:14:29.0900 0x12a4 [ 022497C1B7BCAD2D5CEEA13EDFA891A2 ] \Device\Harddisk0\DR0\Partition1
09:14:29.0932 0x12a4 \Device\Harddisk0\DR0\Partition1 - ok
09:14:29.0932 0x12a4 [ 8D79DB0A48C9A2E89BE766DCD68E826A ] \Device\Harddisk0\DR0\Partition2
09:14:29.0978 0x12a4 \Device\Harddisk0\DR0\Partition2 - ok
09:14:29.0978 0x12a4 [ B32F7E99C3FA539DDD9DC4466052B164 ] \Device\Harddisk0\DR0\Partition3
09:14:29.0978 0x12a4 \Device\Harddisk0\DR0\Partition3 - ok
09:14:29.0978 0x12a4 ================ Scan generic autorun ======================
09:14:30.0119 0x12a4 [ C56AEF21A76A6E2BB36A384B2C96389F, A9C8B90631AB4BBFEAABDE3D854283C5073B8786A263B941FF631531F30B7F9A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
09:14:30.0197 0x12a4 NvBackend - ok
09:14:30.0244 0x12a4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:14:30.0275 0x12a4 ShadowPlay - ok
09:14:30.0306 0x12a4 [ 8784236EED5079493DA9FC95B28B89F8, E59C349B964F585C27F63FBF7C1B5D7C6CF8CC958BD35100A36D57542DC13972 ] C:\Windows\SYSTEM32\WerFault.exe
09:14:30.0384 0x12a4 *WerKernelReporting - ok
09:14:30.0462 0x12a4 [ D9CB30BF12B3670650C85637EA1AB6EA, AFA4943A853ACE460007D3AFE5D45B4C972BF51777ACF4C0E84684DA6A014131 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
09:14:30.0493 0x12a4 BackupManagerTray - ok
09:14:30.0587 0x12a4 [ 84F122BFFA0638CE735E891620EF7754, 5A3227301212C4F767258F8207268055B8EA672E82F64CD9CBDCD96858476D7F ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
09:14:30.0634 0x12a4 Hotkey Utility - ok
09:14:30.0758 0x12a4 [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
09:14:30.0790 0x12a4 mcui_exe - ok
09:14:30.0946 0x12a4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:31.0039 0x12a4 Sidebar - ok
09:14:31.0070 0x12a4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:31.0102 0x12a4 mctadmin - ok
09:14:31.0148 0x12a4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:31.0195 0x12a4 Sidebar - ok
09:14:31.0211 0x12a4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:31.0226 0x12a4 mctadmin - ok
09:14:31.0258 0x12a4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:31.0336 0x12a4 Sidebar - ok
09:14:31.0336 0x12a4 Waiting for KSN requests completion. In queue: 11
09:14:32.0459 0x12a4 AV detected via SS2: McAfee Anti-Virus und Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
09:14:32.0459 0x12a4 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
09:14:32.0521 0x12a4 ============================================================
09:14:32.0521 0x12a4 Scan finished
09:14:32.0521 0x12a4 ============================================================
09:14:32.0537 0x0e84 Detected object count: 1
09:14:32.0537 0x0e84 Actual detected object count: 1
09:15:11.0334 0x0e84 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:11.0334 0x0e84 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:05.0079 0x1424 Deinitialize success
|
|
26.03.2016, 08:30
| #4 |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Hy Scan mit Combofix
Sag mir bitte, ob nach dem Neustart das Problem weiterhin besteht 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.03.2016, 14:59
| #5 |
| | Firefox und IE starten selbständig/automatisch So, endlich geschafft, ComboFix laufen zu lassen. Das Problem besteht zwar nicht mehr, aber ComboFix hat sich, trotz genauer Einhaltung der Anleitung, zwischendrin merkwürdig verhalten. Nachdem der Neustart durchgeführt worden ist, öffneten sich nacheinander jeweils für unter eine Sekunde unzählig oft zum einen das command-Fenster, zum anderen ein Fenster mit der Bezeichnung "Combofix 3.pxe" , bis der PC irgendwann ausging. Nach erneutem Hochfahren erstellte CF dann die Logdatei. Was lief da schief? ComboFix-Log: Code:
ATTFilter Combofix Logfile: |
|
28.03.2016, 09:06
| #6 |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Sieht ganz gut aus Code:
ATTFilter FF user.js: detected! => C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js [2016-03-21]
Starte bitte FRST und drücke auf Untersuchen. Poste die FRST Log bitte hier
__________________ --> Firefox und IE starten selbständig/automatisch |
|
28.03.2016, 13:03
| #7 |
| | Firefox und IE starten selbständig/automatisch Die user.js vom 21.03. habe ich nicht selbst angelegt. Heute vormittag habe ich das Admin-Konto (MCS) aufgerufen und sofort öffnete sich FF mit der Seite techbrowsing.com Hier das neue FRST-Log Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von MCS (Administrator) auf PC (28-03-2016 11:43:26) Gestartet von C:\Users\LM2\Desktop Geladene Profile: MCS & LM2 (Verfügbare Profile: MCS & LM2 & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2016-03-03] (McAfee, Inc.) HKLM-x32\...\Run: [] => [X] HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-824321664-1275631822-800070043-1002\...\MountPoints2: {02034be8-51e2-11e3-a7e7-404e57434402} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083 ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-20] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2016-03-20] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.20 Tcpip\..\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: [DhcpNameServer] 192.168.178.20 Tcpip\..\Interfaces\{B8318698-19AD-41CA-A0B6-3601D211BC45}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{D0016FAC-39B6-489E-8450-F19811AFBB3B}: [DhcpNameServer] 192.168.1.250 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-824321664-1275631822-800070043-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974080f85bh451l364 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/?guid={B9D4FB9C-78E2-4FB7-9FDC-67E665BE2937}&serpv=17 HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - (Kein Name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Keine Datei URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-824321664-1275631822-800070043-1002 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1002 -> DefaultScope {3835E609-A8CF-4825-B229-926AA9A4A2BB} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKU\S-1-5-21-824321664-1275631822-800070043-1002 -> {3835E609-A8CF-4825-B229-926AA9A4A2BB} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => Keine Datei BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] () BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Toolbar: HKU\S-1-5-21-824321664-1275631822-800070043-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//home?affID=121562 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-27] () FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-27] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] () FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-824321664-1275631822-800070043-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LM2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS) FF user.js: detected! => C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js [2016-03-27] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-14] (Nullsoft, Inc.) FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{7E5616B6-81F9-4339-ADD2-E2F3741ACB85}.xml [2012-12-19] FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{9617F2CC-FCFD-44CB-9546-B139B9FD1073}.xml [2012-12-19] FF SearchPlugin: C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\searchplugins\{E48AE8DD-B500-4218-BF0C-415C948569E4}.xml [2012-12-19] FF Extension: Block LinkBucks - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\dgs229@nyu.edu.xpi [2013-01-15] [ist nicht signiert] FF Extension: Ghostery - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\firefox@ghostery.com [2013-05-02] [ist nicht signiert] FF Extension: JavaScript Deobfuscator - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2012-12-19] [ist nicht signiert] FF Extension: Proxilla Glype Proxy Client - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\proxilla@kevin.godell.xpi [2012-12-19] [ist nicht signiert] FF Extension: BetterPrivacy - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-19] [ist nicht signiert] FF Extension: Bitdefender QuickScan - C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-05-02] [ist nicht signiert] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2016-03-20] [ist nicht signiert] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [ist nicht signiert] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-28] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-28] [ist nicht signiert] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-03-28] [ist nicht signiert] FF HKU\S-1-5-21-824321664-1275631822-800070043-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.de/" CHR DefaultSearchKeyword: Default -> google.com_ CHR Profile: C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Freemake Video Downloader) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-10-12] CHR Extension: (Freemake Youtube Download Button) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-10-12] CHR Extension: (Skype) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-20] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-27] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-28] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-28] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0027641459157438mcinstcleanup; C:\Windows\TEMP\002764~1.EXE [918056 2015-11-27] (McAfee, Inc.) S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [Datei ist nicht signiert] S4 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [Datei ist nicht signiert] S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-10-08] (Freemake) [Datei ist nicht signiert] R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [Datei ist nicht signiert] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] () S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [103472 2012-06-15] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.) R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [Datei ist nicht signiert] S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-03-11] (Nalpeiron Ltd.) [Datei ist nicht signiert] R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [694272 2009-06-10] (AVM Berlin) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2008-09-26] (Paragon Software Group) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.) S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45320 2008-09-26] (Windows (R) 2000 DDK provider) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 mfeavfk01; \Device\mfeavfk01.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-28 11:35 - 2016-03-28 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-03-27 17:52 - 2015-11-25 07:29 - 00419624 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys 2016-03-27 17:48 - 2016-03-27 17:48 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2016-03-27 17:48 - 2016-03-27 17:48 - 00000000 ____D C:\ProgramData\Intel Security 2016-03-27 17:47 - 2016-03-27 17:47 - 00000000 ____D C:\Program Files\Common Files\Intel Security 2016-03-27 15:14 - 2016-03-27 15:14 - 00025473 _____ C:\Users\LM2\Desktop\ComboFix.txt 2016-03-27 13:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2016-03-27 13:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2016-03-27 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-03-27 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-03-27 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-03-27 13:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2016-03-27 13:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2016-03-27 13:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2016-03-27 13:39 - 2016-03-27 15:14 - 00000000 ____D C:\Qoobox 2016-03-27 13:39 - 2016-03-27 15:11 - 00000000 ____D C:\Windows\erdnt 2016-03-27 13:20 - 2016-03-27 13:20 - 00284440 _____ C:\Windows\Minidump\032716-18860-01.dmp 2016-03-26 17:49 - 2016-03-26 17:49 - 05658151 ____R (Swearware) C:\Users\LM2\Desktop\ComboFix.exe 2016-03-26 04:22 - 2016-03-26 04:22 - 00000000 ____D C:\Users\LM2\Documents\Freemake 2016-03-25 10:12 - 2016-03-25 10:22 - 00217988 _____ C:\Users\LM2\Desktop\TDSSKiller.3.1.0.9_25.03.2016_09.12.38_log.txt 2016-03-25 10:09 - 2016-03-25 10:09 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\LM2\Desktop\tdsskiller.exe 2016-03-24 12:46 - 2016-03-28 11:42 - 00037846 _____ C:\Users\LM2\Desktop\Addition.txt 2016-03-24 12:42 - 2016-03-28 11:43 - 00032626 _____ C:\Users\LM2\Desktop\FRST.txt 2016-03-24 12:40 - 2016-03-28 11:43 - 00000000 ____D C:\FRST 2016-03-24 12:37 - 2016-03-24 12:38 - 02374144 _____ (Farbar) C:\Users\LM2\Desktop\FRST64.exe 2016-03-24 08:23 - 2016-03-24 08:23 - 00000000 ____D C:\Program Files\Common Files\AV 2016-03-22 09:45 - 2016-03-22 09:48 - 00000000 ____D C:\home2 2016-03-22 09:27 - 2016-03-22 09:27 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\MCS\Downloads\flashplayer21_d_install.exe 2016-03-22 09:26 - 2016-03-22 09:26 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 09:26 - 2016-03-22 09:26 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 09:22 - 2016-03-22 09:23 - 43359192 _____ C:\Users\LM2\Downloads\FirefoxSetup45.0.1.exe 2016-03-21 20:02 - 2016-03-21 20:02 - 00287976 _____ C:\Windows\Minidump\032116-18189-01.dmp 2016-03-21 19:25 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2016-03-21 15:41 - 2016-03-21 18:13 - 00000000 ____D C:\AdwCleaner 2016-03-21 15:39 - 2016-03-21 15:39 - 01529344 _____ C:\Users\LM2\Downloads\adwcleaner_5.103.exe 2016-03-21 10:28 - 2016-03-21 10:31 - 00000000 ____D C:\Users\MCS\Documents\Neuer Ordner (3) 2016-03-21 10:08 - 2016-03-21 10:08 - 00000000 ____D C:\Users\LM2\Documents\PDF Files 2016-03-21 09:09 - 2016-03-21 09:09 - 00000000 ____D C:\Users\MCS\AppData\Local\CEF 2016-03-21 08:39 - 2016-03-21 08:39 - 00000000 ____D C:\Users\MCS\Documents\PDF Files 2016-03-21 08:15 - 2016-03-21 08:15 - 00000000 ____D C:\ProgramData\eXPert PDF 5 2016-03-20 23:14 - 2016-03-20 23:14 - 00001028 _____ C:\Users\Public\Desktop\eXPert PDF Creator.lnk 2016-03-20 23:14 - 2016-03-20 23:14 - 00001023 _____ C:\Users\Public\Desktop\eXPert PDF Editor.lnk 2016-03-20 23:14 - 2016-03-20 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF eXPerte 5 2016-03-20 23:14 - 2005-06-02 13:40 - 00014336 _____ C:\Windows\SysWOW64\vsmon1.dll 2016-03-20 23:13 - 2016-03-20 23:13 - 00000000 ____D C:\Windows\My Documents 2016-03-20 23:13 - 2016-03-20 23:13 - 00000000 ____D C:\ProgramData\eXPert PDF Jobs 2016-03-20 23:13 - 2016-03-20 23:13 - 00000000 ____D C:\ProgramData\eXPert PDF 2016-03-20 23:13 - 2016-03-20 23:13 - 00000000 ____D C:\Program Files (x86)\Visagesoft 2016-03-20 23:12 - 2016-03-20 23:12 - 00000000 ____D C:\Program Files (x86)\BVRP Software 2016-03-20 23:11 - 2016-03-20 23:11 - 00000000 ____D C:\ProgramData\BVRP Software 2016-03-20 23:09 - 2016-03-20 23:09 - 00002368 _____ C:\Users\Public\Desktop\Paragon Festplatten Manager 8.5 .lnk 2016-03-20 23:09 - 2016-03-20 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Festplatten Manager 8.5 2016-03-20 23:09 - 2008-09-26 19:06 - 00037392 _____ (Paragon Software Group) C:\Windows\system32\Drivers\hotcore3.sys 2016-03-20 23:07 - 2016-03-20 23:07 - 00000000 ____D C:\Program Files (x86)\Paragon Software 2016-03-20 22:57 - 2016-03-20 22:57 - 00000978 _____ C:\Users\Public\Desktop\WinSysClean 2009.lnk 2016-03-20 22:57 - 2016-03-20 22:57 - 00000000 __HDC C:\ProgramData\{8C2CFCEE-B9B7-4A60-B6C4-37DA5AA7BAD4} 2016-03-20 22:57 - 2016-03-20 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSysClean 2016-03-20 22:57 - 2016-03-20 22:57 - 00000000 ____D C:\Program Files (x86)\WinSysClean 2009 2016-03-20 20:56 - 2016-03-22 09:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-20 17:44 - 2016-03-20 17:44 - 00001063 _____ C:\Windows\explorer - Verknüpfung.lnk 2016-03-20 16:44 - 2016-03-20 16:44 - 00000000 ____D C:\Users\MCS\AppData\Local\CrashRpt 2016-03-20 16:39 - 2016-03-20 16:39 - 00000000 ____D C:\MyWinLockerData 2016-03-20 16:08 - 2016-03-20 16:08 - 00000000 ____D C:\Users\LM2\Desktop\McAfee 2016-03-20 16:02 - 2016-03-22 09:57 - 00000000 ____D C:\Users\LM2\Desktop\Desktop2 2016-03-20 14:53 - 2016-03-20 14:53 - 00000000 ____D C:\Users\LM2\AppData\Local\CEF 2016-03-20 14:50 - 2016-03-20 16:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-20 14:50 - 2016-03-20 16:44 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-03-20 14:43 - 2016-03-20 14:43 - 00000000 ____D C:\Users\LM2\AppData\Local\CrashRpt 2016-03-20 00:50 - 2016-03-28 11:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-03-20 00:06 - 2016-03-21 18:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-20 00:06 - 2016-03-20 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-20 00:05 - 2016-03-25 11:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-20 00:05 - 2016-03-20 00:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-20 00:05 - 2016-03-10 15:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-20 00:05 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-20 00:05 - 2016-03-10 15:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-20 00:05 - 2016-03-10 15:07 - 09926112 _____ (Malwarebytes) C:\Users\LM2\Desktop\mbam.exe 2016-03-20 00:01 - 2016-03-20 00:01 - 22851472 _____ (Malwarebytes ) C:\Users\LM2\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-19 23:53 - 2016-03-19 23:53 - 00985600 _____ C:\Users\LM2\Downloads\MicrosoftFixit50123.msi 2016-03-19 23:49 - 2016-03-19 23:49 - 00302011 _____ C:\Users\LM2\Downloads\WindowsUpdateDiagnostic.diagcab 2016-03-19 23:23 - 2016-03-19 23:23 - 00005618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-03-19 23:21 - 2016-03-20 00:48 - 00000000 ____D C:\inetpub 2016-03-19 22:30 - 2016-03-19 22:30 - 00000000 ____D C:\ProgramData\OO Software 2016-03-19 22:18 - 2016-03-20 22:51 - 00000000 ____D C:\Anwendungen 2016-03-19 22:11 - 2016-03-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-28 11:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-28 11:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-28 11:34 - 2009-07-14 07:13 - 00005844 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-28 11:34 - 2006-10-10 10:57 - 08534300 _____ C:\Windows\system32\perfh007.dat 2016-03-28 11:34 - 2006-10-10 10:57 - 02585608 _____ C:\Windows\system32\perfc007.dat 2016-03-28 11:30 - 2009-10-17 04:24 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-03-28 11:26 - 2010-05-14 03:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-28 11:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-28 11:25 - 2006-10-10 01:12 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-28 02:19 - 2010-05-14 03:31 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-28 02:09 - 2012-04-05 12:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-28 02:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-03-27 22:29 - 2010-04-22 16:16 - 00000000 ____D C:\ProgramData\TEMP 2016-03-27 19:57 - 2010-05-20 19:22 - 00000494 ____H C:\Windows\Tasks\Norton Security Scan for MCS.job 2016-03-27 19:00 - 2011-03-16 00:30 - 00000262 _____ C:\Windows\Tasks\RMSchedule.job 2016-03-27 17:54 - 2009-10-17 04:24 - 00000000 ____D C:\ProgramData\McAfee 2016-03-27 17:53 - 2010-09-16 16:08 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-03-27 15:14 - 2010-05-03 14:57 - 00000000 ____D C:\Users\nokia 2016-03-27 15:06 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2016-03-27 14:09 - 2012-04-05 12:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-27 14:09 - 2012-04-05 12:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-27 14:09 - 2011-10-21 19:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-27 13:58 - 2009-07-14 04:34 - 69730304 _____ C:\Windows\system32\config\software.bak 2016-03-27 13:58 - 2009-07-14 04:34 - 30146560 _____ C:\Windows\system32\config\system.bak 2016-03-27 13:58 - 2009-07-14 04:34 - 01048576 _____ C:\Windows\system32\config\default.bak 2016-03-27 13:58 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-03-27 13:58 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-03-27 13:56 - 2010-04-19 09:42 - 00000000 ____D C:\Users\MCS 2016-03-27 13:20 - 2013-12-17 18:35 - 443263998 _____ C:\Windows\MEMORY.DMP 2016-03-27 13:20 - 2010-11-12 21:29 - 00000000 ____D C:\Windows\MiniDump 2016-03-22 09:28 - 2010-04-19 14:05 - 00000000 ____D C:\Users\MCS\AppData\Local\Mozilla 2016-03-22 09:25 - 2012-05-03 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-21 15:39 - 2015-01-17 23:17 - 00000000 ____D C:\Users\LM2\dwhelper 2016-03-21 15:17 - 2010-12-22 16:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-03-21 12:32 - 2015-06-12 09:29 - 00000691 _____ C:\Windows\wininit.ini 2016-03-21 12:14 - 2010-10-21 17:49 - 00007621 _____ C:\Users\MCS\AppData\Local\Resmon.ResmonCfg 2016-03-21 10:55 - 2015-03-30 15:55 - 00000000 ____D C:\Users\MCS\Documents\Neuer Ordner (2) 2016-03-21 10:39 - 2010-06-25 22:12 - 00000000 ___RD C:\Users\MCS\Documents\Scanned Documents 2016-03-21 10:38 - 2010-08-23 16:03 - 00000000 ___RD C:\Users\MCS\Desktop\Desk 2016-03-21 10:08 - 2013-05-02 14:26 - 00000000 ____D C:\Users\LM2 2016-03-21 09:50 - 2010-11-29 02:28 - 00000000 ____D C:\TEMP 2016-03-21 09:48 - 2011-12-11 21:23 - 00000000 ____D C:\Users\Gast 2016-03-21 09:39 - 2014-12-29 05:53 - 00000000 ____D C:\Users\LM2\Downloads\Neuer Ordner (7) 2016-03-21 09:38 - 2014-12-29 05:53 - 00000000 ____D C:\Users\LM2\Downloads\Neuer Ordner (5) 2016-03-21 09:09 - 2014-11-05 18:07 - 00000000 ____D C:\Users\MCS\AppData\Local\Adobe 2016-03-20 23:12 - 2009-10-17 03:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-20 23:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-03-20 22:55 - 2010-11-12 21:07 - 00000000 ____D C:\Program Files (x86)\WinSysClean X 2016-03-20 16:45 - 2015-06-12 09:41 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-03-20 16:45 - 2013-11-16 16:23 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-20 16:45 - 2012-10-09 03:01 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk 2016-03-20 16:45 - 2010-11-19 16:47 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2016-03-20 16:45 - 2010-09-26 16:47 - 00000849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-03-20 16:45 - 2009-10-17 03:46 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-03-20 16:45 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-20 16:45 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-03-20 16:45 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-03-20 16:45 - 2006-10-10 01:26 - 00002569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk 2016-03-20 16:45 - 2006-10-10 01:26 - 00001193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk 2016-03-20 16:44 - 2014-10-12 19:48 - 00001203 _____ C:\Users\MCS\Desktop\Any Video Converter.lnk 2016-03-20 16:44 - 2013-11-16 16:23 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-20 16:44 - 2013-11-02 21:41 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2016-03-20 16:44 - 2010-11-12 02:15 - 00001243 _____ C:\Users\MCS\Desktop\DVDVideoSoft Free Studio.lnk 2016-03-20 16:44 - 2010-04-19 13:47 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk 2016-03-20 16:44 - 2010-04-19 09:44 - 00001443 _____ C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-20 16:44 - 2010-04-19 09:44 - 00001409 _____ C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-03-20 16:44 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-03-20 16:44 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-03-20 16:07 - 2015-03-19 17:45 - 00000000 ____D C:\Users\MCS\Documents\onlineTV 8 2016-03-20 16:07 - 2015-03-19 17:32 - 00000000 ____D C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design 2016-03-20 16:07 - 2015-03-19 17:32 - 00000000 ____D C:\Users\MCS\AppData\Roaming\concept design 2016-03-20 16:07 - 2015-03-19 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design 2016-03-20 16:07 - 2015-03-19 17:32 - 00000000 ____D C:\Program Files (x86)\concept design 2016-03-20 15:23 - 2010-04-24 05:15 - 00000000 ____D C:\Program Files (x86)\Winamp 2016-03-20 14:53 - 2013-06-10 21:02 - 00000000 ____D C:\Users\LM2\AppData\Local\Adobe 2016-03-20 14:52 - 2015-07-15 13:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-03-20 14:50 - 2009-10-17 04:36 - 00000000 ____D C:\ProgramData\Adobe 2016-03-20 14:50 - 2009-10-17 04:35 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-03-20 00:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding 2016-03-20 00:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2016-03-20 00:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2016-03-20 00:42 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-20 00:40 - 2013-06-28 17:35 - 00000000 ____D C:\Program Files (x86)\Delta 2016-03-20 00:40 - 2010-04-20 00:22 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2016-03-19 23:11 - 2013-11-02 21:39 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2016-03-19 23:10 - 2013-11-02 21:40 - 00000000 ____D C:\ProgramData\Hotspot Shield 2016-03-19 22:14 - 2010-05-14 03:31 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-03-19 22:14 - 2010-05-14 03:31 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-03-19 22:11 - 2015-10-05 14:52 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-03-19 22:11 - 2014-03-18 15:40 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-03-19 22:07 - 2010-04-19 09:42 - 00000342 _____ C:\Windows\Tasks\McDefragTask.job ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-11-09 13:54 - 2013-11-09 13:54 - 0001847 _____ () C:\Users\MCS\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2010-04-23 16:38 - 2010-05-03 14:45 - 0000362 _____ () C:\Users\MCS\AppData\Roaming\wklnhst.dat 2010-11-30 02:53 - 2012-12-04 16:52 - 0083968 _____ () C:\Users\MCS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-10-21 17:49 - 2016-03-21 12:14 - 0007621 _____ () C:\Users\MCS\AppData\Local\Resmon.ResmonCfg 2009-10-17 04:04 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2010-10-23 19:26 ==================== Ende von FRST.txt ============================ |
|
28.03.2016, 15:50
| #8 | |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Hy. Das gute ist, die spuren einer früheren Infektion sind schon mal weg. Jetzt gehen wir dem eigentlichen Problem auf den Grund. Kennst du diese Datei ? C:\Users\Public\Documents\Zeitpunkt\setup.EXE Wenn nicht, bitte folgendes Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall Registry Mechanic . Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\.exe: => <===== ACHTUNG
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcqmbzxjuiqjduvsftifh [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [256]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [118]
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838 [133]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [294]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [246]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [206]
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
Task: {A7790605-8EBD-47FE-9ACA-CAEA9BBC8113} - \Scheduled Update for Ask Toolbar -> Keine Datei <==== ACHTUNG
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-824321664-1275631822-800070043-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/?guid={B9D4FB9C-78E2-4FB7-9FDC-67E665BE2937}&serpv=17
URLSearchHook: HKLM-x32 - (Kein Name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
FF user.js: detected! => C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js [2016-03-27]
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.03.2016, 22:08
| #9 |
| | Firefox und IE starten selbständig/automatisch Endlich durch! virustotal-URL Code:
ATTFilter https://www.virustotal.com/de/file/69e25a6f9da674fba3c0535e8e9846f5c5dcc74296d9115548ed4050695cd6c6/analysis/1459179653/
sc-cleaner Log Code:
ATTFilter Shortcut Cleaner 1.3.9 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 03/28/2016 05:45:15 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\MCS\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\MCS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\MCS\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 03/28/2016 05:45:19 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von MCS (2016-03-28 17:34:56) Run:1
Gestartet von C:\Users\LM2\Desktop
Geladene Profile: MCS & LM2 (Verfügbare Profile: MCS & LM2 & Gast)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKLM\...\.exe: => <===== ACHTUNG
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcqmbzxjuiqjduvsftifh [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [256]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [118]
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838 [133]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [294]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [246]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [206]
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
Task: {A7790605-8EBD-47FE-9ACA-CAEA9BBC8113} - \Scheduled Update for Ask Toolbar -> Keine Datei <==== ACHTUNG
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-824321664-1275631822-800070043-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.com/?guid={B9D4FB9C-78E2-4FB7-9FDC-67E665BE2937}&serpv=17
URLSearchHook: HKLM-x32 - (Kein Name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
FF user.js: detected! => C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js [2016-03-27]
EmptyTemp:
*****************
HKLM\Software\Classes\.exe\\Default => Wert erfolgreich wiederhergestellt
"C:\Windows" => ":nlsPreferences" ADS nicht gefunden.
C:\ProgramData\Reprise => ":yhuwxvwhfkxkcqmbzxjuiqjduvsftifh" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":0B9176C0" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":4CF61E54" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":5D7E5A8F" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":93DE1838" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":AB689DEA" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":ABE89FFE" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS erfolgreich entfernt.
C:\Windows\Tasks\RMSchedule.job => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7790605-8EBD-47FE-9ACA-CAEA9BBC8113}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7790605-8EBD-47FE-9ACA-CAEA9BBC8113}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Schlüssel nicht gefunden.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-824321664-1275631822-800070043-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-824321664-1275631822-800070043-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Schlüssel nicht gefunden.
C:\Users\MCS\AppData\Roaming\Mozilla\Firefox\Profiles\j44goa5s.default\user.js => erfolgreich verschoben
EmptyTemp: => 350.5 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:36:04 ====
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by MCS (Administrator) on 28.03.2016 at 17:55:43,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 16
Successfully deleted: C:\Users\MCS\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\MCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh (Folder)
Successfully deleted: C:\Users\MCS\AppData\Roaming\registry mechanic (Folder)
Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\delta (Folder)
Successfully deleted: C:\Program Files (x86)\registry mechanic (Folder)
Successfully deleted: C:\Users\MCS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACRW6M8A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MCS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXPIYISR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MCS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ7FGOJG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MCS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZSYP4DB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\FREEMAKEERRORREPORTER.EXE-FB3BD252.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACRW6M8A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXPIYISR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ7FGOJG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZSYP4DB (Temporary Internet Files Folder)
Registry: 4
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0305431459175979mcinstcleanup (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2016 at 18:01:03,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ESET log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e79150117829b14bbc518e50f0a8d639
# end=init
# utc_time=2016-03-28 04:03:01
# local_time=2016-03-28 06:03:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28787
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e79150117829b14bbc518e50f0a8d639
# end=updated
# utc_time=2016-03-28 04:16:07
# local_time=2016-03-28 06:16:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e79150117829b14bbc518e50f0a8d639
# engine=28787
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-28 08:50:35
# local_time=2016-03-28 10:50:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5132 16777214 100 97 41090 187183599 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 91667473 210828085 0 0
# scanned=395215
# found=7
# cleaned=7
# scan_time=16467
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=0FEC8D08A5F976C1A12BD368628DEB99942BB901 ft=1 fh=bb5c240993263018 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\MCS\AppData\Local\Temp\OCS\ocs_v6r.exe.vir"
sh=2073BD2308164E9A5150EB3B4B0850FCF2CBFDE3 ft=1 fh=27e76fa1368fbb65 vn="Variante von Win32/InstallCore.ADV.gen evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\home2\home\FileZilla_3.exe"
sh=EA1DCCFE31F16E86624A32D49EEF84E83F12ADBE ft=1 fh=245478fe4fa5a7b4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MCS\Downloads\anonymox-10-fx-Downloader.exe"
sh=600771D2910928E3CEFE3B24E8F97C8DB4CF326C ft=1 fh=8a8ff7b6c3c6013d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\MCS\Downloads\FreeYouTubeToMp3Converter33.exe"
sh=A0574F62169752DBB35E1C459C9410C14B659E86 ft=1 fh=ff5d31bdd4b56416 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MCS\Downloads\stealthy-24-fx-Downloader.exe"
sh=D0439EC17F40F2554D7621D2CC8EB76C9BBDF588 ft=1 fh=a1d70e4e6837fd7a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MCS\Downloads\uebersicht-Downloader.exe"
|
|
29.03.2016, 09:33
| #10 |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Starten sich die Browser immer noch ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.03.2016, 11:30
| #11 |
| | Firefox und IE starten selbständig/automatisch Leider ja. Gestern abend nach dem ESET-Scan lief alles ohne Komplikationen, heute morgen fing es jedoch wieder damit an. Dieses Mal bei beiden lookmagazine.us Bezüglich Deiner gestrigen Frage, was diese setup.exe von "Zeitpunkt" betrifft: Das ist irgendsoeine Beratungssoftware, die mir mal mein Vater vor einigen Jahren installiert hat. Meines Wissens wurde sie aber nur zwei oder drei mal benutzt damals. Was lässt sich denn aus der Vielzahl meiner Logs schliessen? Habe ich evtl. einen Fehler gemacht oder mich nicht korrekt an die Anleitungen gehalten? Oder liegt es am Surfverhalten meiner Mitbewohner? Diesen Rechner hier benützen 3 Personen. Und nochmals vielen Dank für Deine Mühen. MfG, Marco |
|
29.03.2016, 13:13
| #12 |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Hy. Dann muss ich mal etwas graben. Was ich vorher wissen muss, ob das in allen Userprofilen vorkommt.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.03.2016, 17:25
| #13 |
| | Firefox und IE starten selbständig/automatisch Also, bei MCS/Admin nur FF. Bei LM2 erst FF, was aber "abgewürgt" wird, da es 2 verschiedene (selbst angelegte) Profile gibt und FF erst einmal die Auswahl eines Profils verlangt, woraufhin sich dann einige Sekunden später der IE öffnet. Beim Gastkonto öffnet sich nur der IE. (MCS und LM2 haben FF als Standartbrowser...) |
|
30.03.2016, 08:23
| #14 |
| /// Selecta Jahrusso | Firefox und IE starten selbständig/automatisch Also grundsätzlich bei allen. Gut, dann müssen wir suchen. Führe bitte einmal einen Clean Boot, wie hier beschrieben aus: Clean Boot - Probleme beim Systemstart diagnostizieren Tritt das Problem auch hier auf ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Firefox und IE starten selbständig/automatisch |
| browser, converter, dnsapi.dll, excel, expert pdf, festplatte, firefox, flash player, google, helper, home, hotspot, installation, microsoft fix it, mozilla, mp3, phishing, proxy, registry, scan, security, siteadvisor, software, starten, svchost.exe, symantec, system, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
